################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2020-10-21 22:46:22 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [181.58.181.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.58.181.9/; sid:918609945; rev:1;) alert tcp $HOME_NET any -> [173.68.199.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.199.157/; sid:918609930; rev:1;) alert tcp $HOME_NET any -> [37.183.81.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.183.81.217/; sid:900625573; rev:1;) alert tcp $HOME_NET any -> [191.97.154.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.97.154.2/; sid:918609920; rev:1;) alert tcp $HOME_NET any -> [181.56.32.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.32.36/; sid:900625569; rev:1;) alert tcp $HOME_NET any -> [50.245.107.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.245.107.73/; sid:900625564; rev:1;) alert tcp $HOME_NET any -> [94.230.70.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.230.70.6/; sid:900625566; rev:1;) alert tcp $HOME_NET any -> [41.185.28.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.185.28.84/; sid:918608888; rev:1;) alert tcp $HOME_NET any -> [202.141.243.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.141.243.254/; sid:918608879; rev:1;) alert tcp $HOME_NET any -> [62.171.142.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.171.142.179/; sid:918608856; rev:1;) alert tcp $HOME_NET any -> [217.20.166.178] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.20.166.178/; sid:918608846; rev:1;) alert tcp $HOME_NET any -> [190.29.166.0] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.29.166.0/; sid:918608830; rev:1;) alert tcp $HOME_NET any -> [95.9.5.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.5.93/; sid:900625567; rev:1;) alert tcp $HOME_NET any -> [2.58.16.89] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.89/; sid:918608826; rev:1;) alert tcp $HOME_NET any -> [172.86.188.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.188.251/; sid:918608822; rev:1;) alert tcp $HOME_NET any -> [75.188.96.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.188.96.231/; sid:918608813; rev:1;) alert tcp $HOME_NET any -> [102.182.93.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.93.220/; sid:900625560; rev:1;) alert tcp $HOME_NET any -> [85.105.111.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.111.166/; sid:900625565; rev:1;) alert tcp $HOME_NET any -> [5.196.108.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.108.185/; sid:918608803; rev:1;) alert tcp $HOME_NET any -> [190.101.156.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.101.156.139/; sid:900625571; rev:1;) alert tcp $HOME_NET any -> [85.246.78.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.246.78.192/; sid:918465967; rev:1;) alert tcp $HOME_NET any -> [197.245.25.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.25.228/; sid:900625575; rev:1;) alert tcp $HOME_NET any -> [96.126.101.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.126.101.6/; sid:900625568; rev:1;) alert tcp $HOME_NET any -> [24.178.90.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.90.49/; sid:900625562; rev:1;) alert tcp $HOME_NET any -> [76.121.199.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.121.199.225/; sid:900625574; rev:1;) alert tcp $HOME_NET any -> [181.59.59.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.59.59.54/; sid:900625558; rev:1;) alert tcp $HOME_NET any -> [194.166.147.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.166.147.143/; sid:900625559; rev:1;) alert tcp $HOME_NET any -> [115.94.207.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.94.207.99/; sid:900625561; rev:1;) alert tcp $HOME_NET any -> [103.109.78.174] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.109.78.174/; sid:900625554; rev:1;) alert tcp $HOME_NET any -> [199.38.123.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.123.58/; sid:900625552; rev:1;) alert tcp $HOME_NET any -> [199.38.121.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.121.150/; sid:900625553; rev:1;) alert tcp $HOME_NET any -> [199.38.120.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.120.91/; sid:900625549; rev:1;) alert tcp $HOME_NET any -> [208.86.162.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.86.162.241/; sid:900625548; rev:1;) alert tcp $HOME_NET any -> [199.38.120.89] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.120.89/; sid:900625550; rev:1;) alert tcp $HOME_NET any -> [208.86.161.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.86.161.113/; sid:900625551; rev:1;) alert tcp $HOME_NET any -> [103.127.165.250] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.127.165.250/; sid:900625547; rev:1;) alert tcp $HOME_NET any -> [208.86.162.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.86.162.215/; sid:900625546; rev:1;) alert tcp $HOME_NET any -> [103.206.128.121] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.206.128.121/; sid:900625545; rev:1;) alert tcp $HOME_NET any -> [2.85.9.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.85.9.41/; sid:900625577; rev:1;) alert tcp $HOME_NET any -> [200.243.153.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.243.153.66/; sid:900625544; rev:1;) alert tcp $HOME_NET any -> [60.108.128.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.108.128.186/; sid:900625576; rev:1;) alert tcp $HOME_NET any -> [5.2.246.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.246.108/; sid:900625555; rev:1;) alert tcp $HOME_NET any -> [91.213.106.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.213.106.100/; sid:917508463; rev:1;) alert tcp $HOME_NET any -> [43.255.175.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.255.175.197/; sid:917508460; rev:1;) alert tcp $HOME_NET any -> [180.23.53.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.23.53.200/; sid:900625534; rev:1;) alert tcp $HOME_NET any -> [190.151.5.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.5.131/; sid:917508439; rev:1;) alert tcp $HOME_NET any -> [85.75.49.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.75.49.113/; sid:917508430; rev:1;) alert tcp $HOME_NET any -> [73.100.19.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.100.19.104/; sid:917508426; rev:1;) alert tcp $HOME_NET any -> [86.123.55.0] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.55.0/; sid:917508419; rev:1;) alert tcp $HOME_NET any -> [212.198.71.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.198.71.39/; sid:917508414; rev:1;) alert tcp $HOME_NET any -> [110.37.224.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.224.243/; sid:917508413; rev:1;) alert tcp $HOME_NET any -> [172.193.79.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.193.79.237/; sid:900625526; rev:1;) alert tcp $HOME_NET any -> [95.76.142.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.76.142.243/; sid:917508407; rev:1;) alert tcp $HOME_NET any -> [123.216.134.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.216.134.52/; sid:917508395; rev:1;) alert tcp $HOME_NET any -> [27.83.209.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.83.209.210/; sid:917508392; rev:1;) alert tcp $HOME_NET any -> [125.200.20.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.200.20.233/; sid:917508384; rev:1;) alert tcp $HOME_NET any -> [188.226.165.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.226.165.170/; sid:900625529; rev:1;) alert tcp $HOME_NET any -> [177.130.51.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.130.51.198/; sid:900625527; rev:1;) alert tcp $HOME_NET any -> [24.230.141.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.230.141.169/; sid:900625563; rev:1;) alert tcp $HOME_NET any -> [186.189.249.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.189.249.2/; sid:900625570; rev:1;) alert tcp $HOME_NET any -> [91.121.87.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.87.90/; sid:900625542; rev:1;) alert tcp $HOME_NET any -> [104.131.144.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.144.215/; sid:900625525; rev:1;) alert tcp $HOME_NET any -> [201.71.228.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.71.228.86/; sid:900625523; rev:1;) alert tcp $HOME_NET any -> [181.61.182.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.182.143/; sid:900625522; rev:1;) alert tcp $HOME_NET any -> [181.123.6.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.123.6.86/; sid:900625521; rev:1;) alert tcp $HOME_NET any -> [173.212.197.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.197.71/; sid:900625520; rev:1;) alert tcp $HOME_NET any -> [59.148.253.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.253.194/; sid:900625524; rev:1;) alert tcp $HOME_NET any -> [123.142.37.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.142.37.166/; sid:900625514; rev:1;) alert tcp $HOME_NET any -> [89.121.205.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.121.205.18/; sid:900625519; rev:1;) alert tcp $HOME_NET any -> [66.76.12.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.76.12.94/; sid:900625518; rev:1;) alert tcp $HOME_NET any -> [181.126.74.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.74.180/; sid:900625515; rev:1;) alert tcp $HOME_NET any -> [49.3.224.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.3.224.99/; sid:900625517; rev:1;) alert tcp $HOME_NET any -> [212.71.250.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.71.250.88/; sid:900625516; rev:1;) alert tcp $HOME_NET any -> [173.63.117.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.117.194/; sid:917290923; rev:1;) alert tcp $HOME_NET any -> [82.78.179.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.179.117/; sid:900625532; rev:1;) alert tcp $HOME_NET any -> [41.76.213.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.213.144/; sid:900625543; rev:1;) alert tcp $HOME_NET any -> [200.59.6.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.59.6.174/; sid:900625572; rev:1;) alert tcp $HOME_NET any -> [61.33.119.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.33.119.226/; sid:900625507; rev:1;) alert tcp $HOME_NET any -> [76.171.227.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.171.227.238/; sid:900625508; rev:1;) alert tcp $HOME_NET any -> [103.236.179.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.236.179.162/; sid:900625498; rev:1;) alert tcp $HOME_NET any -> [37.179.145.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.179.145.105/; sid:900625511; rev:1;) alert tcp $HOME_NET any -> [186.222.250.115] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.222.250.115/; sid:900625502; rev:1;) alert tcp $HOME_NET any -> [77.78.196.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.78.196.173/; sid:915245022; rev:1;) alert tcp $HOME_NET any -> [79.118.74.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.118.74.90/; sid:900625509; rev:1;) alert tcp $HOME_NET any -> [175.143.12.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.143.12.123/; sid:900625501; rev:1;) alert tcp $HOME_NET any -> [189.223.16.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.16.99/; sid:900625503; rev:1;) alert tcp $HOME_NET any -> [109.190.249.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.190.249.106/; sid:915244994; rev:1;) alert tcp $HOME_NET any -> [172.86.186.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.86.186.21/; sid:900625499; rev:1;) alert tcp $HOME_NET any -> [180.21.3.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.21.3.52/; sid:900625535; rev:1;) alert tcp $HOME_NET any -> [2.45.176.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.45.176.233/; sid:900625504; rev:1;) alert tcp $HOME_NET any -> [194.5.249.241] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.241/; sid:900625495; rev:1;) alert tcp $HOME_NET any -> [185.117.73.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.50/; sid:900625494; rev:1;) alert tcp $HOME_NET any -> [85.204.116.204] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.204/; sid:900625493; rev:1;) alert tcp $HOME_NET any -> [104.161.32.112] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.112/; sid:900625492; rev:1;) alert tcp $HOME_NET any -> [74.214.230.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.214.230.200/; sid:900625490; rev:1;) alert tcp $HOME_NET any -> [209.54.13.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.54.13.14/; sid:900625488; rev:1;) alert tcp $HOME_NET any -> [183.176.82.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.176.82.231/; sid:900625487; rev:1;) alert tcp $HOME_NET any -> [109.190.35.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.190.35.249/; sid:914197855; rev:1;) alert tcp $HOME_NET any -> [81.215.230.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.230.173/; sid:900625491; rev:1;) alert tcp $HOME_NET any -> [184.180.181.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.180.181.202/; sid:900625486; rev:1;) alert tcp $HOME_NET any -> [213.52.74.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.52.74.198/; sid:900625489; rev:1;) alert tcp $HOME_NET any -> [104.161.32.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.111/; sid:900625482; rev:1;) alert tcp $HOME_NET any -> [86.104.194.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.30/; sid:900625481; rev:1;) alert tcp $HOME_NET any -> [45.89.127.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.92/; sid:900625480; rev:1;) alert tcp $HOME_NET any -> [121.117.147.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.117.147.153/; sid:900625533; rev:1;) alert tcp $HOME_NET any -> [45.89.127.140] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.140/; sid:900625468; rev:1;) alert tcp $HOME_NET any -> [5.2.72.199] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.72.199/; sid:900625469; rev:1;) alert tcp $HOME_NET any -> [45.89.127.182] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.182/; sid:900625467; rev:1;) alert tcp $HOME_NET any -> [190.117.101.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.101.56/; sid:900625463; rev:1;) alert tcp $HOME_NET any -> [203.56.191.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.56.191.129/; sid:913403811; rev:1;) alert tcp $HOME_NET any -> [47.154.85.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.154.85.229/; sid:900625465; rev:1;) alert tcp $HOME_NET any -> [162.144.145.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.145.58/; sid:913403799; rev:1;) alert tcp $HOME_NET any -> [85.25.106.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.106.204/; sid:913398912; rev:1;) alert tcp $HOME_NET any -> [75.143.247.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.143.247.51/; sid:900625459; rev:1;) alert tcp $HOME_NET any -> [194.4.58.192] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.4.58.192/; sid:913398884; rev:1;) alert tcp $HOME_NET any -> [96.245.227.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.245.227.43/; sid:900625461; rev:1;) alert tcp $HOME_NET any -> [218.147.193.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.147.193.146/; sid:900625452; rev:1;) alert tcp $HOME_NET any -> [49.50.209.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.50.209.131/; sid:900625456; rev:1;) alert tcp $HOME_NET any -> [5.89.33.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.89.33.136/; sid:900625466; rev:1;) alert tcp $HOME_NET any -> [190.190.219.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.219.184/; sid:900625449; rev:1;) alert tcp $HOME_NET any -> [74.135.120.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.135.120.91/; sid:900625458; rev:1;) alert tcp $HOME_NET any -> [131.153.22.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.153.22.145/; sid:900625444; rev:1;) alert tcp $HOME_NET any -> [86.104.194.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.102/; sid:900625443; rev:1;) alert tcp $HOME_NET any -> [190.108.228.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.27/; sid:900625448; rev:1;) alert tcp $HOME_NET any -> [213.165.178.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.165.178.214/; sid:900625556; rev:1;) alert tcp $HOME_NET any -> [192.175.111.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.175.111.214/; sid:900625450; rev:1;) alert tcp $HOME_NET any -> [188.166.220.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.220.180/; sid:900625462; rev:1;) alert tcp $HOME_NET any -> [24.232.228.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.228.233/; sid:900625453; rev:1;) alert tcp $HOME_NET any -> [95.85.33.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.33.23/; sid:900625460; rev:1;) alert tcp $HOME_NET any -> [200.127.14.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.14.97/; sid:900625451; rev:1;) alert tcp $HOME_NET any -> [46.105.114.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.114.137/; sid:900625454; rev:1;) alert tcp $HOME_NET any -> [69.206.132.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.206.132.149/; sid:900625457; rev:1;) alert tcp $HOME_NET any -> [177.23.7.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.23.7.151/; sid:900625446; rev:1;) alert tcp $HOME_NET any -> [42.200.96.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.96.63/; sid:900625464; rev:1;) alert tcp $HOME_NET any -> [47.36.140.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.36.140.164/; sid:900625455; rev:1;) alert tcp $HOME_NET any -> [169.50.76.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.50.76.149/; sid:900625445; rev:1;) alert tcp $HOME_NET any -> [188.157.101.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.157.101.114/; sid:900625447; rev:1;) alert tcp $HOME_NET any -> [27.7.14.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.7.14.122/; sid:912699594; rev:1;) alert tcp $HOME_NET any -> [169.1.211.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.211.133/; sid:912696720; rev:1;) alert tcp $HOME_NET any -> [181.80.129.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.80.129.181/; sid:912696674; rev:1;) alert tcp $HOME_NET any -> [105.185.152.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.185.152.15/; sid:912695929; rev:1;) alert tcp $HOME_NET any -> [115.135.158.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.135.158.13/; sid:912695914; rev:1;) alert tcp $HOME_NET any -> [2.58.16.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.86/; sid:912695911; rev:1;) alert tcp $HOME_NET any -> [198.20.228.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.20.228.9/; sid:912695900; rev:1;) alert tcp $HOME_NET any -> [202.29.237.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.237.113/; sid:912695893; rev:1;) alert tcp $HOME_NET any -> [188.40.170.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.170.197/; sid:900625528; rev:1;) alert tcp $HOME_NET any -> [51.38.50.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.50.144/; sid:900625531; rev:1;) alert tcp $HOME_NET any -> [221.147.142.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.147.142.214/; sid:900625530; rev:1;) alert tcp $HOME_NET any -> [167.114.153.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.153.111/; sid:900625500; rev:1;) alert tcp $HOME_NET any -> [208.180.207.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.207.205/; sid:900625506; rev:1;) alert tcp $HOME_NET any -> [94.212.52.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.212.52.40/; sid:900625438; rev:1;) alert tcp $HOME_NET any -> [190.164.135.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.164.135.81/; sid:900625437; rev:1;) alert tcp $HOME_NET any -> [195.181.215.65] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.181.215.65/; sid:912430665; rev:1;) alert tcp $HOME_NET any -> [46.30.42.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.42.239/; sid:900625433; rev:1;) alert tcp $HOME_NET any -> [195.123.237.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.37/; sid:900625431; rev:1;) alert tcp $HOME_NET any -> [45.141.103.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.103.31/; sid:900625426; rev:1;) alert tcp $HOME_NET any -> [93.189.43.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.43.168/; sid:900625429; rev:1;) alert tcp $HOME_NET any -> [107.174.254.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.254.216/; sid:900625432; rev:1;) alert tcp $HOME_NET any -> [194.5.250.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.113/; sid:900625427; rev:1;) alert tcp $HOME_NET any -> [212.80.217.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.69/; sid:900625425; rev:1;) alert tcp $HOME_NET any -> [5.101.51.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.51.112/; sid:900625428; rev:1;) alert tcp $HOME_NET any -> [148.251.27.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.27.76/; sid:900625430; rev:1;) alert tcp $HOME_NET any -> [198.8.91.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.44/; sid:900625422; rev:1;) alert tcp $HOME_NET any -> [185.125.46.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.125.46.53/; sid:900625423; rev:1;) alert tcp $HOME_NET any -> [37.228.117.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.217/; sid:900625424; rev:1;) alert tcp $HOME_NET any -> [185.117.73.190] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.190/; sid:900625421; rev:1;) alert tcp $HOME_NET any -> [195.123.240.130] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.130/; sid:900625420; rev:1;) alert tcp $HOME_NET any -> [45.89.127.128] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.128/; sid:900625419; rev:1;) alert tcp $HOME_NET any -> [80.85.156.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.85.156.116/; sid:900625418; rev:1;) alert tcp $HOME_NET any -> [51.89.177.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.177.8/; sid:900625417; rev:1;) alert tcp $HOME_NET any -> [45.89.127.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.118/; sid:900625415; rev:1;) alert tcp $HOME_NET any -> [37.220.6.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.115/; sid:900625416; rev:1;) alert tcp $HOME_NET any -> [194.5.249.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.216/; sid:900625414; rev:1;) alert tcp $HOME_NET any -> [45.89.127.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.119/; sid:900625413; rev:1;) alert tcp $HOME_NET any -> [62.108.35.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.36/; sid:900625412; rev:1;) alert tcp $HOME_NET any -> [51.77.112.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.112.255/; sid:900625410; rev:1;) alert tcp $HOME_NET any -> [194.5.249.224] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.224/; sid:900625411; rev:1;) alert tcp $HOME_NET any -> [62.108.35.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.29/; sid:900625409; rev:1;) alert tcp $HOME_NET any -> [35.164.230.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.164.230.208/; sid:900625408; rev:1;) alert tcp $HOME_NET any -> [178.211.45.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.211.45.66/; sid:910901409; rev:1;) alert tcp $HOME_NET any -> [138.97.60.140] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.97.60.140/; sid:910901405; rev:1;) alert tcp $HOME_NET any -> [101.187.81.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.81.254/; sid:910901404; rev:1;) alert tcp $HOME_NET any -> [191.191.23.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.191.23.135/; sid:900625403; rev:1;) alert tcp $HOME_NET any -> [46.101.58.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.58.37/; sid:900625405; rev:1;) alert tcp $HOME_NET any -> [192.232.229.54] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.232.229.54/; sid:900625404; rev:1;) alert tcp $HOME_NET any -> [120.150.218.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.218.241/; sid:900625401; rev:1;) alert tcp $HOME_NET any -> [186.74.215.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.74.215.34/; sid:900625407; rev:1;) alert tcp $HOME_NET any -> [162.241.140.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.140.129/; sid:900625402; rev:1;) alert tcp $HOME_NET any -> [185.14.30.247] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.247/; sid:900625400; rev:1;) alert tcp $HOME_NET any -> [72.143.73.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.143.73.234/; sid:900625406; rev:1;) alert tcp $HOME_NET any -> [194.5.249.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.126/; sid:900625399; rev:1;) alert tcp $HOME_NET any -> [174.118.202.24] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.118.202.24/; sid:900625441; rev:1;) alert tcp $HOME_NET any -> [185.99.2.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.176/; sid:900625398; rev:1;) alert tcp $HOME_NET any -> [82.146.54.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.54.254/; sid:900625396; rev:1;) alert tcp $HOME_NET any -> [194.5.249.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.136/; sid:900625395; rev:1;) alert tcp $HOME_NET any -> [109.13.179.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.13.179.195/; sid:900625434; rev:1;) alert tcp $HOME_NET any -> [92.242.40.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.40.12/; sid:900625394; rev:1;) alert tcp $HOME_NET any -> [85.99.2.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.2.140/; sid:900625393; rev:1;) alert tcp $HOME_NET any -> [192.175.111.217] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.175.111.217/; sid:900625435; rev:1;) alert tcp $HOME_NET any -> [104.161.32.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.10/; sid:900625387; rev:1;) alert tcp $HOME_NET any -> [212.80.219.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.219.98/; sid:900625385; rev:1;) alert tcp $HOME_NET any -> [85.143.219.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.36/; sid:900625384; rev:1;) alert tcp $HOME_NET any -> [94.250.254.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.84/; sid:900625382; rev:1;) alert tcp $HOME_NET any -> [45.8.230.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.230.108/; sid:900625386; rev:1;) alert tcp $HOME_NET any -> [91.200.101.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.101.192/; sid:900625383; rev:1;) alert tcp $HOME_NET any -> [91.210.171.82] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.210.171.82/; sid:900625380; rev:1;) alert tcp $HOME_NET any -> [194.5.249.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.31/; sid:900625376; rev:1;) alert tcp $HOME_NET any -> [195.2.93.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.2.93.227/; sid:900625375; rev:1;) alert tcp $HOME_NET any -> [62.108.35.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.179/; sid:900625381; rev:1;) alert tcp $HOME_NET any -> [94.250.255.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.255.217/; sid:900625378; rev:1;) alert tcp $HOME_NET any -> [194.156.98.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.156.98.172/; sid:900625377; rev:1;) alert tcp $HOME_NET any -> [195.123.241.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.182/; sid:900625374; rev:1;) alert tcp $HOME_NET any -> [51.89.177.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.177.18/; sid:900625379; rev:1;) alert tcp $HOME_NET any -> [88.150.197.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.197.186/; sid:900625371; rev:1;) alert tcp $HOME_NET any -> [62.108.35.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.204/; sid:900625372; rev:1;) alert tcp $HOME_NET any -> [195.123.241.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.157/; sid:900625373; rev:1;) alert tcp $HOME_NET any -> [194.5.249.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.107/; sid:900625368; rev:1;) alert tcp $HOME_NET any -> [45.155.173.196] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.196/; sid:900625370; rev:1;) alert tcp $HOME_NET any -> [195.123.239.59] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.59/; sid:900625369; rev:1;) alert tcp $HOME_NET any -> [185.234.72.147] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.147/; sid:900625390; rev:1;) alert tcp $HOME_NET any -> [45.141.103.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.103.194/; sid:900625388; rev:1;) alert tcp $HOME_NET any -> [185.105.1.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.105.1.149/; sid:900625389; rev:1;) alert tcp $HOME_NET any -> [185.99.2.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.180/; sid:900625391; rev:1;) alert tcp $HOME_NET any -> [93.189.40.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.40.214/; sid:900625392; rev:1;) alert tcp $HOME_NET any -> [71.15.245.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.15.245.148/; sid:900625367; rev:1;) alert tcp $HOME_NET any -> [104.131.123.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.123.136/; sid:900625364; rev:1;) alert tcp $HOME_NET any -> [24.231.51.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.231.51.190/; sid:900625436; rev:1;) alert tcp $HOME_NET any -> [113.203.238.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.203.238.130/; sid:900625440; rev:1;) alert tcp $HOME_NET any -> [116.91.240.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.91.240.96/; sid:900625439; rev:1;) alert tcp $HOME_NET any -> [104.193.103.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.103.61/; sid:900625365; rev:1;) alert tcp $HOME_NET any -> [202.22.141.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.22.141.45/; sid:900625366; rev:1;) alert tcp $HOME_NET any -> [45.89.127.27] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.127.27/; sid:900625363; rev:1;) alert tcp $HOME_NET any -> [80.241.255.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.241.255.202/; sid:900625357; rev:1;) alert tcp $HOME_NET any -> [130.0.132.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.0.132.242/; sid:900625362; rev:1;) alert tcp $HOME_NET any -> [91.146.156.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.146.156.228/; sid:900625361; rev:1;) alert tcp $HOME_NET any -> [78.188.106.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.106.53/; sid:900625356; rev:1;) alert tcp $HOME_NET any -> [187.49.206.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.49.206.134/; sid:900625352; rev:1;) alert tcp $HOME_NET any -> [105.186.233.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.233.33/; sid:900625351; rev:1;) alert tcp $HOME_NET any -> [76.175.162.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.175.162.101/; sid:900625355; rev:1;) alert tcp $HOME_NET any -> [5.196.108.189] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.108.189/; sid:900625354; rev:1;) alert tcp $HOME_NET any -> [70.169.17.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.169.17.134/; sid:900625350; rev:1;) alert tcp $HOME_NET any -> [189.35.44.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.35.44.221/; sid:900625347; rev:1;) alert tcp $HOME_NET any -> [181.74.0.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.74.0.251/; sid:900625346; rev:1;) alert tcp $HOME_NET any -> [203.205.28.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.205.28.68/; sid:900625349; rev:1;) alert tcp $HOME_NET any -> [109.169.12.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.169.12.78/; sid:900625344; rev:1;) alert tcp $HOME_NET any -> [190.188.245.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.245.242/; sid:900625348; rev:1;) alert tcp $HOME_NET any -> [38.18.235.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.18.235.242/; sid:900625353; rev:1;) alert tcp $HOME_NET any -> [128.92.203.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.92.203.42/; sid:900625345; rev:1;) alert tcp $HOME_NET any -> [149.202.72.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.72.142/; sid:908037547; rev:1;) alert tcp $HOME_NET any -> [51.15.7.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.7.145/; sid:908037507; rev:1;) alert tcp $HOME_NET any -> [46.43.2.95] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.43.2.95/; sid:908037475; rev:1;) alert tcp $HOME_NET any -> [80.87.201.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.201.221/; sid:908037469; rev:1;) alert tcp $HOME_NET any -> [202.29.239.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.239.162/; sid:908037468; rev:1;) alert tcp $HOME_NET any -> [37.187.161.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.161.206/; sid:900625342; rev:1;) alert tcp $HOME_NET any -> [194.5.249.156] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.156/; sid:900625339; rev:1;) alert tcp $HOME_NET any -> [185.164.32.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.108/; sid:900625340; rev:1;) alert tcp $HOME_NET any -> [185.172.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.173/; sid:900625335; rev:1;) alert tcp $HOME_NET any -> [86.104.194.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.38/; sid:900625336; rev:1;) alert tcp $HOME_NET any -> [194.5.249.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.143/; sid:900625338; rev:1;) alert tcp $HOME_NET any -> [88.150.197.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.197.172/; sid:900625337; rev:1;) alert tcp $HOME_NET any -> [45.239.204.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.239.204.100/; sid:900625442; rev:1;) alert tcp $HOME_NET any -> [110.142.236.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.236.207/; sid:900625319; rev:1;) alert tcp $HOME_NET any -> [68.252.26.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.252.26.78/; sid:900625322; rev:1;) alert tcp $HOME_NET any -> [142.112.10.95] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.112.10.95/; sid:900625331; rev:1;) alert tcp $HOME_NET any -> [85.96.199.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.199.93/; sid:900625323; rev:1;) alert tcp $HOME_NET any -> [118.83.154.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.83.154.64/; sid:900625324; rev:1;) alert tcp $HOME_NET any -> [181.169.235.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.235.7/; sid:900625321; rev:1;) alert tcp $HOME_NET any -> [195.123.241.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.242/; sid:900625318; rev:1;) alert tcp $HOME_NET any -> [5.182.210.156] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.156/; sid:900625317; rev:1;) alert tcp $HOME_NET any -> [85.214.26.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.214.26.7/; sid:905807326; rev:1;) alert tcp $HOME_NET any -> [202.134.4.210] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.4.210/; sid:905807321; rev:1;) alert tcp $HOME_NET any -> [45.33.35.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.35.74/; sid:900625315; rev:1;) alert tcp $HOME_NET any -> [12.163.208.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.163.208.58/; sid:900625314; rev:1;) alert tcp $HOME_NET any -> [174.106.122.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.122.139/; sid:900625320; rev:1;) alert tcp $HOME_NET any -> [175.103.38.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.38.146/; sid:900625310; rev:1;) alert tcp $HOME_NET any -> [220.106.127.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.106.127.191/; sid:900625311; rev:1;) alert tcp $HOME_NET any -> [115.79.59.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.59.157/; sid:900625327; rev:1;) alert tcp $HOME_NET any -> [153.229.219.1] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.229.219.1/; sid:900625309; rev:1;) alert tcp $HOME_NET any -> [180.148.4.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.148.4.130/; sid:900625328; rev:1;) alert tcp $HOME_NET any -> [111.89.241.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.89.241.139/; sid:900625326; rev:1;) alert tcp $HOME_NET any -> [121.7.31.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.31.214/; sid:900625301; rev:1;) alert tcp $HOME_NET any -> [139.162.60.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.60.124/; sid:905712221; rev:1;) alert tcp $HOME_NET any -> [172.104.97.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.97.173/; sid:905712220; rev:1;) alert tcp $HOME_NET any -> [94.124.59.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.124.59.22/; sid:900625307; rev:1;) alert tcp $HOME_NET any -> [173.249.6.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.6.108/; sid:900625302; rev:1;) alert tcp $HOME_NET any -> [159.203.116.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.116.47/; sid:900625303; rev:1;) alert tcp $HOME_NET any -> [185.232.182.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.232.182.218/; sid:900625304; rev:1;) alert tcp $HOME_NET any -> [60.108.144.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.108.144.104/; sid:900625305; rev:1;) alert tcp $HOME_NET any -> [70.116.143.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.116.143.84/; sid:900625306; rev:1;) alert tcp $HOME_NET any -> [109.206.139.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.206.139.119/; sid:900625308; rev:1;) alert tcp $HOME_NET any -> [108.46.29.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.46.29.236/; sid:900625300; rev:1;) alert tcp $HOME_NET any -> [36.91.87.227] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.87.227/; sid:900625297; rev:1;) alert tcp $HOME_NET any -> [195.123.240.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.113/; sid:900625293; rev:1;) alert tcp $HOME_NET any -> [179.97.246.23] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.97.246.23/; sid:900625296; rev:1;) alert tcp $HOME_NET any -> [51.89.163.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.163.40/; sid:900625294; rev:1;) alert tcp $HOME_NET any -> [117.222.63.145] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.63.145/; sid:900625295; rev:1;) alert tcp $HOME_NET any -> [117.252.214.138] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.252.214.138/; sid:900625289; rev:1;) alert tcp $HOME_NET any -> [181.143.186.42] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.186.42/; sid:900625288; rev:1;) alert tcp $HOME_NET any -> [213.32.84.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.84.27/; sid:900625291; rev:1;) alert tcp $HOME_NET any -> [148.251.185.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.165/; sid:900625292; rev:1;) alert tcp $HOME_NET any -> [200.24.67.161] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.67.161/; sid:900625290; rev:1;) alert tcp $HOME_NET any -> [45.224.213.234] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.213.234/; sid:900625284; rev:1;) alert tcp $HOME_NET any -> [185.99.2.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.243/; sid:900625286; rev:1;) alert tcp $HOME_NET any -> [195.123.240.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.104/; sid:900625285; rev:1;) alert tcp $HOME_NET any -> [89.223.126.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.126.186/; sid:900625283; rev:1;) alert tcp $HOME_NET any -> [125.165.20.104] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.165.20.104/; sid:900625287; rev:1;) alert tcp $HOME_NET any -> [190.99.97.42] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.99.97.42/; sid:900625282; rev:1;) alert tcp $HOME_NET any -> [103.76.169.213] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.76.169.213/; sid:900625281; rev:1;) alert tcp $HOME_NET any -> [45.237.241.97] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.237.241.97/; sid:900625279; rev:1;) alert tcp $HOME_NET any -> [194.87.110.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.110.144/; sid:900625278; rev:1;) alert tcp $HOME_NET any -> [45.67.231.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.68/; sid:900625280; rev:1;) alert tcp $HOME_NET any -> [179.127.88.41] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.127.88.41/; sid:900625277; rev:1;) alert tcp $HOME_NET any -> [1.226.84.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.226.84.243/; sid:905464282; rev:1;) alert tcp $HOME_NET any -> [119.106.216.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.106.216.84/; sid:900625270; rev:1;) alert tcp $HOME_NET any -> [190.117.79.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.79.209/; sid:905464271; rev:1;) alert tcp $HOME_NET any -> [51.15.7.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.7.189/; sid:905464257; rev:1;) alert tcp $HOME_NET any -> [202.4.58.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.4.58.197/; sid:900625272; rev:1;) alert tcp $HOME_NET any -> [116.202.23.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.202.23.3/; sid:900625269; rev:1;) alert tcp $HOME_NET any -> [37.157.196.117] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.157.196.117/; sid:900625273; rev:1;) alert tcp $HOME_NET any -> [51.75.33.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.127/; sid:900625274; rev:1;) alert tcp $HOME_NET any -> [88.150.180.32] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.150.180.32/; sid:900625275; rev:1;) alert tcp $HOME_NET any -> [78.186.65.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.65.230/; sid:900625267; rev:1;) alert tcp $HOME_NET any -> [73.55.128.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.55.128.120/; sid:900625266; rev:1;) alert tcp $HOME_NET any -> [118.33.121.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.33.121.37/; sid:905407873; rev:1;) alert tcp $HOME_NET any -> [27.73.70.219] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.73.70.219/; sid:900625264; rev:1;) alert tcp $HOME_NET any -> [45.177.120.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.177.120.36/; sid:900625265; rev:1;) alert tcp $HOME_NET any -> [104.251.33.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.251.33.179/; sid:900625258; rev:1;) alert tcp $HOME_NET any -> [66.65.136.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.65.136.14/; sid:900625262; rev:1;) alert tcp $HOME_NET any -> [2.84.135.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.84.135.163/; sid:900625261; rev:1;) alert tcp $HOME_NET any -> [192.81.38.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.81.38.31/; sid:900625271; rev:1;) alert tcp $HOME_NET any -> [93.20.157.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.20.157.143/; sid:900625268; rev:1;) alert tcp $HOME_NET any -> [183.77.227.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.77.227.38/; sid:900625397; rev:1;) alert tcp $HOME_NET any -> [86.104.194.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.77/; sid:900625257; rev:1;) alert tcp $HOME_NET any -> [67.10.155.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.10.155.92/; sid:900625263; rev:1;) alert tcp $HOME_NET any -> [223.135.30.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.135.30.189/; sid:900625251; rev:1;) alert tcp $HOME_NET any -> [186.20.52.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.52.237/; sid:905293381; rev:1;) alert tcp $HOME_NET any -> [185.80.172.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.80.172.199/; sid:905293363; rev:1;) alert tcp $HOME_NET any -> [220.109.145.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.109.145.69/; sid:905291315; rev:1;) alert tcp $HOME_NET any -> [77.106.157.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.106.157.34/; sid:905291301; rev:1;) alert tcp $HOME_NET any -> [96.245.123.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.245.123.149/; sid:905291286; rev:1;) alert tcp $HOME_NET any -> [2.36.95.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.36.95.106/; sid:905291280; rev:1;) alert tcp $HOME_NET any -> [123.51.47.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.51.47.18/; sid:905291273; rev:1;) alert tcp $HOME_NET any -> [80.11.164.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.164.185/; sid:905291270; rev:1;) alert tcp $HOME_NET any -> [60.93.23.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.93.23.51/; sid:900625242; rev:1;) alert tcp $HOME_NET any -> [177.129.17.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.129.17.170/; sid:900625238; rev:1;) alert tcp $HOME_NET any -> [219.75.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.75.128.166/; sid:905291228; rev:1;) alert tcp $HOME_NET any -> [216.139.123.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.139.123.119/; sid:900625239; rev:1;) alert tcp $HOME_NET any -> [74.219.172.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.219.172.26/; sid:905291201; rev:1;) alert tcp $HOME_NET any -> [195.7.12.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.7.12.8/; sid:900625253; rev:1;) alert tcp $HOME_NET any -> [45.89.125.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.89.125.148/; sid:900625235; rev:1;) alert tcp $HOME_NET any -> [85.204.116.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.173/; sid:900625234; rev:1;) alert tcp $HOME_NET any -> [185.234.72.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.35/; sid:900625233; rev:1;) alert tcp $HOME_NET any -> [5.152.210.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.152.210.188/; sid:900625232; rev:1;) alert tcp $HOME_NET any -> [38.111.46.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.111.46.46/; sid:900625256; rev:1;) alert tcp $HOME_NET any -> [190.191.171.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.171.72/; sid:900625250; rev:1;) alert tcp $HOME_NET any -> [76.168.54.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.54.203/; sid:900625243; rev:1;) alert tcp $HOME_NET any -> [35.143.99.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.143.99.174/; sid:900625254; rev:1;) alert tcp $HOME_NET any -> [96.249.236.156] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.249.236.156/; sid:900625249; rev:1;) alert tcp $HOME_NET any -> [200.116.93.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.93.61/; sid:900625215; rev:1;) alert tcp $HOME_NET any -> [89.249.65.53] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.249.65.53/; sid:900625220; rev:1;) alert tcp $HOME_NET any -> [162.244.32.217] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.217/; sid:900625218; rev:1;) alert tcp $HOME_NET any -> [51.89.163.33] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.163.33/; sid:900625230; rev:1;) alert tcp $HOME_NET any -> [185.99.2.244] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.244/; sid:900625221; rev:1;) alert tcp $HOME_NET any -> [41.40.125.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.40.125.237/; sid:900625216; rev:1;) alert tcp $HOME_NET any -> [190.192.39.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.192.39.136/; sid:900625217; rev:1;) alert tcp $HOME_NET any -> [71.72.196.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.72.196.159/; sid:900625299; rev:1;) alert tcp $HOME_NET any -> [139.59.61.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.61.215/; sid:903317721; rev:1;) alert tcp $HOME_NET any -> [162.241.41.111] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.41.111/; sid:900625206; rev:1;) alert tcp $HOME_NET any -> [85.25.208.71] 8081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.208.71/; sid:903305935; rev:1;) alert tcp $HOME_NET any -> [123.176.25.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.176.25.234/; sid:900625276; rev:1;) alert tcp $HOME_NET any -> [103.93.220.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.93.220.182/; sid:900625211; rev:1;) alert tcp $HOME_NET any -> [153.198.1.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.198.1.184/; sid:903262833; rev:1;) alert tcp $HOME_NET any -> [118.10.44.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.10.44.53/; sid:903262818; rev:1;) alert tcp $HOME_NET any -> [14.241.182.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.241.182.160/; sid:900625212; rev:1;) alert tcp $HOME_NET any -> [5.189.168.53] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.168.53/; sid:900625207; rev:1;) alert tcp $HOME_NET any -> [118.243.83.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.243.83.70/; sid:900625209; rev:1;) alert tcp $HOME_NET any -> [164.68.107.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.107.165/; sid:900625204; rev:1;) alert tcp $HOME_NET any -> [5.34.176.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.59/; sid:900625200; rev:1;) alert tcp $HOME_NET any -> [185.234.72.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.94/; sid:900625223; rev:1;) alert tcp $HOME_NET any -> [74.58.215.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.215.226/; sid:900625245; rev:1;) alert tcp $HOME_NET any -> [174.113.69.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.113.69.136/; sid:900625236; rev:1;) alert tcp $HOME_NET any -> [78.249.119.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.249.119.122/; sid:900625244; rev:1;) alert tcp $HOME_NET any -> [74.134.41.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.134.41.124/; sid:900625195; rev:1;) alert tcp $HOME_NET any -> [185.90.61.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.69/; sid:900625226; rev:1;) alert tcp $HOME_NET any -> [151.80.121.67] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.121.67/; sid:900625225; rev:1;) alert tcp $HOME_NET any -> [45.148.10.36] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.36/; sid:900625194; rev:1;) alert tcp $HOME_NET any -> [45.148.10.161] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.161/; sid:900625198; rev:1;) alert tcp $HOME_NET any -> [185.43.6.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.59/; sid:900625224; rev:1;) alert tcp $HOME_NET any -> [195.123.241.136] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.136/; sid:900625227; rev:1;) alert tcp $HOME_NET any -> [89.191.234.201] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.191.234.201/; sid:900625197; rev:1;) alert tcp $HOME_NET any -> [45.148.10.162] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.162/; sid:900625214; rev:1;) alert tcp $HOME_NET any -> [212.80.219.63] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.219.63/; sid:900625231; rev:1;) alert tcp $HOME_NET any -> [95.181.198.100] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.100/; sid:900625193; rev:1;) alert tcp $HOME_NET any -> [195.123.240.18] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.18/; sid:900625222; rev:1;) alert tcp $HOME_NET any -> [107.175.184.201] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.184.201/; sid:900625229; rev:1;) alert tcp $HOME_NET any -> [194.5.249.229] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.229/; sid:900625196; rev:1;) alert tcp $HOME_NET any -> [181.95.133.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.95.133.104/; sid:900625190; rev:1;) alert tcp $HOME_NET any -> [49.243.9.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.243.9.118/; sid:900625191; rev:1;) alert tcp $HOME_NET any -> [41.84.243.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.243.145/; sid:900625192; rev:1;) alert tcp $HOME_NET any -> [92.24.50.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.24.50.153/; sid:900625252; rev:1;) alert tcp $HOME_NET any -> [155.186.0.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.186.0.121/; sid:900625255; rev:1;) alert tcp $HOME_NET any -> [115.176.16.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.176.16.221/; sid:900625189; rev:1;) alert tcp $HOME_NET any -> [75.80.124.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.80.124.4/; sid:900625203; rev:1;) alert tcp $HOME_NET any -> [134.209.36.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.36.254/; sid:900625208; rev:1;) alert tcp $HOME_NET any -> [94.1.108.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.1.108.190/; sid:900625186; rev:1;) alert tcp $HOME_NET any -> [42.200.107.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.107.142/; sid:903239293; rev:1;) alert tcp $HOME_NET any -> [124.41.215.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.41.215.226/; sid:900625183; rev:1;) alert tcp $HOME_NET any -> [110.5.16.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.5.16.198/; sid:900625182; rev:1;) alert tcp $HOME_NET any -> [195.251.213.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.251.213.56/; sid:900625184; rev:1;) alert tcp $HOME_NET any -> [120.51.34.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.34.254/; sid:903239199; rev:1;) alert tcp $HOME_NET any -> [78.114.175.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.114.175.216/; sid:900625180; rev:1;) alert tcp $HOME_NET any -> [119.92.77.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.92.77.17/; sid:903239167; rev:1;) alert tcp $HOME_NET any -> [67.121.104.51] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.121.104.51/; sid:903239166; rev:1;) alert tcp $HOME_NET any -> [82.230.1.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.230.1.24/; sid:900625247; rev:1;) alert tcp $HOME_NET any -> [121.7.127.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.7.127.163/; sid:900625181; rev:1;) alert tcp $HOME_NET any -> [220.245.198.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.245.198.194/; sid:900625185; rev:1;) alert tcp $HOME_NET any -> [223.133.20.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.133.20.171/; sid:900625179; rev:1;) alert tcp $HOME_NET any -> [61.197.92.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.197.92.216/; sid:900625330; rev:1;) alert tcp $HOME_NET any -> [76.18.16.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.18.16.210/; sid:903226171; rev:1;) alert tcp $HOME_NET any -> [180.26.62.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.26.62.115/; sid:903226170; rev:1;) alert tcp $HOME_NET any -> [190.101.48.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.101.48.116/; sid:900625160; rev:1;) alert tcp $HOME_NET any -> [189.160.188.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.188.97/; sid:900625187; rev:1;) alert tcp $HOME_NET any -> [36.91.44.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.44.183/; sid:900625169; rev:1;) alert tcp $HOME_NET any -> [45.177.120.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.177.120.37/; sid:903226148; rev:1;) alert tcp $HOME_NET any -> [187.189.66.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.66.200/; sid:900625158; rev:1;) alert tcp $HOME_NET any -> [116.202.10.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.202.10.123/; sid:903226144; rev:1;) alert tcp $HOME_NET any -> [41.212.89.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.212.89.128/; sid:903226140; rev:1;) alert tcp $HOME_NET any -> [126.126.139.26] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.126.139.26/; sid:900625154; rev:1;) alert tcp $HOME_NET any -> [202.188.218.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.188.218.82/; sid:903226133; rev:1;) alert tcp $HOME_NET any -> [138.201.45.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.45.2/; sid:903226129; rev:1;) alert tcp $HOME_NET any -> [59.93.12.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.93.12.150/; sid:900625168; rev:1;) alert tcp $HOME_NET any -> [182.253.83.234] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.83.234/; sid:900625171; rev:1;) alert tcp $HOME_NET any -> [79.133.6.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.133.6.236/; sid:903226110; rev:1;) alert tcp $HOME_NET any -> [182.227.240.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.227.240.189/; sid:900625159; rev:1;) alert tcp $HOME_NET any -> [103.48.68.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.48.68.173/; sid:903226106; rev:1;) alert tcp $HOME_NET any -> [113.160.248.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.248.110/; sid:900625157; rev:1;) alert tcp $HOME_NET any -> [103.229.73.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.229.73.17/; sid:903226101; rev:1;) alert tcp $HOME_NET any -> [189.150.209.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.209.206/; sid:900625163; rev:1;) alert tcp $HOME_NET any -> [202.166.170.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.166.170.43/; sid:903226094; rev:1;) alert tcp $HOME_NET any -> [200.120.241.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.120.241.238/; sid:903226092; rev:1;) alert tcp $HOME_NET any -> [145.239.169.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.169.32/; sid:900625156; rev:1;) alert tcp $HOME_NET any -> [213.196.135.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.196.135.145/; sid:900625150; rev:1;) alert tcp $HOME_NET any -> [78.187.156.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.156.31/; sid:900625151; rev:1;) alert tcp $HOME_NET any -> [156.155.166.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.155.166.221/; sid:900625148; rev:1;) alert tcp $HOME_NET any -> [181.169.34.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.34.190/; sid:900625149; rev:1;) alert tcp $HOME_NET any -> [104.156.59.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.156.59.7/; sid:900625147; rev:1;) alert tcp $HOME_NET any -> [45.79.16.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.16.230/; sid:900625152; rev:1;) alert tcp $HOME_NET any -> [220.147.247.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.147.247.145/; sid:900625167; rev:1;) alert tcp $HOME_NET any -> [96.227.52.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.227.52.8/; sid:900625248; rev:1;) alert tcp $HOME_NET any -> [113.193.239.51] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.239.51/; sid:900625202; rev:1;) alert tcp $HOME_NET any -> [37.210.220.95] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.220.95/; sid:900625175; rev:1;) alert tcp $HOME_NET any -> [103.133.66.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.133.66.57/; sid:900625155; rev:1;) alert tcp $HOME_NET any -> [221.184.46.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.184.46.216/; sid:900625166; rev:1;) alert tcp $HOME_NET any -> [190.85.46.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.46.52/; sid:900625162; rev:1;) alert tcp $HOME_NET any -> [89.216.122.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.122.92/; sid:900625145; rev:1;) alert tcp $HOME_NET any -> [61.92.17.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.92.17.12/; sid:900625143; rev:1;) alert tcp $HOME_NET any -> [82.80.155.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.80.155.43/; sid:903222171; rev:1;) alert tcp $HOME_NET any -> [153.177.101.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.177.101.120/; sid:900625140; rev:1;) alert tcp $HOME_NET any -> [94.23.216.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.216.33/; sid:900625146; rev:1;) alert tcp $HOME_NET any -> [139.59.67.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.67.118/; sid:900625138; rev:1;) alert tcp $HOME_NET any -> [120.138.30.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.138.30.150/; sid:900625141; rev:1;) alert tcp $HOME_NET any -> [82.225.49.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.225.49.121/; sid:900625144; rev:1;) alert tcp $HOME_NET any -> [88.247.58.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.58.26/; sid:900625176; rev:1;) alert tcp $HOME_NET any -> [113.156.82.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.156.82.32/; sid:900625165; rev:1;) alert tcp $HOME_NET any -> [128.106.187.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.187.110/; sid:900625170; rev:1;) alert tcp $HOME_NET any -> [80.200.62.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.200.62.81/; sid:900625177; rev:1;) alert tcp $HOME_NET any -> [202.153.220.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.153.220.157/; sid:900625164; rev:1;) alert tcp $HOME_NET any -> [45.46.37.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.46.37.97/; sid:900625241; rev:1;) alert tcp $HOME_NET any -> [12.30.50.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.30.50.130/; sid:900625139; rev:1;) alert tcp $HOME_NET any -> [117.247.235.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.247.235.44/; sid:900625153; rev:1;) alert tcp $HOME_NET any -> [185.183.16.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.16.47/; sid:900625237; rev:1;) alert tcp $HOME_NET any -> [85.204.116.158] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.158/; sid:900625134; rev:1;) alert tcp $HOME_NET any -> [188.225.9.82] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.9.82/; sid:900625135; rev:1;) alert tcp $HOME_NET any -> [85.143.221.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.6/; sid:900625136; rev:1;) alert tcp $HOME_NET any -> [195.123.241.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.134/; sid:900625137; rev:1;) alert tcp $HOME_NET any -> [190.194.12.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.12.132/; sid:900625161; rev:1;) alert tcp $HOME_NET any -> [37.220.6.98] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.98/; sid:900625133; rev:1;) alert tcp $HOME_NET any -> [219.74.18.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.74.18.66/; sid:900625132; rev:1;) alert tcp $HOME_NET any -> [85.242.155.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.242.155.127/; sid:903175326; rev:1;) alert tcp $HOME_NET any -> [23.95.8.136] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.8.136/; sid:900625131; rev:1;) alert tcp $HOME_NET any -> [74.136.144.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.136.144.133/; sid:900625246; rev:1;) alert tcp $HOME_NET any -> [195.123.241.124] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.124/; sid:900625130; rev:1;) alert tcp $HOME_NET any -> [50.91.114.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.114.38/; sid:900625142; rev:1;) alert tcp $HOME_NET any -> [87.118.70.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.118.70.45/; sid:903140821; rev:1;) alert tcp $HOME_NET any -> [51.255.15.193] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.15.193/; sid:903139813; rev:1;) alert tcp $HOME_NET any -> [185.81.158.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.81.158.15/; sid:903139756; rev:1;) alert tcp $HOME_NET any -> [65.156.53.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.156.53.186/; sid:903139754; rev:1;) alert tcp $HOME_NET any -> [93.189.46.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.46.41/; sid:900625129; rev:1;) alert tcp $HOME_NET any -> [37.210.226.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.226.93/; sid:903138796; rev:1;) alert tcp $HOME_NET any -> [91.83.93.99] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.99/; sid:903138454; rev:1;) alert tcp $HOME_NET any -> [5.189.178.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.178.202/; sid:903138270; rev:1;) alert tcp $HOME_NET any -> [111.67.77.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.67.77.202/; sid:903138262; rev:1;) alert tcp $HOME_NET any -> [185.178.10.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.178.10.77/; sid:900625124; rev:1;) alert tcp $HOME_NET any -> [70.180.43.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.180.43.7/; sid:903138066; rev:1;) alert tcp $HOME_NET any -> [79.137.83.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.83.50/; sid:903138064; rev:1;) alert tcp $HOME_NET any -> [99.224.14.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.224.14.125/; sid:903138057; rev:1;) alert tcp $HOME_NET any -> [142.44.137.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.137.67/; sid:903138003; rev:1;) alert tcp $HOME_NET any -> [192.158.216.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.158.216.73/; sid:903138001; rev:1;) alert tcp $HOME_NET any -> [114.158.45.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.158.45.53/; sid:903137638; rev:1;) alert tcp $HOME_NET any -> [89.2.145.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.2.145.86/; sid:903137634; rev:1;) alert tcp $HOME_NET any -> [190.212.133.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.212.133.239/; sid:903137619; rev:1;) alert tcp $HOME_NET any -> [5.9.227.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.227.244/; sid:903137550; rev:1;) alert tcp $HOME_NET any -> [118.2.218.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.2.218.1/; sid:903137548; rev:1;) alert tcp $HOME_NET any -> [37.220.6.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.101/; sid:900625121; rev:1;) alert tcp $HOME_NET any -> [195.123.241.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.194/; sid:900625120; rev:1;) alert tcp $HOME_NET any -> [195.123.240.196] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.196/; sid:900625119; rev:1;) alert tcp $HOME_NET any -> [195.123.241.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.58/; sid:900625112; rev:1;) alert tcp $HOME_NET any -> [91.200.103.111] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.103.111/; sid:900625111; rev:1;) alert tcp $HOME_NET any -> [185.172.129.67] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.67/; sid:900625110; rev:1;) alert tcp $HOME_NET any -> [24.43.32.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.32.186/; sid:900625240; rev:1;) alert tcp $HOME_NET any -> [93.189.43.80] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.43.80/; sid:900625107; rev:1;) alert tcp $HOME_NET any -> [104.161.32.102] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.102/; sid:900625113; rev:1;) alert tcp $HOME_NET any -> [37.220.0.36] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.0.36/; sid:900625360; rev:1;) alert tcp $HOME_NET any -> [194.5.249.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.225/; sid:900625102; rev:1;) alert tcp $HOME_NET any -> [91.105.94.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.105.94.200/; sid:900625213; rev:1;) alert tcp $HOME_NET any -> [167.71.227.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.227.113/; sid:900625334; rev:1;) alert tcp $HOME_NET any -> [216.47.196.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.47.196.104/; sid:900625126; rev:1;) alert tcp $HOME_NET any -> [212.80.219.109] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.219.109/; sid:900625105; rev:1;) alert tcp $HOME_NET any -> [104.161.32.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.101/; sid:900625104; rev:1;) alert tcp $HOME_NET any -> [2.57.184.218] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.57.184.218/; sid:900625108; rev:1;) alert tcp $HOME_NET any -> [212.22.70.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.70.4/; sid:900625118; rev:1;) alert tcp $HOME_NET any -> [164.132.76.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.76.76/; sid:900625117; rev:1;) alert tcp $HOME_NET any -> [51.254.140.91] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.140.91/; sid:900625122; rev:1;) alert tcp $HOME_NET any -> [85.214.28.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.214.28.226/; sid:900625123; rev:1;) alert tcp $HOME_NET any -> [51.89.215.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.215.186/; sid:900625101; rev:1;) alert tcp $HOME_NET any -> [140.186.212.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.186.212.146/; sid:900625178; rev:1;) alert tcp $HOME_NET any -> [216.10.40.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.10.40.16/; sid:903136582; rev:1;) alert tcp $HOME_NET any -> [58.27.215.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.27.215.3/; sid:903136418; rev:1;) alert tcp $HOME_NET any -> [8.4.9.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.4.9.137/; sid:903136413; rev:1;) alert tcp $HOME_NET any -> [73.84.105.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.84.105.76/; sid:900625092; rev:1;) alert tcp $HOME_NET any -> [179.191.239.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.191.239.255/; sid:900625090; rev:1;) alert tcp $HOME_NET any -> [101.50.232.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.50.232.218/; sid:900625086; rev:1;) alert tcp $HOME_NET any -> [51.75.163.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.163.68/; sid:900625091; rev:1;) alert tcp $HOME_NET any -> [153.92.4.96] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.92.4.96/; sid:900625088; rev:1;) alert tcp $HOME_NET any -> [149.202.5.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.5.139/; sid:900625087; rev:1;) alert tcp $HOME_NET any -> [222.159.240.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.159.240.58/; sid:900625085; rev:1;) alert tcp $HOME_NET any -> [210.1.219.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.1.219.238/; sid:903136249; rev:1;) alert tcp $HOME_NET any -> [54.37.42.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.42.48/; sid:900625094; rev:1;) alert tcp $HOME_NET any -> [68.69.155.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.69.155.181/; sid:900625096; rev:1;) alert tcp $HOME_NET any -> [223.17.215.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.17.215.76/; sid:900625098; rev:1;) alert tcp $HOME_NET any -> [175.139.144.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.144.229/; sid:900625100; rev:1;) alert tcp $HOME_NET any -> [51.75.33.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.122/; sid:900625093; rev:1;) alert tcp $HOME_NET any -> [50.121.220.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.121.220.50/; sid:900625097; rev:1;) alert tcp $HOME_NET any -> [190.225.150.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.225.150.234/; sid:900625084; rev:1;) alert tcp $HOME_NET any -> [195.123.240.93] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.93/; sid:900625080; rev:1;) alert tcp $HOME_NET any -> [194.87.94.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.94.14/; sid:900625081; rev:1;) alert tcp $HOME_NET any -> [194.5.249.215] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.215/; sid:900625079; rev:1;) alert tcp $HOME_NET any -> [91.200.100.71] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.100.71/; sid:900625082; rev:1;) alert tcp $HOME_NET any -> [5.182.211.138] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.138/; sid:900625078; rev:1;) alert tcp $HOME_NET any -> [185.234.72.114] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.114/; sid:900625075; rev:1;) alert tcp $HOME_NET any -> [194.5.249.214] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.214/; sid:900625076; rev:1;) alert tcp $HOME_NET any -> [195.123.242.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.242.119/; sid:900625077; rev:1;) alert tcp $HOME_NET any -> [107.155.137.15] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.15/; sid:900625074; rev:1;) alert tcp $HOME_NET any -> [38.88.126.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.88.126.202/; sid:900625127; rev:1;) alert tcp $HOME_NET any -> [185.215.227.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.215.227.107/; sid:900625125; rev:1;) alert tcp $HOME_NET any -> [51.38.124.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.124.206/; sid:900625128; rev:1;) alert tcp $HOME_NET any -> [162.244.32.144] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.144/; sid:900625114; rev:1;) alert tcp $HOME_NET any -> [185.142.99.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.94/; sid:900625072; rev:1;) alert tcp $HOME_NET any -> [212.22.70.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.70.59/; sid:900625071; rev:1;) alert tcp $HOME_NET any -> [199.101.86.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.101.86.6/; sid:903135583; rev:1;) alert tcp $HOME_NET any -> [94.200.114.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.114.161/; sid:900625062; rev:1;) alert tcp $HOME_NET any -> [120.150.60.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.60.189/; sid:900625050; rev:1;) alert tcp $HOME_NET any -> [139.99.158.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.158.11/; sid:903135466; rev:1;) alert tcp $HOME_NET any -> [94.23.237.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.237.171/; sid:903135453; rev:1;) alert tcp $HOME_NET any -> [188.219.31.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.219.31.12/; sid:903135443; rev:1;) alert tcp $HOME_NET any -> [74.109.108.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.109.108.202/; sid:903135433; rev:1;) alert tcp $HOME_NET any -> [89.205.113.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.205.113.80/; sid:903135431; rev:1;) alert tcp $HOME_NET any -> [50.81.3.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.81.3.113/; sid:900625060; rev:1;) alert tcp $HOME_NET any -> [68.171.118.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.171.118.7/; sid:903135429; rev:1;) alert tcp $HOME_NET any -> [139.162.108.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.108.71/; sid:903135415; rev:1;) alert tcp $HOME_NET any -> [64.201.88.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.201.88.132/; sid:900625095; rev:1;) alert tcp $HOME_NET any -> [118.110.236.121] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.110.236.121/; sid:900625089; rev:1;) alert tcp $HOME_NET any -> [139.60.163.45] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.45/; sid:900625046; rev:1;) alert tcp $HOME_NET any -> [185.180.198.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.58/; sid:900625047; rev:1;) alert tcp $HOME_NET any -> [195.123.241.13] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.13/; sid:900625359; rev:1;) alert tcp $HOME_NET any -> [104.161.32.118] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.118/; sid:900625358; rev:1;) alert tcp $HOME_NET any -> [189.131.57.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.57.131/; sid:903135104; rev:1;) alert tcp $HOME_NET any -> [178.148.55.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.148.55.236/; sid:903135091; rev:1;) alert tcp $HOME_NET any -> [213.197.182.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.197.182.158/; sid:903135082; rev:1;) alert tcp $HOME_NET any -> [138.97.60.141] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.97.60.141/; sid:903135068; rev:1;) alert tcp $HOME_NET any -> [212.174.55.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.174.55.22/; sid:903135047; rev:1;) alert tcp $HOME_NET any -> [186.227.146.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.227.146.102/; sid:903134979; rev:1;) alert tcp $HOME_NET any -> [181.122.154.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.122.154.240/; sid:900625049; rev:1;) alert tcp $HOME_NET any -> [94.102.209.63] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.102.209.63/; sid:900625036; rev:1;) alert tcp $HOME_NET any -> [206.15.68.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.15.68.237/; sid:900625043; rev:1;) alert tcp $HOME_NET any -> [51.83.196.234] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.196.234/; sid:900625041; rev:1;) alert tcp $HOME_NET any -> [194.5.249.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.221/; sid:900625035; rev:1;) alert tcp $HOME_NET any -> [97.107.135.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.107.135.148/; sid:900625037; rev:1;) alert tcp $HOME_NET any -> [67.68.210.95] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.68.210.95/; sid:900625069; rev:1;) alert tcp $HOME_NET any -> [54.38.143.245] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.143.245/; sid:903134921; rev:1;) alert tcp $HOME_NET any -> [103.80.51.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.80.51.61/; sid:903134889; rev:1;) alert tcp $HOME_NET any -> [157.245.138.101] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.138.101/; sid:903134885; rev:1;) alert tcp $HOME_NET any -> [37.187.100.220] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.100.220/; sid:903134883; rev:1;) alert tcp $HOME_NET any -> [91.75.75.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.75.75.46/; sid:903134881; rev:1;) alert tcp $HOME_NET any -> [37.205.9.252] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.205.9.252/; sid:903134871; rev:1;) alert tcp $HOME_NET any -> [190.96.15.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.15.50/; sid:900625029; rev:1;) alert tcp $HOME_NET any -> [178.87.171.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.87.171.199/; sid:903134846; rev:1;) alert tcp $HOME_NET any -> [184.66.18.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.66.18.83/; sid:900625073; rev:1;) alert tcp $HOME_NET any -> [134.209.193.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.193.138/; sid:900625023; rev:1;) alert tcp $HOME_NET any -> [162.241.242.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.242.173/; sid:900625052; rev:1;) alert tcp $HOME_NET any -> [107.155.137.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.18/; sid:900625040; rev:1;) alert tcp $HOME_NET any -> [216.208.76.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.208.76.186/; sid:900625057; rev:1;) alert tcp $HOME_NET any -> [72.167.223.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.167.223.217/; sid:900625106; rev:1;) alert tcp $HOME_NET any -> [162.144.42.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.42.60/; sid:900625025; rev:1;) alert tcp $HOME_NET any -> [172.91.208.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.91.208.86/; sid:900625053; rev:1;) alert tcp $HOME_NET any -> [24.26.151.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.26.151.3/; sid:900625030; rev:1;) alert tcp $HOME_NET any -> [174.45.13.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.45.13.118/; sid:900625054; rev:1;) alert tcp $HOME_NET any -> [84.39.182.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.39.182.7/; sid:900625068; rev:1;) alert tcp $HOME_NET any -> [45.182.161.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.182.161.17/; sid:900625033; rev:1;) alert tcp $HOME_NET any -> [110.142.219.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.219.51/; sid:900625042; rev:1;) alert tcp $HOME_NET any -> [1.54.67.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.54.67.22/; sid:900625026; rev:1;) alert tcp $HOME_NET any -> [197.232.36.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.36.108/; sid:900625028; rev:1;) alert tcp $HOME_NET any -> [118.101.24.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.101.24.148/; sid:900625024; rev:1;) alert tcp $HOME_NET any -> [77.238.212.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.238.212.227/; sid:900625065; rev:1;) alert tcp $HOME_NET any -> [72.135.200.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.135.200.124/; sid:900625070; rev:1;) alert tcp $HOME_NET any -> [45.138.158.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.158.41/; sid:900625018; rev:1;) alert tcp $HOME_NET any -> [95.171.15.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.171.15.71/; sid:900625019; rev:1;) alert tcp $HOME_NET any -> [91.200.100.85] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.100.85/; sid:900625016; rev:1;) alert tcp $HOME_NET any -> [82.146.37.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.37.128/; sid:900625017; rev:1;) alert tcp $HOME_NET any -> [195.123.240.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.52/; sid:900625014; rev:1;) alert tcp $HOME_NET any -> [195.123.241.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.175/; sid:900625013; rev:1;) alert tcp $HOME_NET any -> [85.143.221.85] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.85/; sid:900625015; rev:1;) alert tcp $HOME_NET any -> [51.89.204.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.204.242/; sid:900625012; rev:1;) alert tcp $HOME_NET any -> [37.220.6.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.126/; sid:900625020; rev:1;) alert tcp $HOME_NET any -> [37.220.6.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.122/; sid:900625010; rev:1;) alert tcp $HOME_NET any -> [195.123.241.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.68/; sid:900625011; rev:1;) alert tcp $HOME_NET any -> [103.106.236.83] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.106.236.83/; sid:900625064; rev:1;) alert tcp $HOME_NET any -> [45.16.226.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.16.226.117/; sid:900625044; rev:1;) alert tcp $HOME_NET any -> [190.136.179.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.179.102/; sid:900625038; rev:1;) alert tcp $HOME_NET any -> [98.13.75.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.13.75.196/; sid:900625109; rev:1;) alert tcp $HOME_NET any -> [104.161.32.108] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.108/; sid:900625021; rev:1;) alert tcp $HOME_NET any -> [68.183.233.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.233.80/; sid:900625031; rev:1;) alert tcp $HOME_NET any -> [37.52.87.0] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.52.87.0/; sid:900625048; rev:1;) alert tcp $HOME_NET any -> [195.123.241.224] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.224/; sid:900625009; rev:1;) alert tcp $HOME_NET any -> [199.203.62.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.203.62.165/; sid:900625083; rev:1;) alert tcp $HOME_NET any -> [190.55.186.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.186.229/; sid:900625497; rev:1;) alert tcp $HOME_NET any -> [176.31.28.85] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.28.85/; sid:900625002; rev:1;) alert tcp $HOME_NET any -> [5.182.211.124] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.124/; sid:900625003; rev:1;) alert tcp $HOME_NET any -> [185.172.129.100] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.100/; sid:900625007; rev:1;) alert tcp $HOME_NET any -> [195.123.241.229] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.229/; sid:900625001; rev:1;) alert tcp $HOME_NET any -> [185.99.2.106] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.106/; sid:900625006; rev:1;) alert tcp $HOME_NET any -> [129.232.133.39] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.232.133.39/; sid:900625000; rev:1;) alert tcp $HOME_NET any -> [194.87.236.171] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.236.171/; sid:900625004; rev:1;) alert tcp $HOME_NET any -> [45.138.158.33] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.158.33/; sid:900624998; rev:1;) alert tcp $HOME_NET any -> [93.189.42.225] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.225/; sid:900625008; rev:1;) alert tcp $HOME_NET any -> [45.55.36.51] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.36.51/; sid:900625058; rev:1;) alert tcp $HOME_NET any -> [173.81.218.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.81.218.65/; sid:900625055; rev:1;) alert tcp $HOME_NET any -> [185.234.72.240] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.240/; sid:900624999; rev:1;) alert tcp $HOME_NET any -> [85.204.116.117] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.117/; sid:900624997; rev:1;) alert tcp $HOME_NET any -> [2.144.244.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.144.244.204/; sid:900625032; rev:1;) alert tcp $HOME_NET any -> [82.239.200.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.239.200.118/; sid:900625034; rev:1;) alert tcp $HOME_NET any -> [194.187.133.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.187.133.160/; sid:900625056; rev:1;) alert tcp $HOME_NET any -> [189.39.32.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.39.32.161/; sid:900625027; rev:1;) alert tcp $HOME_NET any -> [91.121.54.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.54.71/; sid:900625045; rev:1;) alert tcp $HOME_NET any -> [62.30.7.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.30.7.67/; sid:900625059; rev:1;) alert tcp $HOME_NET any -> [45.55.219.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.219.163/; sid:900625061; rev:1;) alert tcp $HOME_NET any -> [71.197.211.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.197.211.156/; sid:900625099; rev:1;) alert tcp $HOME_NET any -> [107.5.122.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.5.122.110/; sid:900625051; rev:1;) alert tcp $HOME_NET any -> [113.203.250.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.203.250.121/; sid:900624994; rev:1;) alert tcp $HOME_NET any -> [186.109.152.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.152.201/; sid:900624992; rev:1;) alert tcp $HOME_NET any -> [220.254.198.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.254.198.228/; sid:900624993; rev:1;) alert tcp $HOME_NET any -> [85.109.159.61] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.159.61/; sid:900624990; rev:1;) alert tcp $HOME_NET any -> [112.185.64.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.185.64.233/; sid:900624987; rev:1;) alert tcp $HOME_NET any -> [153.232.188.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.232.188.106/; sid:900624988; rev:1;) alert tcp $HOME_NET any -> [219.92.8.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.92.8.17/; sid:900624989; rev:1;) alert tcp $HOME_NET any -> [162.249.220.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.249.220.190/; sid:900624991; rev:1;) alert tcp $HOME_NET any -> [137.119.36.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.119.36.33/; sid:900624986; rev:1;) alert tcp $HOME_NET any -> [197.221.158.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.221.158.162/; sid:903047501; rev:1;) alert tcp $HOME_NET any -> [181.137.229.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.137.229.1/; sid:900624982; rev:1;) alert tcp $HOME_NET any -> [95.216.205.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.205.155/; sid:903047436; rev:1;) alert tcp $HOME_NET any -> [85.25.207.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.207.108/; sid:900624983; rev:1;) alert tcp $HOME_NET any -> [200.114.213.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.213.233/; sid:900624978; rev:1;) alert tcp $HOME_NET any -> [187.161.206.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.161.206.24/; sid:900624977; rev:1;) alert tcp $HOME_NET any -> [168.0.97.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.0.97.6/; sid:900624980; rev:1;) alert tcp $HOME_NET any -> [181.126.54.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.54.234/; sid:900624984; rev:1;) alert tcp $HOME_NET any -> [152.169.22.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.67/; sid:900624973; rev:1;) alert tcp $HOME_NET any -> [81.129.198.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.129.198.57/; sid:900624975; rev:1;) alert tcp $HOME_NET any -> [116.202.234.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.202.234.183/; sid:900624976; rev:1;) alert tcp $HOME_NET any -> [173.94.215.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.215.84/; sid:900624981; rev:1;) alert tcp $HOME_NET any -> [65.36.62.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.36.62.20/; sid:900624974; rev:1;) alert tcp $HOME_NET any -> [70.121.172.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.121.172.89/; sid:900624979; rev:1;) alert tcp $HOME_NET any -> [2.57.184.70] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.57.184.70/; sid:900624995; rev:1;) alert tcp $HOME_NET any -> [95.180.234.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.180.234.21/; sid:903023878; rev:1;) alert tcp $HOME_NET any -> [41.84.248.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.248.134/; sid:900624967; rev:1;) alert tcp $HOME_NET any -> [73.213.208.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.213.208.163/; sid:900624965; rev:1;) alert tcp $HOME_NET any -> [185.33.0.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.33.0.233/; sid:900624963; rev:1;) alert tcp $HOME_NET any -> [190.128.173.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.173.10/; sid:900624964; rev:1;) alert tcp $HOME_NET any -> [86.98.143.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.143.163/; sid:903023790; rev:1;) alert tcp $HOME_NET any -> [60.125.114.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.125.114.64/; sid:903023780; rev:1;) alert tcp $HOME_NET any -> [197.249.6.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.249.6.179/; sid:903023772; rev:1;) alert tcp $HOME_NET any -> [175.29.183.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.29.183.2/; sid:903023763; rev:1;) alert tcp $HOME_NET any -> [118.70.15.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.70.15.19/; sid:903023755; rev:1;) alert tcp $HOME_NET any -> [178.238.232.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.238.232.46/; sid:900624961; rev:1;) alert tcp $HOME_NET any -> [178.128.14.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.128.14.92/; sid:900624962; rev:1;) alert tcp $HOME_NET any -> [93.147.212.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.212.206/; sid:900624958; rev:1;) alert tcp $HOME_NET any -> [98.109.204.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.109.204.230/; sid:900624959; rev:1;) alert tcp $HOME_NET any -> [153.163.83.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.163.83.106/; sid:900624955; rev:1;) alert tcp $HOME_NET any -> [174.137.65.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.137.65.18/; sid:900624956; rev:1;) alert tcp $HOME_NET any -> [64.183.73.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.183.73.122/; sid:900624957; rev:1;) alert tcp $HOME_NET any -> [112.78.142.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.78.142.170/; sid:900624960; rev:1;) alert tcp $HOME_NET any -> [82.163.245.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.163.245.38/; sid:900624966; rev:1;) alert tcp $HOME_NET any -> [37.220.0.28] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.0.28/; sid:900624996; rev:1;) alert tcp $HOME_NET any -> [177.94.227.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.94.227.143/; sid:900624950; rev:1;) alert tcp $HOME_NET any -> [105.184.233.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.233.166/; sid:903004875; rev:1;) alert tcp $HOME_NET any -> [41.84.237.198] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.84.237.198/; sid:900624952; rev:1;) alert tcp $HOME_NET any -> [86.57.216.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.57.216.23/; sid:903004868; rev:1;) alert tcp $HOME_NET any -> [24.135.1.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.135.1.177/; sid:900624946; rev:1;) alert tcp $HOME_NET any -> [202.4.57.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.4.57.96/; sid:900624947; rev:1;) alert tcp $HOME_NET any -> [68.188.112.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.188.112.97/; sid:900624949; rev:1;) alert tcp $HOME_NET any -> [89.186.91.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.91.200/; sid:900624954; rev:1;) alert tcp $HOME_NET any -> [45.173.88.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.173.88.33/; sid:900624948; rev:1;) alert tcp $HOME_NET any -> [186.109.104.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.104.67/; sid:900624951; rev:1;) alert tcp $HOME_NET any -> [86.104.194.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.28/; sid:900624945; rev:1;) alert tcp $HOME_NET any -> [185.198.57.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.108/; sid:900624944; rev:1;) alert tcp $HOME_NET any -> [67.247.242.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.247.242.247/; sid:902952826; rev:1;) alert tcp $HOME_NET any -> [24.135.198.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.135.198.218/; sid:900624939; rev:1;) alert tcp $HOME_NET any -> [5.153.250.14] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.153.250.14/; sid:900624941; rev:1;) alert tcp $HOME_NET any -> [209.126.6.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.126.6.222/; sid:900624940; rev:1;) alert tcp $HOME_NET any -> [190.53.144.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.144.120/; sid:900624934; rev:1;) alert tcp $HOME_NET any -> [179.62.238.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.238.49/; sid:900624933; rev:1;) alert tcp $HOME_NET any -> [181.114.114.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.114.203/; sid:900624937; rev:1;) alert tcp $HOME_NET any -> [37.70.8.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.70.8.161/; sid:900624932; rev:1;) alert tcp $HOME_NET any -> [41.106.96.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.106.96.12/; sid:900624935; rev:1;) alert tcp $HOME_NET any -> [85.66.181.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.66.181.138/; sid:900624942; rev:1;) alert tcp $HOME_NET any -> [71.57.180.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.57.180.213/; sid:900624936; rev:1;) alert tcp $HOME_NET any -> [174.100.27.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.100.27.229/; sid:900624938; rev:1;) alert tcp $HOME_NET any -> [177.32.8.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.32.8.85/; sid:900624925; rev:1;) alert tcp $HOME_NET any -> [190.212.140.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.212.140.6/; sid:900624926; rev:1;) alert tcp $HOME_NET any -> [197.83.232.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.232.19/; sid:900624927; rev:1;) alert tcp $HOME_NET any -> [201.213.177.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.177.139/; sid:900624923; rev:1;) alert tcp $HOME_NET any -> [212.93.117.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.93.117.170/; sid:900624921; rev:1;) alert tcp $HOME_NET any -> [85.105.140.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.140.135/; sid:900624922; rev:1;) alert tcp $HOME_NET any -> [188.83.220.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.83.220.2/; sid:900624931; rev:1;) alert tcp $HOME_NET any -> [203.117.253.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.117.253.142/; sid:900624917; rev:1;) alert tcp $HOME_NET any -> [97.82.79.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.82.79.83/; sid:900624919; rev:1;) alert tcp $HOME_NET any -> [109.116.214.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.116.214.124/; sid:902935035; rev:1;) alert tcp $HOME_NET any -> [69.30.203.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.203.214/; sid:900624918; rev:1;) alert tcp $HOME_NET any -> [83.220.171.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.171.193/; sid:900624914; rev:1;) alert tcp $HOME_NET any -> [85.143.220.121] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.121/; sid:900624915; rev:1;) alert tcp $HOME_NET any -> [66.61.94.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.61.94.36/; sid:900624924; rev:1;) alert tcp $HOME_NET any -> [207.144.103.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.144.103.227/; sid:900624920; rev:1;) alert tcp $HOME_NET any -> [91.222.77.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.222.77.105/; sid:900624929; rev:1;) alert tcp $HOME_NET any -> [24.233.112.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.233.112.152/; sid:900624916; rev:1;) alert tcp $HOME_NET any -> [195.123.237.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.241/; sid:900624928; rev:1;) alert tcp $HOME_NET any -> [83.169.36.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.36.251/; sid:902921100; rev:1;) alert tcp $HOME_NET any -> [67.205.85.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.85.243/; sid:900624911; rev:1;) alert tcp $HOME_NET any -> [192.210.135.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.135.126/; sid:900624910; rev:1;) alert tcp $HOME_NET any -> [195.123.239.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.193/; sid:900624909; rev:1;) alert tcp $HOME_NET any -> [62.108.35.90] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.90/; sid:900624906; rev:1;) alert tcp $HOME_NET any -> [185.164.32.216] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.216/; sid:900624907; rev:1;) alert tcp $HOME_NET any -> [194.5.249.197] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.197/; sid:900624905; rev:1;) alert tcp $HOME_NET any -> [83.220.171.175] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.171.175/; sid:900624904; rev:1;) alert tcp $HOME_NET any -> [45.148.10.182] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.182/; sid:900624902; rev:1;) alert tcp $HOME_NET any -> [45.148.10.164] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.164/; sid:900624901; rev:1;) alert tcp $HOME_NET any -> [46.17.107.148] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.107.148/; sid:900624900; rev:1;) alert tcp $HOME_NET any -> [64.44.133.61] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.61/; sid:900624908; rev:1;) alert tcp $HOME_NET any -> [91.200.103.236] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.103.236/; sid:900624903; rev:1;) alert tcp $HOME_NET any -> [45.33.77.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.77.42/; sid:902914668; rev:1;) alert tcp $HOME_NET any -> [190.115.18.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.115.18.139/; sid:902914657; rev:1;) alert tcp $HOME_NET any -> [95.85.151.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.85.151.205/; sid:902914641; rev:1;) alert tcp $HOME_NET any -> [178.250.54.208] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.250.54.208/; sid:902914624; rev:1;) alert tcp $HOME_NET any -> [51.159.23.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.159.23.217/; sid:902914607; rev:1;) alert tcp $HOME_NET any -> [188.2.217.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.2.217.94/; sid:900624893; rev:1;) alert tcp $HOME_NET any -> [213.176.36.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.176.36.147/; sid:900624895; rev:1;) alert tcp $HOME_NET any -> [199.101.86.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.101.86.142/; sid:902913587; rev:1;) alert tcp $HOME_NET any -> [24.137.76.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.137.76.62/; sid:900624896; rev:1;) alert tcp $HOME_NET any -> [209.143.35.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.143.35.232/; sid:900624890; rev:1;) alert tcp $HOME_NET any -> [2.58.16.85] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.58.16.85/; sid:902913556; rev:1;) alert tcp $HOME_NET any -> [51.75.33.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.33.120/; sid:900624891; rev:1;) alert tcp $HOME_NET any -> [172.96.190.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.96.190.154/; sid:902913463; rev:1;) alert tcp $HOME_NET any -> [105.213.67.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.213.67.88/; sid:900624885; rev:1;) alert tcp $HOME_NET any -> [159.203.232.29] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.232.29/; sid:900624886; rev:1;) alert tcp $HOME_NET any -> [88.217.172.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.217.172.164/; sid:900624892; rev:1;) alert tcp $HOME_NET any -> [201.171.150.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.150.41/; sid:900624894; rev:1;) alert tcp $HOME_NET any -> [176.216.226.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.216.226.44/; sid:900624887; rev:1;) alert tcp $HOME_NET any -> [174.102.48.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.102.48.180/; sid:900624889; rev:1;) alert tcp $HOME_NET any -> [173.62.217.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.62.217.22/; sid:900624884; rev:1;) alert tcp $HOME_NET any -> [167.86.90.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.90.214/; sid:900624883; rev:1;) alert tcp $HOME_NET any -> [86.104.194.24] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.24/; sid:900624881; rev:1;) alert tcp $HOME_NET any -> [186.32.90.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.32.90.103/; sid:900624879; rev:1;) alert tcp $HOME_NET any -> [24.148.98.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.148.98.177/; sid:900624876; rev:1;) alert tcp $HOME_NET any -> [192.187.99.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.187.99.90/; sid:900624875; rev:1;) alert tcp $HOME_NET any -> [87.98.218.33] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.98.218.33/; sid:900624877; rev:1;) alert tcp $HOME_NET any -> [190.190.15.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.15.20/; sid:900624874; rev:1;) alert tcp $HOME_NET any -> [92.24.51.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.24.51.238/; sid:900624880; rev:1;) alert tcp $HOME_NET any -> [95.9.180.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.180.128/; sid:900624878; rev:1;) alert tcp $HOME_NET any -> [107.185.211.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.185.211.16/; sid:900624882; rev:1;) alert tcp $HOME_NET any -> [181.211.11.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.11.242/; sid:900624868; rev:1;) alert tcp $HOME_NET any -> [85.152.162.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.162.105/; sid:900624869; rev:1;) alert tcp $HOME_NET any -> [96.8.113.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.8.113.4/; sid:900624867; rev:1;) alert tcp $HOME_NET any -> [182.176.95.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.95.147/; sid:900624873; rev:1;) alert tcp $HOME_NET any -> [176.9.93.82] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.93.82/; sid:900624861; rev:1;) alert tcp $HOME_NET any -> [185.208.226.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.208.226.142/; sid:900624863; rev:1;) alert tcp $HOME_NET any -> [115.78.11.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.78.11.155/; sid:902881556; rev:1;) alert tcp $HOME_NET any -> [182.187.139.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.187.139.200/; sid:900624862; rev:1;) alert tcp $HOME_NET any -> [188.166.25.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.25.84/; sid:900624864; rev:1;) alert tcp $HOME_NET any -> [81.198.69.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.198.69.61/; sid:900624858; rev:1;) alert tcp $HOME_NET any -> [147.91.184.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.91.184.91/; sid:900624855; rev:1;) alert tcp $HOME_NET any -> [94.206.45.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.206.45.18/; sid:900624859; rev:1;) alert tcp $HOME_NET any -> [66.228.49.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.49.173/; sid:900624857; rev:1;) alert tcp $HOME_NET any -> [104.131.103.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.103.128/; sid:900624854; rev:1;) alert tcp $HOME_NET any -> [139.99.157.213] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.99.157.213/; sid:900624860; rev:1;) alert tcp $HOME_NET any -> [202.5.47.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.5.47.71/; sid:900624872; rev:1;) alert tcp $HOME_NET any -> [58.171.153.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.153.81/; sid:900624856; rev:1;) alert tcp $HOME_NET any -> [176.10.250.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.10.250.88/; sid:900624865; rev:1;) alert tcp $HOME_NET any -> [74.120.55.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.120.55.163/; sid:900624866; rev:1;) alert tcp $HOME_NET any -> [5.182.210.224] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.224/; sid:900624899; rev:1;) alert tcp $HOME_NET any -> [165.165.171.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.165.171.160/; sid:902795635; rev:1;) alert tcp $HOME_NET any -> [190.190.148.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.148.27/; sid:900624844; rev:1;) alert tcp $HOME_NET any -> [209.236.123.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.236.123.42/; sid:902795517; rev:1;) alert tcp $HOME_NET any -> [82.76.111.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.76.111.249/; sid:902795508; rev:1;) alert tcp $HOME_NET any -> [119.198.40.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.198.40.179/; sid:902795485; rev:1;) alert tcp $HOME_NET any -> [213.181.91.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.181.91.224/; sid:900624853; rev:1;) alert tcp $HOME_NET any -> [116.125.120.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.125.120.88/; sid:900624842; rev:1;) alert tcp $HOME_NET any -> [114.173.201.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.173.201.110/; sid:900624848; rev:1;) alert tcp $HOME_NET any -> [97.104.107.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.104.107.190/; sid:900624851; rev:1;) alert tcp $HOME_NET any -> [190.31.53.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.31.53.131/; sid:900624850; rev:1;) alert tcp $HOME_NET any -> [145.236.8.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.236.8.174/; sid:900624849; rev:1;) alert tcp $HOME_NET any -> [157.147.76.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.147.76.151/; sid:900624843; rev:1;) alert tcp $HOME_NET any -> [64.44.133.137] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.137/; sid:900624840; rev:1;) alert tcp $HOME_NET any -> [62.108.35.9] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.9/; sid:900624836; rev:1;) alert tcp $HOME_NET any -> [91.200.102.149] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.102.149/; sid:900624837; rev:1;) alert tcp $HOME_NET any -> [51.89.202.103] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.202.103/; sid:900624835; rev:1;) alert tcp $HOME_NET any -> [46.30.41.160] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.160/; sid:900624839; rev:1;) alert tcp $HOME_NET any -> [194.5.249.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.193/; sid:900624838; rev:1;) alert tcp $HOME_NET any -> [51.89.177.9] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.177.9/; sid:900624833; rev:1;) alert tcp $HOME_NET any -> [192.52.167.104] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.52.167.104/; sid:900624834; rev:1;) alert tcp $HOME_NET any -> [62.108.35.194] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.194/; sid:900624832; rev:1;) alert tcp $HOME_NET any -> [162.244.32.198] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.198/; sid:900624831; rev:1;) alert tcp $HOME_NET any -> [86.104.194.113] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.113/; sid:900624830; rev:1;) alert tcp $HOME_NET any -> [195.123.241.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.94/; sid:900624829; rev:1;) alert tcp $HOME_NET any -> [51.83.165.31] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.165.31/; sid:900624828; rev:1;) alert tcp $HOME_NET any -> [217.12.209.54] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.54/; sid:900624827; rev:1;) alert tcp $HOME_NET any -> [37.220.6.108] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.6.108/; sid:900624826; rev:1;) alert tcp $HOME_NET any -> [23.92.93.230] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.93.230/; sid:900624824; rev:1;) alert tcp $HOME_NET any -> [47.146.32.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.32.175/; sid:900624846; rev:1;) alert tcp $HOME_NET any -> [162.216.0.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.189/; sid:900624825; rev:1;) alert tcp $HOME_NET any -> [103.130.114.106] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.130.114.106/; sid:900624822; rev:1;) alert tcp $HOME_NET any -> [112.109.19.178] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.109.19.178/; sid:900624821; rev:1;) alert tcp $HOME_NET any -> [198.46.198.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.139/; sid:900624820; rev:1;) alert tcp $HOME_NET any -> [185.205.209.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.205.209.241/; sid:900624819; rev:1;) alert tcp $HOME_NET any -> [110.232.249.13] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.232.249.13/; sid:900624816; rev:1;) alert tcp $HOME_NET any -> [200.116.232.186] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.232.186/; sid:900624817; rev:1;) alert tcp $HOME_NET any -> [187.109.119.99] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.109.119.99/; sid:900624818; rev:1;) alert tcp $HOME_NET any -> [36.94.33.102] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.94.33.102/; sid:900624815; rev:1;) alert tcp $HOME_NET any -> [86.104.194.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.116/; sid:900624810; rev:1;) alert tcp $HOME_NET any -> [180.211.95.14] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.211.95.14/; sid:900624806; rev:1;) alert tcp $HOME_NET any -> [185.164.32.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.214/; sid:900624814; rev:1;) alert tcp $HOME_NET any -> [45.127.222.8] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.127.222.8/; sid:900624803; rev:1;) alert tcp $HOME_NET any -> [103.221.254.102] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.221.254.102/; sid:900624811; rev:1;) alert tcp $HOME_NET any -> [82.146.46.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.46.220/; sid:900624809; rev:1;) alert tcp $HOME_NET any -> [180.211.170.214] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.211.170.214/; sid:900624812; rev:1;) alert tcp $HOME_NET any -> [92.62.65.163] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.62.65.163/; sid:900624805; rev:1;) alert tcp $HOME_NET any -> [183.81.154.113] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.81.154.113/; sid:900624813; rev:1;) alert tcp $HOME_NET any -> [185.164.32.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.215/; sid:900624808; rev:1;) alert tcp $HOME_NET any -> [45.148.120.195] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.195/; sid:900624807; rev:1;) alert tcp $HOME_NET any -> [103.87.169.150] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.87.169.150/; sid:900624804; rev:1;) alert tcp $HOME_NET any -> [195.123.241.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.187/; sid:900624794; rev:1;) alert tcp $HOME_NET any -> [212.22.70.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.70.65/; sid:900624796; rev:1;) alert tcp $HOME_NET any -> [121.101.185.130] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.101.185.130/; sid:900624800; rev:1;) alert tcp $HOME_NET any -> [5.34.178.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.178.126/; sid:900624792; rev:1;) alert tcp $HOME_NET any -> [177.190.69.162] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.190.69.162/; sid:900624798; rev:1;) alert tcp $HOME_NET any -> [195.123.240.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.252/; sid:900624802; rev:1;) alert tcp $HOME_NET any -> [200.116.159.183] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.159.183/; sid:900624799; rev:1;) alert tcp $HOME_NET any -> [27.147.173.227] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.147.173.227/; sid:900624797; rev:1;) alert tcp $HOME_NET any -> [158.181.155.153] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.155.153/; sid:900624801; rev:1;) alert tcp $HOME_NET any -> [88.247.212.56] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.212.56/; sid:900624795; rev:1;) alert tcp $HOME_NET any -> [186.159.8.218] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.8.218/; sid:900624793; rev:1;) alert tcp $HOME_NET any -> [45.138.158.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.158.32/; sid:900624790; rev:1;) alert tcp $HOME_NET any -> [103.36.48.103] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.36.48.103/; sid:900624791; rev:1;) alert tcp $HOME_NET any -> [220.247.174.12] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.247.174.12/; sid:900624788; rev:1;) alert tcp $HOME_NET any -> [5.149.253.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.149.253.99/; sid:900624787; rev:1;) alert tcp $HOME_NET any -> [107.174.196.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.196.242/; sid:900624789; rev:1;) alert tcp $HOME_NET any -> [194.5.249.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.174/; sid:900624786; rev:1;) alert tcp $HOME_NET any -> [51.89.177.20] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.177.20/; sid:900624785; rev:1;) alert tcp $HOME_NET any -> [51.210.135.34] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.210.135.34/; sid:900624784; rev:1;) alert tcp $HOME_NET any -> [195.123.241.90] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.90/; sid:900624783; rev:1;) alert tcp $HOME_NET any -> [204.197.146.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.197.146.48/; sid:900624845; rev:1;) alert tcp $HOME_NET any -> [72.12.127.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.12.127.184/; sid:900624847; rev:1;) alert tcp $HOME_NET any -> [62.109.13.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.13.184/; sid:900624780; rev:1;) alert tcp $HOME_NET any -> [62.108.35.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.215/; sid:900624870; rev:1;) alert tcp $HOME_NET any -> [85.143.223.192] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.192/; sid:900624778; rev:1;) alert tcp $HOME_NET any -> [189.194.58.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.58.119/; sid:900624777; rev:1;) alert tcp $HOME_NET any -> [24.232.36.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.36.99/; sid:902722190; rev:1;) alert tcp $HOME_NET any -> [153.220.182.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.220.182.49/; sid:900624774; rev:1;) alert tcp $HOME_NET any -> [67.241.24.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.241.24.163/; sid:900624773; rev:1;) alert tcp $HOME_NET any -> [47.144.21.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.144.21.12/; sid:900624772; rev:1;) alert tcp $HOME_NET any -> [114.146.222.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.146.222.200/; sid:900624770; rev:1;) alert tcp $HOME_NET any -> [183.101.175.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.101.175.193/; sid:900624771; rev:1;) alert tcp $HOME_NET any -> [187.64.128.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.64.128.197/; sid:900624775; rev:1;) alert tcp $HOME_NET any -> [73.116.193.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.116.193.136/; sid:900624776; rev:1;) alert tcp $HOME_NET any -> [189.2.177.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.2.177.210/; sid:900624782; rev:1;) alert tcp $HOME_NET any -> [115.165.3.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.165.3.213/; sid:900624779; rev:1;) alert tcp $HOME_NET any -> [92.23.34.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.23.34.86/; sid:900624764; rev:1;) alert tcp $HOME_NET any -> [201.213.156.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.156.176/; sid:900624763; rev:1;) alert tcp $HOME_NET any -> [5.79.70.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.79.70.250/; sid:902692771; rev:1;) alert tcp $HOME_NET any -> [94.96.60.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.96.60.191/; sid:902692736; rev:1;) alert tcp $HOME_NET any -> [107.161.30.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.161.30.122/; sid:902692728; rev:1;) alert tcp $HOME_NET any -> [172.105.78.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.78.244/; sid:902692727; rev:1;) alert tcp $HOME_NET any -> [65.111.120.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.111.120.223/; sid:900624766; rev:1;) alert tcp $HOME_NET any -> [85.59.136.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.59.136.180/; sid:900624758; rev:1;) alert tcp $HOME_NET any -> [62.108.54.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.54.22/; sid:900624757; rev:1;) alert tcp $HOME_NET any -> [198.57.203.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.203.63/; sid:900624759; rev:1;) alert tcp $HOME_NET any -> [47.146.117.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.117.214/; sid:900624756; rev:1;) alert tcp $HOME_NET any -> [24.249.135.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.249.135.121/; sid:900624762; rev:1;) alert tcp $HOME_NET any -> [201.235.10.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.10.215/; sid:900624760; rev:1;) alert tcp $HOME_NET any -> [194.5.249.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.163/; sid:900624765; rev:1;) alert tcp $HOME_NET any -> [212.80.216.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.193/; sid:900624767; rev:1;) alert tcp $HOME_NET any -> [45.67.231.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.84/; sid:900624755; rev:1;) alert tcp $HOME_NET any -> [93.151.186.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.151.186.85/; sid:900624781; rev:1;) alert tcp $HOME_NET any -> [181.143.101.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.101.19/; sid:900624746; rev:1;) alert tcp $HOME_NET any -> [189.146.1.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.1.78/; sid:900624748; rev:1;) alert tcp $HOME_NET any -> [177.74.228.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.74.228.34/; sid:900624744; rev:1;) alert tcp $HOME_NET any -> [24.43.99.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.99.75/; sid:900624741; rev:1;) alert tcp $HOME_NET any -> [83.110.223.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.223.58/; sid:900624743; rev:1;) alert tcp $HOME_NET any -> [195.123.239.56] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.56/; sid:900624750; rev:1;) alert tcp $HOME_NET any -> [189.1.185.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.1.185.98/; sid:900624745; rev:1;) alert tcp $HOME_NET any -> [177.37.81.212] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.37.81.212/; sid:900624747; rev:1;) alert tcp $HOME_NET any -> [194.5.249.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.164/; sid:900624768; rev:1;) alert tcp $HOME_NET any -> [195.123.240.127] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.127/; sid:900624769; rev:1;) alert tcp $HOME_NET any -> [76.27.179.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.27.179.47/; sid:900624742; rev:1;) alert tcp $HOME_NET any -> [179.60.229.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.229.168/; sid:900624749; rev:1;) alert tcp $HOME_NET any -> [185.164.32.205] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.205/; sid:900624739; rev:1;) alert tcp $HOME_NET any -> [185.68.93.2] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.2/; sid:900624738; rev:1;) alert tcp $HOME_NET any -> [86.104.194.108] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.108/; sid:900624737; rev:1;) alert tcp $HOME_NET any -> [195.123.242.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.242.84/; sid:900624736; rev:1;) alert tcp $HOME_NET any -> [24.157.25.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.157.25.203/; sid:900624735; rev:1;) alert tcp $HOME_NET any -> [201.214.108.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.108.231/; sid:900624734; rev:1;) alert tcp $HOME_NET any -> [2.47.201.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.47.201.110/; sid:902661129; rev:1;) alert tcp $HOME_NET any -> [191.99.160.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.160.58/; sid:900624732; rev:1;) alert tcp $HOME_NET any -> [191.182.6.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.182.6.118/; sid:900624731; rev:1;) alert tcp $HOME_NET any -> [47.153.182.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.153.182.47/; sid:900624740; rev:1;) alert tcp $HOME_NET any -> [177.73.0.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.73.0.98/; sid:900624730; rev:1;) alert tcp $HOME_NET any -> [24.234.133.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.133.205/; sid:900624733; rev:1;) alert tcp $HOME_NET any -> [198.46.198.128] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.128/; sid:900624729; rev:1;) alert tcp $HOME_NET any -> [23.92.93.229] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.93.229/; sid:900624728; rev:1;) alert tcp $HOME_NET any -> [107.174.26.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.26.187/; sid:900624726; rev:1;) alert tcp $HOME_NET any -> [162.216.0.187] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.187/; sid:900624725; rev:1;) alert tcp $HOME_NET any -> [80.82.68.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.68.132/; sid:900624724; rev:1;) alert tcp $HOME_NET any -> [190.164.75.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.164.75.175/; sid:900624722; rev:1;) alert tcp $HOME_NET any -> [153.204.32.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.204.32.49/; sid:900624719; rev:1;) alert tcp $HOME_NET any -> [187.207.207.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.207.16/; sid:900624723; rev:1;) alert tcp $HOME_NET any -> [190.163.31.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.163.31.26/; sid:900624716; rev:1;) alert tcp $HOME_NET any -> [187.106.41.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.106.41.99/; sid:900624715; rev:1;) alert tcp $HOME_NET any -> [212.231.60.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.231.60.98/; sid:900624717; rev:1;) alert tcp $HOME_NET any -> [201.170.77.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.77.7/; sid:900624720; rev:1;) alert tcp $HOME_NET any -> [70.167.215.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.167.215.250/; sid:900624713; rev:1;) alert tcp $HOME_NET any -> [71.50.31.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.50.31.38/; sid:900624718; rev:1;) alert tcp $HOME_NET any -> [71.208.216.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.208.216.10/; sid:900624714; rev:1;) alert tcp $HOME_NET any -> [217.12.209.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.44/; sid:900624721; rev:1;) alert tcp $HOME_NET any -> [93.189.41.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.213/; sid:900624711; rev:1;) alert tcp $HOME_NET any -> [185.164.32.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.204/; sid:900624712; rev:1;) alert tcp $HOME_NET any -> [78.189.111.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.111.208/; sid:900624710; rev:1;) alert tcp $HOME_NET any -> [212.156.133.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.156.133.218/; sid:900624709; rev:1;) alert tcp $HOME_NET any -> [95.9.185.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.185.228/; sid:900624727; rev:1;) alert tcp $HOME_NET any -> [108.26.231.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.26.231.214/; sid:900624704; rev:1;) alert tcp $HOME_NET any -> [190.96.118.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.251/; sid:902588227; rev:1;) alert tcp $HOME_NET any -> [177.75.143.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.75.143.112/; sid:902588206; rev:1;) alert tcp $HOME_NET any -> [93.189.42.114] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.114/; sid:900624702; rev:1;) alert tcp $HOME_NET any -> [46.17.107.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.107.116/; sid:900624703; rev:1;) alert tcp $HOME_NET any -> [194.5.249.15] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.15/; sid:900624696; rev:1;) alert tcp $HOME_NET any -> [195.123.239.53] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.53/; sid:900624695; rev:1;) alert tcp $HOME_NET any -> [188.40.203.215] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.203.215/; sid:900624698; rev:1;) alert tcp $HOME_NET any -> [162.216.0.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.190/; sid:900624697; rev:1;) alert tcp $HOME_NET any -> [185.172.165.211] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.165.211/; sid:900624693; rev:1;) alert tcp $HOME_NET any -> [195.123.221.121] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.121/; sid:900624700; rev:1;) alert tcp $HOME_NET any -> [80.82.68.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.68.32/; sid:900624692; rev:1;) alert tcp $HOME_NET any -> [185.14.31.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.135/; sid:900624699; rev:1;) alert tcp $HOME_NET any -> [78.108.216.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.108.216.13/; sid:900624701; rev:1;) alert tcp $HOME_NET any -> [188.40.203.209] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.40.203.209/; sid:900624691; rev:1;) alert tcp $HOME_NET any -> [201.212.78.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.78.182/; sid:902572445; rev:1;) alert tcp $HOME_NET any -> [157.7.199.53] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.199.53/; sid:900624686; rev:1;) alert tcp $HOME_NET any -> [74.207.230.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.230.187/; sid:900624688; rev:1;) alert tcp $HOME_NET any -> [124.45.106.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.45.106.173/; sid:900624689; rev:1;) alert tcp $HOME_NET any -> [85.204.116.198] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.198/; sid:900624694; rev:1;) alert tcp $HOME_NET any -> [194.5.249.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.157/; sid:900624685; rev:1;) alert tcp $HOME_NET any -> [162.216.0.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.186/; sid:900624683; rev:1;) alert tcp $HOME_NET any -> [5.182.211.223] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.223/; sid:900624684; rev:1;) alert tcp $HOME_NET any -> [5.188.133.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.133.193/; sid:900624682; rev:1;) alert tcp $HOME_NET any -> [194.87.145.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.145.86/; sid:900624681; rev:1;) alert tcp $HOME_NET any -> [86.104.194.82] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.104.194.82/; sid:900624680; rev:1;) alert tcp $HOME_NET any -> [181.134.9.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.134.9.162/; sid:900624678; rev:1;) alert tcp $HOME_NET any -> [87.106.231.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.231.60/; sid:902530336; rev:1;) alert tcp $HOME_NET any -> [198.27.69.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.27.69.201/; sid:900624679; rev:1;) alert tcp $HOME_NET any -> [94.49.254.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.49.254.194/; sid:900624706; rev:1;) alert tcp $HOME_NET any -> [185.99.2.183] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.183/; sid:900624677; rev:1;) alert tcp $HOME_NET any -> [105.209.239.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.239.55/; sid:900624708; rev:1;) alert tcp $HOME_NET any -> [195.123.221.77] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.77/; sid:900624672; rev:1;) alert tcp $HOME_NET any -> [204.155.30.121] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.155.30.121/; sid:900624673; rev:1;) alert tcp $HOME_NET any -> [157.245.99.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.245.99.39/; sid:902522798; rev:1;) alert tcp $HOME_NET any -> [210.165.156.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.165.156.91/; sid:902522796; rev:1;) alert tcp $HOME_NET any -> [109.74.5.95] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.5.95/; sid:902522784; rev:1;) alert tcp $HOME_NET any -> [58.153.68.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.153.68.176/; sid:900624670; rev:1;) alert tcp $HOME_NET any -> [95.179.229.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.229.244/; sid:902522754; rev:1;) alert tcp $HOME_NET any -> [186.70.127.199] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.127.199/; sid:900624671; rev:1;) alert tcp $HOME_NET any -> [137.74.106.111] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.106.111/; sid:902522690; rev:1;) alert tcp $HOME_NET any -> [109.117.53.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.117.53.230/; sid:900624669; rev:1;) alert tcp $HOME_NET any -> [185.14.31.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.44/; sid:900624666; rev:1;) alert tcp $HOME_NET any -> [185.99.2.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.191/; sid:900624667; rev:1;) alert tcp $HOME_NET any -> [185.164.32.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.148/; sid:900624665; rev:1;) alert tcp $HOME_NET any -> [85.204.116.144] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.144/; sid:900624664; rev:1;) alert tcp $HOME_NET any -> [45.155.173.211] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.211/; sid:900624663; rev:1;) alert tcp $HOME_NET any -> [195.123.221.37] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.37/; sid:900624662; rev:1;) alert tcp $HOME_NET any -> [82.146.46.209] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.46.209/; sid:900624674; rev:1;) alert tcp $HOME_NET any -> [176.119.159.213] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.159.213/; sid:900624675; rev:1;) alert tcp $HOME_NET any -> [195.123.221.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.122/; sid:900624676; rev:1;) alert tcp $HOME_NET any -> [194.156.99.124] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.156.99.124/; sid:900624656; rev:1;) alert tcp $HOME_NET any -> [162.216.0.181] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.181/; sid:900624655; rev:1;) alert tcp $HOME_NET any -> [92.63.105.67] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.105.67/; sid:900624654; rev:1;) alert tcp $HOME_NET any -> [181.164.110.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.110.7/; sid:900624659; rev:1;) alert tcp $HOME_NET any -> [181.230.65.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.65.232/; sid:902473629; rev:1;) alert tcp $HOME_NET any -> [110.143.151.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.151.194/; sid:902467386; rev:1;) alert tcp $HOME_NET any -> [186.250.52.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.52.226/; sid:900624646; rev:1;) alert tcp $HOME_NET any -> [181.120.79.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.79.227/; sid:900624647; rev:1;) alert tcp $HOME_NET any -> [66.70.218.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.37/; sid:900624649; rev:1;) alert tcp $HOME_NET any -> [200.82.170.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.170.33/; sid:902452290; rev:1;) alert tcp $HOME_NET any -> [194.5.249.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.249.109/; sid:900624639; rev:1;) alert tcp $HOME_NET any -> [188.120.255.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.255.249/; sid:900624640; rev:1;) alert tcp $HOME_NET any -> [185.142.99.149] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.149/; sid:900624642; rev:1;) alert tcp $HOME_NET any -> [217.12.209.151] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.151/; sid:900624641; rev:1;) alert tcp $HOME_NET any -> [104.161.32.109] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.161.32.109/; sid:900624643; rev:1;) alert tcp $HOME_NET any -> [188.120.255.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.255.141/; sid:900624638; rev:1;) alert tcp $HOME_NET any -> [190.194.242.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.242.254/; sid:900624636; rev:1;) alert tcp $HOME_NET any -> [189.218.165.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.165.63/; sid:900624637; rev:1;) alert tcp $HOME_NET any -> [81.2.235.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.2.235.111/; sid:902448618; rev:1;) alert tcp $HOME_NET any -> [91.211.88.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.211.88.52/; sid:902448615; rev:1;) alert tcp $HOME_NET any -> [79.98.24.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.98.24.39/; sid:902448613; rev:1;) alert tcp $HOME_NET any -> [222.214.218.37] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.37/; sid:902448603; rev:1;) alert tcp $HOME_NET any -> [139.59.60.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.60.244/; sid:902448594; rev:1;) alert tcp $HOME_NET any -> [93.156.165.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.156.165.186/; sid:900624634; rev:1;) alert tcp $HOME_NET any -> [14.99.112.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.99.112.138/; sid:900624633; rev:1;) alert tcp $HOME_NET any -> [51.38.201.19] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.201.19/; sid:902446082; rev:1;) alert tcp $HOME_NET any -> [88.235.222.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.235.222.255/; sid:902446081; rev:1;) alert tcp $HOME_NET any -> [162.216.0.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.175/; sid:900624657; rev:1;) alert tcp $HOME_NET any -> [195.123.240.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.210/; sid:900624658; rev:1;) alert tcp $HOME_NET any -> [190.55.233.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.233.156/; sid:900624631; rev:1;) alert tcp $HOME_NET any -> [178.153.214.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.214.228/; sid:902444801; rev:1;) alert tcp $HOME_NET any -> [162.216.0.182] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.216.0.182/; sid:900624644; rev:1;) alert tcp $HOME_NET any -> [116.203.32.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.32.252/; sid:902444405; rev:1;) alert tcp $HOME_NET any -> [108.48.41.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.48.41.69/; sid:900624628; rev:1;) alert tcp $HOME_NET any -> [203.153.216.189] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.189/; sid:902444377; rev:1;) alert tcp $HOME_NET any -> [200.55.243.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.243.138/; sid:900624630; rev:1;) alert tcp $HOME_NET any -> [212.51.142.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.51.142.238/; sid:900624629; rev:1;) alert tcp $HOME_NET any -> [64.88.202.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.88.202.250/; sid:902444364; rev:1;) alert tcp $HOME_NET any -> [134.119.191.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.50/; sid:900624651; rev:1;) alert tcp $HOME_NET any -> [85.204.116.143] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.143/; sid:900624645; rev:1;) alert tcp $HOME_NET any -> [219.92.13.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.92.13.25/; sid:900624632; rev:1;) alert tcp $HOME_NET any -> [134.119.191.25] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.25/; sid:900624626; rev:1;) alert tcp $HOME_NET any -> [79.137.101.4] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.101.4/; sid:900624625; rev:1;) alert tcp $HOME_NET any -> [185.14.31.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.52/; sid:900624622; rev:1;) alert tcp $HOME_NET any -> [45.93.5.70] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.93.5.70/; sid:900624618; rev:1;) alert tcp $HOME_NET any -> [94.250.254.174] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.174/; sid:900624621; rev:1;) alert tcp $HOME_NET any -> [62.108.35.4] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.4/; sid:900624624; rev:1;) alert tcp $HOME_NET any -> [91.200.102.23] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.102.23/; sid:900624620; rev:1;) alert tcp $HOME_NET any -> [66.70.218.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.40/; sid:900624619; rev:1;) alert tcp $HOME_NET any -> [91.235.129.165] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.165/; sid:900624623; rev:1;) alert tcp $HOME_NET any -> [51.89.204.243] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.204.243/; sid:900624616; rev:1;) alert tcp $HOME_NET any -> [185.99.2.78] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.78/; sid:900624615; rev:1;) alert tcp $HOME_NET any -> [89.32.41.185] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.185/; sid:900624613; rev:1;) alert tcp $HOME_NET any -> [94.250.254.155] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.155/; sid:900624612; rev:1;) alert tcp $HOME_NET any -> [185.234.72.76] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.76/; sid:900624611; rev:1;) alert tcp $HOME_NET any -> [194.5.250.243] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.243/; sid:900624614; rev:1;) alert tcp $HOME_NET any -> [46.49.124.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.49.124.53/; sid:902442086; rev:1;) alert tcp $HOME_NET any -> [194.5.250.251] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.251/; sid:900624617; rev:1;) alert tcp $HOME_NET any -> [190.111.215.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.4/; sid:900624690; rev:1;) alert tcp $HOME_NET any -> [185.180.198.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.69/; sid:900624609; rev:1;) alert tcp $HOME_NET any -> [173.91.22.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.91.22.41/; sid:900624606; rev:1;) alert tcp $HOME_NET any -> [185.81.98.88] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.81.98.88/; sid:900624650; rev:1;) alert tcp $HOME_NET any -> [107.174.26.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.26.186/; sid:900624653; rev:1;) alert tcp $HOME_NET any -> [45.155.173.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.223/; sid:900624608; rev:1;) alert tcp $HOME_NET any -> [45.148.120.164] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.164/; sid:900624607; rev:1;) alert tcp $HOME_NET any -> [37.210.166.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.166.214/; sid:902428828; rev:1;) alert tcp $HOME_NET any -> [188.227.58.32] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.227.58.32/; sid:900624652; rev:1;) alert tcp $HOME_NET any -> [85.204.116.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.149/; sid:900624602; rev:1;) alert tcp $HOME_NET any -> [62.108.35.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.221/; sid:900624601; rev:1;) alert tcp $HOME_NET any -> [45.155.173.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.166/; sid:900624604; rev:1;) alert tcp $HOME_NET any -> [185.234.72.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.230/; sid:900624600; rev:1;) alert tcp $HOME_NET any -> [172.245.185.184] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.185.184/; sid:900624597; rev:1;) alert tcp $HOME_NET any -> [185.234.72.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.231/; sid:900624599; rev:1;) alert tcp $HOME_NET any -> [107.172.141.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.141.128/; sid:900624598; rev:1;) alert tcp $HOME_NET any -> [51.77.112.240] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.112.240/; sid:900624596; rev:1;) alert tcp $HOME_NET any -> [85.204.116.155] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.155/; sid:900624595; rev:1;) alert tcp $HOME_NET any -> [85.143.219.23] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.23/; sid:900624594; rev:1;) alert tcp $HOME_NET any -> [62.108.35.225] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.225/; sid:900624593; rev:1;) alert tcp $HOME_NET any -> [148.251.185.180] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.180/; sid:900624592; rev:1;) alert tcp $HOME_NET any -> [195.133.197.46] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.197.46/; sid:900624591; rev:1;) alert tcp $HOME_NET any -> [45.155.173.224] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.224/; sid:900624590; rev:1;) alert tcp $HOME_NET any -> [164.68.120.62] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.62/; sid:900624589; rev:1;) alert tcp $HOME_NET any -> [79.143.178.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.178.194/; sid:902426017; rev:1;) alert tcp $HOME_NET any -> [92.38.163.8] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.163.8/; sid:900624588; rev:1;) alert tcp $HOME_NET any -> [194.5.250.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.184/; sid:900624586; rev:1;) alert tcp $HOME_NET any -> [185.65.202.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.58/; sid:900624587; rev:1;) alert tcp $HOME_NET any -> [62.108.35.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.175/; sid:900624585; rev:1;) alert tcp $HOME_NET any -> [207.255.37.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.37.143/; sid:902425556; rev:1;) alert tcp $HOME_NET any -> [41.215.92.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.92.157/; sid:900624582; rev:1;) alert tcp $HOME_NET any -> [24.1.189.87] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.1.189.87/; sid:900624584; rev:1;) alert tcp $HOME_NET any -> [121.124.124.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.124.124.40/; sid:902425528; rev:1;) alert tcp $HOME_NET any -> [46.105.131.79] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.79/; sid:902425514; rev:1;) alert tcp $HOME_NET any -> [153.126.210.205] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.126.210.205/; sid:902425491; rev:1;) alert tcp $HOME_NET any -> [164.68.120.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.59/; sid:900624576; rev:1;) alert tcp $HOME_NET any -> [185.164.33.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.33.125/; sid:900624578; rev:1;) alert tcp $HOME_NET any -> [194.5.250.183] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.183/; sid:900624577; rev:1;) alert tcp $HOME_NET any -> [192.3.247.18] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.18/; sid:900624575; rev:1;) alert tcp $HOME_NET any -> [45.155.173.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.155.173.167/; sid:900624572; rev:1;) alert tcp $HOME_NET any -> [92.38.163.171] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.163.171/; sid:900624573; rev:1;) alert tcp $HOME_NET any -> [144.91.76.213] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.76.213/; sid:900624570; rev:1;) alert tcp $HOME_NET any -> [134.119.191.55] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.55/; sid:900624571; rev:1;) alert tcp $HOME_NET any -> [185.164.33.115] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.33.115/; sid:900624568; rev:1;) alert tcp $HOME_NET any -> [134.119.191.22] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.22/; sid:900624566; rev:1;) alert tcp $HOME_NET any -> [85.204.116.121] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.121/; sid:900624567; rev:1;) alert tcp $HOME_NET any -> [195.123.221.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.93/; sid:900624569; rev:1;) alert tcp $HOME_NET any -> [85.143.222.208] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.222.208/; sid:900624565; rev:1;) alert tcp $HOME_NET any -> [85.204.116.53] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.53/; sid:900624564; rev:1;) alert tcp $HOME_NET any -> [186.223.86.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.223.86.132/; sid:902423421; rev:1;) alert tcp $HOME_NET any -> [107.175.197.154] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.197.154/; sid:900624562; rev:1;) alert tcp $HOME_NET any -> [75.139.38.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.38.211/; sid:900624583; rev:1;) alert tcp $HOME_NET any -> [153.133.224.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.133.224.78/; sid:900624579; rev:1;) alert tcp $HOME_NET any -> [162.248.225.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.57/; sid:900624561; rev:1;) alert tcp $HOME_NET any -> [82.118.22.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.22.57/; sid:900624560; rev:1;) alert tcp $HOME_NET any -> [185.120.56.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.120.56.37/; sid:900624558; rev:1;) alert tcp $HOME_NET any -> [95.181.198.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.137/; sid:900624557; rev:1;) alert tcp $HOME_NET any -> [193.9.60.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.9.60.148/; sid:900624559; rev:1;) alert tcp $HOME_NET any -> [45.230.176.143] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.176.143/; sid:900624556; rev:1;) alert tcp $HOME_NET any -> [45.67.228.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.186/; sid:900624555; rev:1;) alert tcp $HOME_NET any -> [185.206.212.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.212.44/; sid:900624553; rev:1;) alert tcp $HOME_NET any -> [85.10.234.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.10.234.175/; sid:900624554; rev:1;) alert tcp $HOME_NET any -> [46.173.218.51] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.173.218.51/; sid:900624552; rev:1;) alert tcp $HOME_NET any -> [193.37.212.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.124/; sid:900624550; rev:1;) alert tcp $HOME_NET any -> [93.189.44.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.203/; sid:900624551; rev:1;) alert tcp $HOME_NET any -> [185.255.79.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.108/; sid:900624548; rev:1;) alert tcp $HOME_NET any -> [195.123.240.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.36/; sid:900624549; rev:1;) alert tcp $HOME_NET any -> [212.80.217.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.89/; sid:900624546; rev:1;) alert tcp $HOME_NET any -> [195.161.114.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.99/; sid:900624545; rev:1;) alert tcp $HOME_NET any -> [46.173.219.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.173.219.184/; sid:900624547; rev:1;) alert tcp $HOME_NET any -> [131.255.82.24] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.255.82.24/; sid:900624544; rev:1;) alert tcp $HOME_NET any -> [195.123.239.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.126/; sid:900624541; rev:1;) alert tcp $HOME_NET any -> [185.142.99.223] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.223/; sid:900624542; rev:1;) alert tcp $HOME_NET any -> [192.3.247.124] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.124/; sid:900624543; rev:1;) alert tcp $HOME_NET any -> [185.198.57.113] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.113/; sid:900624540; rev:1;) alert tcp $HOME_NET any -> [185.244.39.190] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.39.190/; sid:900624539; rev:1;) alert tcp $HOME_NET any -> [190.163.1.31] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.163.1.31/; sid:900624537; rev:1;) alert tcp $HOME_NET any -> [190.19.169.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.169.69/; sid:900624535; rev:1;) alert tcp $HOME_NET any -> [190.144.18.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.18.198/; sid:900624603; rev:1;) alert tcp $HOME_NET any -> [185.86.148.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.148.68/; sid:900624888; rev:1;) alert tcp $HOME_NET any -> [78.88.188.42] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.88.188.42/; sid:900624533; rev:1;) alert tcp $HOME_NET any -> [109.234.34.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.34.135/; sid:900624532; rev:1;) alert tcp $HOME_NET any -> [192.210.226.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.226.12/; sid:900624530; rev:1;) alert tcp $HOME_NET any -> [98.103.204.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.103.204.12/; sid:900625510; rev:1;) alert tcp $HOME_NET any -> [185.164.33.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.33.116/; sid:900624538; rev:1;) alert tcp $HOME_NET any -> [85.204.116.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.188/; sid:900624648; rev:1;) alert tcp $HOME_NET any -> [134.119.191.45] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.45/; sid:900624531; rev:1;) alert tcp $HOME_NET any -> [134.119.191.46] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.46/; sid:900624534; rev:1;) alert tcp $HOME_NET any -> [185.234.52.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.52.125/; sid:900624524; rev:1;) alert tcp $HOME_NET any -> [192.3.247.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.122/; sid:900624525; rev:1;) alert tcp $HOME_NET any -> [45.148.120.145] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.145/; sid:900624523; rev:1;) alert tcp $HOME_NET any -> [181.92.244.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.92.244.156/; sid:900624527; rev:1;) alert tcp $HOME_NET any -> [186.226.226.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.226.226.116/; sid:900624520; rev:1;) alert tcp $HOME_NET any -> [185.14.28.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.28.122/; sid:900624518; rev:1;) alert tcp $HOME_NET any -> [181.57.193.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.13/; sid:902410261; rev:1;) alert tcp $HOME_NET any -> [162.244.32.199] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.199/; sid:900624528; rev:1;) alert tcp $HOME_NET any -> [23.92.93.227] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.93.227/; sid:900624519; rev:1;) alert tcp $HOME_NET any -> [23.95.8.123] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.8.123/; sid:900624516; rev:1;) alert tcp $HOME_NET any -> [185.14.31.34] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.34/; sid:900624515; rev:1;) alert tcp $HOME_NET any -> [91.200.103.232] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.103.232/; sid:900624514; rev:1;) alert tcp $HOME_NET any -> [185.99.2.137] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.137/; sid:900624513; rev:1;) alert tcp $HOME_NET any -> [36.89.182.225] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.182.225/; sid:900624512; rev:1;) alert tcp $HOME_NET any -> [51.81.112.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.81.112.144/; sid:900624511; rev:1;) alert tcp $HOME_NET any -> [85.204.116.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.216/; sid:900624510; rev:1;) alert tcp $HOME_NET any -> [107.175.72.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.72.141/; sid:900624509; rev:1;) alert tcp $HOME_NET any -> [192.3.247.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.123/; sid:900624508; rev:1;) alert tcp $HOME_NET any -> [80.210.32.67] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.210.32.67/; sid:900624507; rev:1;) alert tcp $HOME_NET any -> [110.50.84.5] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.50.84.5/; sid:900624504; rev:1;) alert tcp $HOME_NET any -> [85.204.116.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.100/; sid:900624506; rev:1;) alert tcp $HOME_NET any -> [200.107.35.154] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.107.35.154/; sid:900624505; rev:1;) alert tcp $HOME_NET any -> [134.119.191.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.11/; sid:900624502; rev:1;) alert tcp $HOME_NET any -> [36.89.243.241] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.243.241/; sid:900624501; rev:1;) alert tcp $HOME_NET any -> [185.14.31.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.104/; sid:900624503; rev:1;) alert tcp $HOME_NET any -> [36.66.218.117] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.66.218.117/; sid:900624500; rev:1;) alert tcp $HOME_NET any -> [185.99.2.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.65/; sid:900624499; rev:1;) alert tcp $HOME_NET any -> [134.119.191.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.21/; sid:900624498; rev:1;) alert tcp $HOME_NET any -> [185.99.2.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.66/; sid:900624497; rev:1;) alert tcp $HOME_NET any -> [91.235.129.20] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.20/; sid:900624496; rev:1;) alert tcp $HOME_NET any -> [36.92.19.205] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.92.19.205/; sid:900624495; rev:1;) alert tcp $HOME_NET any -> [182.253.113.67] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.253.113.67/; sid:900624494; rev:1;) alert tcp $HOME_NET any -> [103.111.83.246] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.111.83.246/; sid:900624493; rev:1;) alert tcp $HOME_NET any -> [78.108.216.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.108.216.47/; sid:900624492; rev:1;) alert tcp $HOME_NET any -> [79.45.112.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.45.112.220/; sid:900624581; rev:1;) alert tcp $HOME_NET any -> [213.60.96.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.60.96.117/; sid:900624491; rev:1;) alert tcp $HOME_NET any -> [162.154.38.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.154.38.103/; sid:900624580; rev:1;) alert tcp $HOME_NET any -> [62.108.34.34] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.34.34/; sid:900624488; rev:1;) alert tcp $HOME_NET any -> [213.178.155.78] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.178.155.78/; sid:900624489; rev:1;) alert tcp $HOME_NET any -> [92.242.40.177] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.40.177/; sid:900624487; rev:1;) alert tcp $HOME_NET any -> [185.99.2.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.57/; sid:900624486; rev:1;) alert tcp $HOME_NET any -> [195.123.238.17] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.17/; sid:900624485; rev:1;) alert tcp $HOME_NET any -> [185.234.72.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.242/; sid:900624484; rev:1;) alert tcp $HOME_NET any -> [178.157.82.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.227/; sid:900624483; rev:1;) alert tcp $HOME_NET any -> [194.5.250.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.180/; sid:900624482; rev:1;) alert tcp $HOME_NET any -> [85.204.116.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.241/; sid:900624478; rev:1;) alert tcp $HOME_NET any -> [5.1.81.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.81.68/; sid:900624481; rev:1;) alert tcp $HOME_NET any -> [194.87.93.114] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.93.114/; sid:900624475; rev:1;) alert tcp $HOME_NET any -> [23.239.84.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.84.138/; sid:900624472; rev:1;) alert tcp $HOME_NET any -> [62.108.35.43] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.43/; sid:900624471; rev:1;) alert tcp $HOME_NET any -> [95.216.118.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.118.202/; sid:900624468; rev:1;) alert tcp $HOME_NET any -> [193.26.217.172] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.172/; sid:900624469; rev:1;) alert tcp $HOME_NET any -> [134.119.191.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.119.191.38/; sid:900624470; rev:1;) alert tcp $HOME_NET any -> [5.1.81.103] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.81.103/; sid:900624466; rev:1;) alert tcp $HOME_NET any -> [45.148.120.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.205/; sid:900624474; rev:1;) alert tcp $HOME_NET any -> [95.171.16.42] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.171.16.42/; sid:900624477; rev:1;) alert tcp $HOME_NET any -> [51.81.112.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.81.112.191/; sid:900624476; rev:1;) alert tcp $HOME_NET any -> [192.3.247.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.116/; sid:900624490; rev:1;) alert tcp $HOME_NET any -> [85.204.116.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.238/; sid:900624473; rev:1;) alert tcp $HOME_NET any -> [45.11.27.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.11.27.72/; sid:900624465; rev:1;) alert tcp $HOME_NET any -> [200.116.248.154] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.248.154/; sid:900624464; rev:1;) alert tcp $HOME_NET any -> [85.204.116.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.207/; sid:900624463; rev:1;) alert tcp $HOME_NET any -> [200.116.248.170] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.248.170/; sid:900624462; rev:1;) alert tcp $HOME_NET any -> [185.183.97.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.53/; sid:900624461; rev:1;) alert tcp $HOME_NET any -> [195.123.243.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.243.60/; sid:900624460; rev:1;) alert tcp $HOME_NET any -> [185.164.32.165] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.165/; sid:900624479; rev:1;) alert tcp $HOME_NET any -> [185.90.61.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.9/; sid:900624480; rev:1;) alert tcp $HOME_NET any -> [103.83.81.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.83.81.141/; sid:900624459; rev:1;) alert tcp $HOME_NET any -> [194.5.250.211] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.211/; sid:900624458; rev:1;) alert tcp $HOME_NET any -> [84.21.179.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.21.179.51/; sid:900624467; rev:1;) alert tcp $HOME_NET any -> [185.164.32.164] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.164/; sid:900624454; rev:1;) alert tcp $HOME_NET any -> [62.108.35.45] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.108.35.45/; sid:900624453; rev:1;) alert tcp $HOME_NET any -> [195.76.232.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.76.232.114/; sid:900624452; rev:1;) alert tcp $HOME_NET any -> [186.188.222.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.222.3/; sid:900624447; rev:1;) alert tcp $HOME_NET any -> [85.94.170.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.94.170.73/; sid:900624448; rev:1;) alert tcp $HOME_NET any -> [194.5.250.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.214/; sid:900624446; rev:1;) alert tcp $HOME_NET any -> [79.137.100.4] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.100.4/; sid:900624445; rev:1;) alert tcp $HOME_NET any -> [185.205.209.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.205.209.101/; sid:900624444; rev:1;) alert tcp $HOME_NET any -> [185.105.1.225] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.105.1.225/; sid:900624442; rev:1;) alert tcp $HOME_NET any -> [185.164.32.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.167/; sid:900624443; rev:1;) alert tcp $HOME_NET any -> [144.91.64.194] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.64.194/; sid:900624441; rev:1;) alert tcp $HOME_NET any -> [85.204.116.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.182/; sid:900624440; rev:1;) alert tcp $HOME_NET any -> [51.89.177.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.177.14/; sid:900624438; rev:1;) alert tcp $HOME_NET any -> [85.204.116.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.18/; sid:900624439; rev:1;) alert tcp $HOME_NET any -> [158.69.133.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.68/; sid:900624437; rev:1;) alert tcp $HOME_NET any -> [45.148.120.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.176/; sid:900624436; rev:1;) alert tcp $HOME_NET any -> [144.91.76.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.76.208/; sid:900624435; rev:1;) alert tcp $HOME_NET any -> [5.101.50.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.50.173/; sid:900624434; rev:1;) alert tcp $HOME_NET any -> [193.38.54.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.38.54.106/; sid:900624433; rev:1;) alert tcp $HOME_NET any -> [5.9.178.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.74/; sid:900624432; rev:1;) alert tcp $HOME_NET any -> [196.179.249.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.179.249.218/; sid:900624431; rev:1;) alert tcp $HOME_NET any -> [91.200.103.192] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.103.192/; sid:900624455; rev:1;) alert tcp $HOME_NET any -> [162.244.32.156] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.156/; sid:900624449; rev:1;) alert tcp $HOME_NET any -> [45.137.151.195] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.151.195/; sid:900624456; rev:1;) alert tcp $HOME_NET any -> [85.94.81.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.94.81.18/; sid:900624428; rev:1;) alert tcp $HOME_NET any -> [132.255.227.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.255.227.134/; sid:900624426; rev:1;) alert tcp $HOME_NET any -> [78.12.27.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.12.27.172/; sid:900624427; rev:1;) alert tcp $HOME_NET any -> [185.99.2.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.133/; sid:900624430; rev:1;) alert tcp $HOME_NET any -> [93.189.43.61] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.43.61/; sid:900624424; rev:1;) alert tcp $HOME_NET any -> [193.80.169.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.80.169.64/; sid:900624422; rev:1;) alert tcp $HOME_NET any -> [185.99.2.127] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.127/; sid:900624457; rev:1;) alert tcp $HOME_NET any -> [93.189.41.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.252/; sid:900624429; rev:1;) alert tcp $HOME_NET any -> [5.1.74.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.74.116/; sid:900624425; rev:1;) alert tcp $HOME_NET any -> [104.168.125.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.125.105/; sid:900624420; rev:1;) alert tcp $HOME_NET any -> [5.1.81.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.81.127/; sid:900624419; rev:1;) alert tcp $HOME_NET any -> [185.14.30.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.52/; sid:900624451; rev:1;) alert tcp $HOME_NET any -> [194.36.189.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.141/; sid:900624418; rev:1;) alert tcp $HOME_NET any -> [194.5.250.96] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.96/; sid:900624417; rev:1;) alert tcp $HOME_NET any -> [5.182.211.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.215/; sid:900624416; rev:1;) alert tcp $HOME_NET any -> [107.155.137.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.3/; sid:900624415; rev:1;) alert tcp $HOME_NET any -> [185.164.32.114] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.114/; sid:900624414; rev:1;) alert tcp $HOME_NET any -> [82.146.40.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.40.192/; sid:900624413; rev:1;) alert tcp $HOME_NET any -> [217.12.209.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.60/; sid:900624412; rev:1;) alert tcp $HOME_NET any -> [158.69.133.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.69/; sid:900624411; rev:1;) alert tcp $HOME_NET any -> [85.204.116.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.16/; sid:900624410; rev:1;) alert tcp $HOME_NET any -> [94.250.249.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.249.38/; sid:900624409; rev:1;) alert tcp $HOME_NET any -> [85.204.116.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.14/; sid:900624406; rev:1;) alert tcp $HOME_NET any -> [31.131.20.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.20.244/; sid:900624407; rev:1;) alert tcp $HOME_NET any -> [185.99.2.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.238/; sid:900624405; rev:1;) alert tcp $HOME_NET any -> [185.14.30.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.22/; sid:900624404; rev:1;) alert tcp $HOME_NET any -> [172.245.159.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.159.191/; sid:900624408; rev:1;) alert tcp $HOME_NET any -> [185.17.122.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.17.122.167/; sid:900624403; rev:1;) alert tcp $HOME_NET any -> [194.87.236.66] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.236.66/; sid:900624400; rev:1;) alert tcp $HOME_NET any -> [185.90.61.140] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.140/; sid:900624401; rev:1;) alert tcp $HOME_NET any -> [93.189.41.96] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.96/; sid:900624399; rev:1;) alert tcp $HOME_NET any -> [185.14.30.6] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.6/; sid:900624450; rev:1;) alert tcp $HOME_NET any -> [185.14.31.87] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.87/; sid:900624396; rev:1;) alert tcp $HOME_NET any -> [107.175.87.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.87.128/; sid:900624397; rev:1;) alert tcp $HOME_NET any -> [85.204.116.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.58/; sid:900624398; rev:1;) alert tcp $HOME_NET any -> [195.54.32.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.32.40/; sid:900624395; rev:1;) alert tcp $HOME_NET any -> [114.145.241.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.145.241.208/; sid:900624421; rev:1;) alert tcp $HOME_NET any -> [68.44.137.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.44.137.144/; sid:900624423; rev:1;) alert tcp $HOME_NET any -> [185.164.32.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.115/; sid:900624394; rev:1;) alert tcp $HOME_NET any -> [185.14.31.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.97/; sid:900624393; rev:1;) alert tcp $HOME_NET any -> [45.67.231.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.62/; sid:900624392; rev:1;) alert tcp $HOME_NET any -> [107.155.137.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.28/; sid:900624391; rev:1;) alert tcp $HOME_NET any -> [194.5.250.80] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.80/; sid:900624390; rev:1;) alert tcp $HOME_NET any -> [107.155.137.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.25/; sid:900624386; rev:1;) alert tcp $HOME_NET any -> [45.83.192.152] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.192.152/; sid:900624385; rev:1;) alert tcp $HOME_NET any -> [5.188.168.87] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.87/; sid:900624384; rev:1;) alert tcp $HOME_NET any -> [85.204.116.57] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.57/; sid:900624382; rev:1;) alert tcp $HOME_NET any -> [107.155.137.23] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.23/; sid:900624383; rev:1;) alert tcp $HOME_NET any -> [5.196.247.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.247.14/; sid:900624381; rev:1;) alert tcp $HOME_NET any -> [51.89.115.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.121/; sid:900624380; rev:1;) alert tcp $HOME_NET any -> [178.156.202.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.251/; sid:900624379; rev:1;) alert tcp $HOME_NET any -> [194.5.250.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.69/; sid:900624378; rev:1;) alert tcp $HOME_NET any -> [185.14.30.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.45/; sid:900624377; rev:1;) alert tcp $HOME_NET any -> [217.12.209.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.244/; sid:900624376; rev:1;) alert tcp $HOME_NET any -> [194.5.250.78] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.78/; sid:900624387; rev:1;) alert tcp $HOME_NET any -> [79.137.101.18] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.101.18/; sid:900624389; rev:1;) alert tcp $HOME_NET any -> [45.137.152.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.152.40/; sid:900624388; rev:1;) alert tcp $HOME_NET any -> [45.153.185.187] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.153.185.187/; sid:900624358; rev:1;) alert tcp $HOME_NET any -> [31.131.26.31] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.26.31/; sid:900624359; rev:1;) alert tcp $HOME_NET any -> [185.99.2.152] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.152/; sid:900624360; rev:1;) alert tcp $HOME_NET any -> [85.204.116.195] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.195/; sid:900624361; rev:1;) alert tcp $HOME_NET any -> [185.141.61.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.61.101/; sid:900624362; rev:1;) alert tcp $HOME_NET any -> [217.12.209.170] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.170/; sid:900624357; rev:1;) alert tcp $HOME_NET any -> [200.75.35.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.75.35.246/; sid:902331419; rev:1;) alert tcp $HOME_NET any -> [194.5.250.46] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.46/; sid:900624355; rev:1;) alert tcp $HOME_NET any -> [194.5.250.47] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.47/; sid:900624363; rev:1;) alert tcp $HOME_NET any -> [176.119.159.147] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.159.147/; sid:900624366; rev:1;) alert tcp $HOME_NET any -> [91.200.100.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.100.84/; sid:900624364; rev:1;) alert tcp $HOME_NET any -> [93.189.42.81] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.81/; sid:900624367; rev:1;) alert tcp $HOME_NET any -> [188.119.113.114] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.119.113.114/; sid:900624365; rev:1;) alert tcp $HOME_NET any -> [185.99.2.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.142/; sid:900624370; rev:1;) alert tcp $HOME_NET any -> [79.137.101.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.101.2/; sid:900624368; rev:1;) alert tcp $HOME_NET any -> [5.1.74.124] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.74.124/; sid:900624369; rev:1;) alert tcp $HOME_NET any -> [36.91.45.10] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.91.45.10/; sid:900624353; rev:1;) alert tcp $HOME_NET any -> [122.50.6.122] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.50.6.122/; sid:900624352; rev:1;) alert tcp $HOME_NET any -> [110.93.15.98] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.15.98/; sid:900624351; rev:1;) alert tcp $HOME_NET any -> [190.136.178.52] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.178.52/; sid:900624349; rev:1;) alert tcp $HOME_NET any -> [45.6.16.68] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.6.16.68/; sid:900624350; rev:1;) alert tcp $HOME_NET any -> [200.171.101.169] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.171.101.169/; sid:900624348; rev:1;) alert tcp $HOME_NET any -> [110.232.76.39] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.232.76.39/; sid:900624347; rev:1;) alert tcp $HOME_NET any -> [103.5.231.188] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.5.231.188/; sid:900624346; rev:1;) alert tcp $HOME_NET any -> [96.9.77.56] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.77.56/; sid:900624345; rev:1;) alert tcp $HOME_NET any -> [170.81.48.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.81.48.2/; sid:900624342; rev:1;) alert tcp $HOME_NET any -> [85.204.116.191] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.191/; sid:900624343; rev:1;) alert tcp $HOME_NET any -> [185.99.2.68] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.68/; sid:900624344; rev:1;) alert tcp $HOME_NET any -> [46.30.175.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.175.11/; sid:900624340; rev:1;) alert tcp $HOME_NET any -> [152.231.123.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.123.2/; sid:902324915; rev:1;) alert tcp $HOME_NET any -> [70.48.238.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.48.238.90/; sid:900624341; rev:1;) alert tcp $HOME_NET any -> [194.5.250.118] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.118/; sid:900624339; rev:1;) alert tcp $HOME_NET any -> [91.200.102.6] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.102.6/; sid:900624337; rev:1;) alert tcp $HOME_NET any -> [217.12.209.148] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.148/; sid:900624338; rev:1;) alert tcp $HOME_NET any -> [134.255.221.55] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.255.221.55/; sid:900624336; rev:1;) alert tcp $HOME_NET any -> [60.53.197.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.53.197.6/; sid:902300347; rev:1;) alert tcp $HOME_NET any -> [137.59.187.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.59.187.107/; sid:902300244; rev:1;) alert tcp $HOME_NET any -> [67.235.68.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.235.68.222/; sid:902300232; rev:1;) alert tcp $HOME_NET any -> [93.147.137.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.137.162/; sid:900624354; rev:1;) alert tcp $HOME_NET any -> [190.161.45.112] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.45.112/; sid:900624335; rev:1;) alert tcp $HOME_NET any -> [85.204.116.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.193/; sid:900624334; rev:1;) alert tcp $HOME_NET any -> [217.12.209.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.176/; sid:900624333; rev:1;) alert tcp $HOME_NET any -> [92.223.79.48] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.223.79.48/; sid:900624330; rev:1;) alert tcp $HOME_NET any -> [107.155.137.19] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.19/; sid:900624332; rev:1;) alert tcp $HOME_NET any -> [185.99.2.67] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.67/; sid:900624331; rev:1;) alert tcp $HOME_NET any -> [189.160.234.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.234.67/; sid:902285320; rev:1;) alert tcp $HOME_NET any -> [152.170.222.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.222.65/; sid:900624325; rev:1;) alert tcp $HOME_NET any -> [190.196.143.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.196.143.58/; sid:900624327; rev:1;) alert tcp $HOME_NET any -> [189.154.128.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.128.205/; sid:900624326; rev:1;) alert tcp $HOME_NET any -> [91.73.197.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.197.186/; sid:900624328; rev:1;) alert tcp $HOME_NET any -> [201.231.87.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.87.82/; sid:902285149; rev:1;) alert tcp $HOME_NET any -> [220.213.79.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.213.79.166/; sid:900624324; rev:1;) alert tcp $HOME_NET any -> [195.123.237.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.105/; sid:900624323; rev:1;) alert tcp $HOME_NET any -> [94.250.250.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.250.69/; sid:900624322; rev:1;) alert tcp $HOME_NET any -> [164.68.120.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.58/; sid:900624320; rev:1;) alert tcp $HOME_NET any -> [148.251.185.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.164/; sid:900624319; rev:1;) alert tcp $HOME_NET any -> [164.132.255.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.255.19/; sid:900624315; rev:1;) alert tcp $HOME_NET any -> [185.234.72.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.193/; sid:900624314; rev:1;) alert tcp $HOME_NET any -> [185.99.2.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.44/; sid:900624313; rev:1;) alert tcp $HOME_NET any -> [108.170.61.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.61.186/; sid:900624312; rev:1;) alert tcp $HOME_NET any -> [185.14.29.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.29.141/; sid:900624310; rev:1;) alert tcp $HOME_NET any -> [188.119.113.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.119.113.60/; sid:900624309; rev:1;) alert tcp $HOME_NET any -> [217.12.209.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.159/; sid:900624307; rev:1;) alert tcp $HOME_NET any -> [51.89.115.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.108/; sid:900624308; rev:1;) alert tcp $HOME_NET any -> [185.234.72.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.50/; sid:900624311; rev:1;) alert tcp $HOME_NET any -> [172.245.159.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.159.116/; sid:900624306; rev:1;) alert tcp $HOME_NET any -> [194.5.250.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.201/; sid:900624316; rev:1;) alert tcp $HOME_NET any -> [94.250.249.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.249.170/; sid:900624317; rev:1;) alert tcp $HOME_NET any -> [91.235.129.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.199/; sid:900624318; rev:1;) alert tcp $HOME_NET any -> [194.5.250.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.200/; sid:900624321; rev:1;) alert tcp $HOME_NET any -> [103.12.161.194] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.161.194/; sid:900624329; rev:1;) alert tcp $HOME_NET any -> [103.69.216.86] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.216.86/; sid:900624303; rev:1;) alert tcp $HOME_NET any -> [23.227.206.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.206.170/; sid:900624302; rev:1;) alert tcp $HOME_NET any -> [146.185.219.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.29/; sid:900624301; rev:1;) alert tcp $HOME_NET any -> [195.133.196.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.196.151/; sid:900624300; rev:1;) alert tcp $HOME_NET any -> [91.235.129.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.60/; sid:900624299; rev:1;) alert tcp $HOME_NET any -> [85.204.116.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.139/; sid:900624298; rev:1;) alert tcp $HOME_NET any -> [176.111.60.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.111.60.55/; sid:902266508; rev:1;) alert tcp $HOME_NET any -> [209.151.248.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.151.248.242/; sid:902266488; rev:1;) alert tcp $HOME_NET any -> [94.130.171.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.130.171.231/; sid:900624291; rev:1;) alert tcp $HOME_NET any -> [82.223.70.24] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.223.70.24/; sid:900624290; rev:1;) alert tcp $HOME_NET any -> [142.105.151.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.105.151.124/; sid:900624289; rev:1;) alert tcp $HOME_NET any -> [190.229.148.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.229.148.144/; sid:900624293; rev:1;) alert tcp $HOME_NET any -> [186.188.152.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.188.152.177/; sid:900624292; rev:1;) alert tcp $HOME_NET any -> [95.180.25.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.180.25.146/; sid:900624297; rev:1;) alert tcp $HOME_NET any -> [137.25.7.112] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.25.7.112/; sid:900624288; rev:1;) alert tcp $HOME_NET any -> [109.94.110.79] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.94.110.79/; sid:900624304; rev:1;) alert tcp $HOME_NET any -> [51.81.113.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.81.113.25/; sid:900624296; rev:1;) alert tcp $HOME_NET any -> [185.11.146.101] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.101/; sid:900624295; rev:1;) alert tcp $HOME_NET any -> [51.89.115.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.104/; sid:900624294; rev:1;) alert tcp $HOME_NET any -> [107.175.87.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.87.113/; sid:900624287; rev:1;) alert tcp $HOME_NET any -> [181.228.91.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.91.247/; sid:902261244; rev:1;) alert tcp $HOME_NET any -> [46.35.75.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.35.75.225/; sid:902261194; rev:1;) alert tcp $HOME_NET any -> [195.54.162.120] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.162.120/; sid:900624286; rev:1;) alert tcp $HOME_NET any -> [190.16.142.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.142.187/; sid:902260850; rev:1;) alert tcp $HOME_NET any -> [201.214.229.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.229.79/; sid:900624275; rev:1;) alert tcp $HOME_NET any -> [190.251.235.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.251.235.239/; sid:900624281; rev:1;) alert tcp $HOME_NET any -> [95.7.221.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.7.221.205/; sid:902260782; rev:1;) alert tcp $HOME_NET any -> [60.53.206.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.53.206.244/; sid:902260779; rev:1;) alert tcp $HOME_NET any -> [189.134.47.51] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.47.51/; sid:902260773; rev:1;) alert tcp $HOME_NET any -> [31.131.20.159] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.20.159/; sid:900624274; rev:1;) alert tcp $HOME_NET any -> [146.185.253.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.157/; sid:900624273; rev:1;) alert tcp $HOME_NET any -> [62.109.30.83] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.30.83/; sid:900624272; rev:1;) alert tcp $HOME_NET any -> [185.161.211.215] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.211.215/; sid:900624276; rev:1;) alert tcp $HOME_NET any -> [64.44.133.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.153/; sid:900624282; rev:1;) alert tcp $HOME_NET any -> [62.109.28.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.28.101/; sid:900624277; rev:1;) alert tcp $HOME_NET any -> [185.90.61.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.62/; sid:900624278; rev:1;) alert tcp $HOME_NET any -> [185.68.93.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.105/; sid:900624280; rev:1;) alert tcp $HOME_NET any -> [185.105.1.187] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.105.1.187/; sid:900624283; rev:1;) alert tcp $HOME_NET any -> [5.182.211.24] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.24/; sid:900624284; rev:1;) alert tcp $HOME_NET any -> [185.98.87.70] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.70/; sid:900624285; rev:1;) alert tcp $HOME_NET any -> [81.177.3.88] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.3.88/; sid:900624269; rev:1;) alert tcp $HOME_NET any -> [109.73.110.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.73.110.33/; sid:902253538; rev:1;) alert tcp $HOME_NET any -> [201.91.28.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.91.28.210/; sid:900624270; rev:1;) alert tcp $HOME_NET any -> [88.244.56.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.244.56.219/; sid:902253510; rev:1;) alert tcp $HOME_NET any -> [46.214.11.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.214.11.172/; sid:900624268; rev:1;) alert tcp $HOME_NET any -> [221.133.46.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.133.46.86/; sid:900624267; rev:1;) alert tcp $HOME_NET any -> [190.181.235.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.181.235.46/; sid:900624266; rev:1;) alert tcp $HOME_NET any -> [70.180.44.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.180.44.93/; sid:902253440; rev:1;) alert tcp $HOME_NET any -> [84.79.142.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.79.142.51/; sid:902253336; rev:1;) alert tcp $HOME_NET any -> [170.82.195.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.195.50/; sid:900624265; rev:1;) alert tcp $HOME_NET any -> [65.24.85.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.24.85.214/; sid:900624271; rev:1;) alert tcp $HOME_NET any -> [101.187.104.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.104.105/; sid:900624261; rev:1;) alert tcp $HOME_NET any -> [5.1.74.249] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.74.249/; sid:900624263; rev:1;) alert tcp $HOME_NET any -> [190.108.228.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.62/; sid:900624262; rev:1;) alert tcp $HOME_NET any -> [185.203.119.173] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.119.173/; sid:900624259; rev:1;) alert tcp $HOME_NET any -> [5.2.78.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.118/; sid:900624260; rev:1;) alert tcp $HOME_NET any -> [103.91.230.71] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.230.71/; sid:902250434; rev:1;) alert tcp $HOME_NET any -> [93.189.44.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.131/; sid:900624256; rev:1;) alert tcp $HOME_NET any -> [195.123.239.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.194/; sid:900624257; rev:1;) alert tcp $HOME_NET any -> [178.157.82.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.127/; sid:900624255; rev:1;) alert tcp $HOME_NET any -> [185.99.2.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.53/; sid:900624254; rev:1;) alert tcp $HOME_NET any -> [185.14.29.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.29.63/; sid:900624253; rev:1;) alert tcp $HOME_NET any -> [45.142.215.235] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.215.235/; sid:900624252; rev:1;) alert tcp $HOME_NET any -> [185.186.77.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.216/; sid:900624251; rev:1;) alert tcp $HOME_NET any -> [139.60.163.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.56/; sid:900624250; rev:1;) alert tcp $HOME_NET any -> [68.189.156.43] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.189.156.43/; sid:902249752; rev:1;) alert tcp $HOME_NET any -> [189.237.129.4] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.129.4/; sid:902249740; rev:1;) alert tcp $HOME_NET any -> [180.222.165.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.222.165.169/; sid:900624264; rev:1;) alert tcp $HOME_NET any -> [177.230.81.0] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.81.0/; sid:900624245; rev:1;) alert tcp $HOME_NET any -> [61.197.37.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.197.37.169/; sid:900624247; rev:1;) alert tcp $HOME_NET any -> [186.208.123.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.208.123.210/; sid:900624246; rev:1;) alert tcp $HOME_NET any -> [186.176.228.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.228.2/; sid:902249194; rev:1;) alert tcp $HOME_NET any -> [41.203.62.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.203.62.170/; sid:900624574; rev:1;) alert tcp $HOME_NET any -> [151.80.212.114] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.212.114/; sid:900624248; rev:1;) alert tcp $HOME_NET any -> [107.155.137.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.10/; sid:900624249; rev:1;) alert tcp $HOME_NET any -> [5.182.210.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.178/; sid:900624244; rev:1;) alert tcp $HOME_NET any -> [124.180.59.231] 40685 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.180.59.231/; sid:902246994; rev:1;) alert tcp $HOME_NET any -> [211.233.250.30] 32800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.233.250.30/; sid:902246705; rev:1;) alert tcp $HOME_NET any -> [2.28.113.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.28.113.59/; sid:900624239; rev:1;) alert tcp $HOME_NET any -> [177.139.128.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.139.128.221/; sid:902245914; rev:1;) alert tcp $HOME_NET any -> [73.155.126.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.155.126.84/; sid:902245904; rev:1;) alert tcp $HOME_NET any -> [181.164.215.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.215.193/; sid:900624238; rev:1;) alert tcp $HOME_NET any -> [94.98.209.24] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.98.209.24/; sid:902245831; rev:1;) alert tcp $HOME_NET any -> [194.5.250.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.138/; sid:900624240; rev:1;) alert tcp $HOME_NET any -> [85.204.116.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.153/; sid:900624241; rev:1;) alert tcp $HOME_NET any -> [185.141.27.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.225/; sid:900624243; rev:1;) alert tcp $HOME_NET any -> [190.107.247.135] 7556 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.107.247.135/; sid:902243740; rev:1;) alert tcp $HOME_NET any -> [178.156.202.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.222/; sid:900624236; rev:1;) alert tcp $HOME_NET any -> [185.99.2.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.123/; sid:900624371; rev:1;) alert tcp $HOME_NET any -> [107.175.133.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.133.162/; sid:900624372; rev:1;) alert tcp $HOME_NET any -> [51.254.164.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.164.243/; sid:900624373; rev:1;) alert tcp $HOME_NET any -> [185.198.57.75] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.75/; sid:900624374; rev:1;) alert tcp $HOME_NET any -> [185.234.72.24] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.24/; sid:900624375; rev:1;) alert tcp $HOME_NET any -> [189.163.25.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.25.46/; sid:902238258; rev:1;) alert tcp $HOME_NET any -> [161.0.32.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.0.32.190/; sid:902238247; rev:1;) alert tcp $HOME_NET any -> [187.179.140.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.179.140.45/; sid:902238242; rev:1;) alert tcp $HOME_NET any -> [190.171.250.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.250.40/; sid:902238239; rev:1;) alert tcp $HOME_NET any -> [200.116.153.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.153.131/; sid:902238233; rev:1;) alert tcp $HOME_NET any -> [186.15.92.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.92.37/; sid:902238232; rev:1;) alert tcp $HOME_NET any -> [24.232.83.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.83.232/; sid:902238231; rev:1;) alert tcp $HOME_NET any -> [201.250.219.53] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.250.219.53/; sid:902238229; rev:1;) alert tcp $HOME_NET any -> [91.217.76.15] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.217.76.15/; sid:900624234; rev:1;) alert tcp $HOME_NET any -> [68.203.213.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.203.213.226/; sid:900624231; rev:1;) alert tcp $HOME_NET any -> [190.189.196.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.196.133/; sid:902227136; rev:1;) alert tcp $HOME_NET any -> [91.200.102.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.200.102.125/; sid:900624226; rev:1;) alert tcp $HOME_NET any -> [185.14.28.34] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.28.34/; sid:900624227; rev:1;) alert tcp $HOME_NET any -> [31.131.21.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.21.184/; sid:900624228; rev:1;) alert tcp $HOME_NET any -> [85.143.223.201] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.201/; sid:900624229; rev:1;) alert tcp $HOME_NET any -> [212.80.216.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.167/; sid:900624230; rev:1;) alert tcp $HOME_NET any -> [189.71.72.114] 55137 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.71.72.114/; sid:902226010; rev:1;) alert tcp $HOME_NET any -> [25.148.16.103] 5437 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/25.148.16.103/; sid:902226009; rev:1;) alert tcp $HOME_NET any -> [64.81.218.251] 26264 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.81.218.251/; sid:902226008; rev:1;) alert tcp $HOME_NET any -> [194.56.188.70] 12363 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.56.188.70/; sid:902226007; rev:1;) alert tcp $HOME_NET any -> [196.168.103.131] 1603 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.168.103.131/; sid:902226006; rev:1;) alert tcp $HOME_NET any -> [82.132.32.113] 25210 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.132.32.113/; sid:902226005; rev:1;) alert tcp $HOME_NET any -> [55.238.160.2] 42438 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.238.160.2/; sid:902226004; rev:1;) alert tcp $HOME_NET any -> [185.17.123.90] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.17.123.90/; sid:900624225; rev:1;) alert tcp $HOME_NET any -> [5.182.210.55] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.55/; sid:900624222; rev:1;) alert tcp $HOME_NET any -> [185.174.172.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.172.16/; sid:900624223; rev:1;) alert tcp $HOME_NET any -> [81.177.3.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.3.67/; sid:900624220; rev:1;) alert tcp $HOME_NET any -> [185.99.2.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.41/; sid:900624216; rev:1;) alert tcp $HOME_NET any -> [194.5.250.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.175/; sid:900624213; rev:1;) alert tcp $HOME_NET any -> [152.89.245.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.245.207/; sid:900624212; rev:1;) alert tcp $HOME_NET any -> [45.137.151.198] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.151.198/; sid:900624217; rev:1;) alert tcp $HOME_NET any -> [185.14.30.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.152/; sid:900624215; rev:1;) alert tcp $HOME_NET any -> [5.2.79.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.140/; sid:900624219; rev:1;) alert tcp $HOME_NET any -> [185.177.59.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.163/; sid:900624214; rev:1;) alert tcp $HOME_NET any -> [91.235.129.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.223/; sid:900624221; rev:1;) alert tcp $HOME_NET any -> [194.5.250.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.150/; sid:900624218; rev:1;) alert tcp $HOME_NET any -> [212.124.117.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.124.117.25/; sid:900624224; rev:1;) alert tcp $HOME_NET any -> [178.157.82.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.80/; sid:900624211; rev:1;) alert tcp $HOME_NET any -> [185.99.2.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.221/; sid:900624210; rev:1;) alert tcp $HOME_NET any -> [51.89.115.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.112/; sid:900624205; rev:1;) alert tcp $HOME_NET any -> [146.185.253.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.108/; sid:900624207; rev:1;) alert tcp $HOME_NET any -> [81.177.22.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.22.238/; sid:900624202; rev:1;) alert tcp $HOME_NET any -> [185.14.31.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.252/; sid:900624203; rev:1;) alert tcp $HOME_NET any -> [185.66.13.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.13.65/; sid:900624208; rev:1;) alert tcp $HOME_NET any -> [203.23.128.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.23.128.148/; sid:900624209; rev:1;) alert tcp $HOME_NET any -> [51.89.73.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.158/; sid:900624201; rev:1;) alert tcp $HOME_NET any -> [172.82.152.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.11/; sid:900624204; rev:1;) alert tcp $HOME_NET any -> [92.38.171.17] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.17/; sid:900624200; rev:1;) alert tcp $HOME_NET any -> [185.174.172.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.172.60/; sid:900624206; rev:1;) alert tcp $HOME_NET any -> [195.123.220.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.178/; sid:900624196; rev:1;) alert tcp $HOME_NET any -> [146.185.253.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.132/; sid:900624191; rev:1;) alert tcp $HOME_NET any -> [176.126.83.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.126.83.149/; sid:900624197; rev:1;) alert tcp $HOME_NET any -> [185.141.27.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.243/; sid:900624199; rev:1;) alert tcp $HOME_NET any -> [185.99.2.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.220/; sid:900624192; rev:1;) alert tcp $HOME_NET any -> [91.235.129.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.144/; sid:900624198; rev:1;) alert tcp $HOME_NET any -> [162.247.155.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.100/; sid:900624194; rev:1;) alert tcp $HOME_NET any -> [185.14.30.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.134/; sid:900624193; rev:1;) alert tcp $HOME_NET any -> [185.65.202.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.115/; sid:900624195; rev:1;) alert tcp $HOME_NET any -> [206.176.163.218] 3050 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.176.163.218/; sid:902220688; rev:1;) alert tcp $HOME_NET any -> [7.72.198.205] 4047 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/7.72.198.205/; sid:902220687; rev:1;) alert tcp $HOME_NET any -> [103.113.19.53] 435 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.113.19.53/; sid:902220686; rev:1;) alert tcp $HOME_NET any -> [195.58.109.69] 16183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.58.109.69/; sid:902220685; rev:1;) alert tcp $HOME_NET any -> [113.160.130.116] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.130.116/; sid:900624235; rev:1;) alert tcp $HOME_NET any -> [91.213.145.135] 9190 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.213.145.135/; sid:902219877; rev:1;) alert tcp $HOME_NET any -> [163.108.209.223] 30168 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.108.209.223/; sid:902219876; rev:1;) alert tcp $HOME_NET any -> [73.176.10.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.176.10.71/; sid:900624232; rev:1;) alert tcp $HOME_NET any -> [103.227.170.227] 18338 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.227.170.227/; sid:902218795; rev:1;) alert tcp $HOME_NET any -> [98.222.122.8] 64498 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.222.122.8/; sid:902218794; rev:1;) alert tcp $HOME_NET any -> [88.237.73.94] 49127 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.237.73.94/; sid:902218793; rev:1;) alert tcp $HOME_NET any -> [222.188.172.196] 23826 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.188.172.196/; sid:902218615; rev:1;) alert tcp $HOME_NET any -> [89.87.59.84] 577 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.87.59.84/; sid:902217685; rev:1;) alert tcp $HOME_NET any -> [62.68.149.27] 49569 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.68.149.27/; sid:902217684; rev:1;) alert tcp $HOME_NET any -> [203.116.6.233] 3651 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.116.6.233/; sid:902217683; rev:1;) alert tcp $HOME_NET any -> [220.102.121.17] 12941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.102.121.17/; sid:902217682; rev:1;) alert tcp $HOME_NET any -> [185.20.185.109] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.20.185.109/; sid:900624188; rev:1;) alert tcp $HOME_NET any -> [194.5.250.143] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.143/; sid:900624190; rev:1;) alert tcp $HOME_NET any -> [195.123.239.192] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.192/; sid:900624233; rev:1;) alert tcp $HOME_NET any -> [220.142.86.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.142.86.252/; sid:902213729; rev:1;) alert tcp $HOME_NET any -> [91.73.223.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.223.130/; sid:902213688; rev:1;) alert tcp $HOME_NET any -> [189.154.117.63] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.117.63/; sid:902213687; rev:1;) alert tcp $HOME_NET any -> [179.62.26.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.26.236/; sid:900624237; rev:1;) alert tcp $HOME_NET any -> [184.164.142.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.142.43/; sid:900624181; rev:1;) alert tcp $HOME_NET any -> [45.148.120.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.117/; sid:900624180; rev:1;) alert tcp $HOME_NET any -> [178.156.202.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.228/; sid:900624182; rev:1;) alert tcp $HOME_NET any -> [5.255.96.218] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.218/; sid:900624183; rev:1;) alert tcp $HOME_NET any -> [190.47.227.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.227.130/; sid:902370383; rev:1;) alert tcp $HOME_NET any -> [118.167.155.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.167.155.233/; sid:902194010; rev:1;) alert tcp $HOME_NET any -> [94.98.218.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.98.218.11/; sid:902193982; rev:1;) alert tcp $HOME_NET any -> [149.135.10.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.10.19/; sid:900624178; rev:1;) alert tcp $HOME_NET any -> [192.3.1.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.1.208/; sid:900624170; rev:1;) alert tcp $HOME_NET any -> [194.5.250.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.174/; sid:900624171; rev:1;) alert tcp $HOME_NET any -> [5.182.210.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.191/; sid:900624176; rev:1;) alert tcp $HOME_NET any -> [118.70.126.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.70.126.251/; sid:900624187; rev:1;) alert tcp $HOME_NET any -> [51.77.108.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.108.17/; sid:900624167; rev:1;) alert tcp $HOME_NET any -> [68.115.64.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.115.64.219/; sid:900624168; rev:1;) alert tcp $HOME_NET any -> [189.160.15.202] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.15.202/; sid:900624165; rev:1;) alert tcp $HOME_NET any -> [118.70.185.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.70.185.225/; sid:902177492; rev:1;) alert tcp $HOME_NET any -> [213.243.211.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.243.211.114/; sid:900624166; rev:1;) alert tcp $HOME_NET any -> [201.189.82.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.189.82.150/; sid:902168773; rev:1;) alert tcp $HOME_NET any -> [182.156.101.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.156.101.52/; sid:902159612; rev:1;) alert tcp $HOME_NET any -> [187.145.244.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.145.244.86/; sid:902159564; rev:1;) alert tcp $HOME_NET any -> [189.154.68.123] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.68.123/; sid:900624164; rev:1;) alert tcp $HOME_NET any -> [200.83.209.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.209.144/; sid:900624605; rev:1;) alert tcp $HOME_NET any -> [37.210.228.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.228.23/; sid:900624161; rev:1;) alert tcp $HOME_NET any -> [189.253.255.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.255.142/; sid:902158898; rev:1;) alert tcp $HOME_NET any -> [189.139.77.237] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.139.77.237/; sid:902158859; rev:1;) alert tcp $HOME_NET any -> [110.143.8.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.8.89/; sid:900624169; rev:1;) alert tcp $HOME_NET any -> [190.171.135.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.135.237/; sid:900624162; rev:1;) alert tcp $HOME_NET any -> [168.197.252.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.197.252.178/; sid:900624160; rev:1;) alert tcp $HOME_NET any -> [189.203.8.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.8.253/; sid:902158793; rev:1;) alert tcp $HOME_NET any -> [77.30.150.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.30.150.52/; sid:902158777; rev:1;) alert tcp $HOME_NET any -> [181.176.191.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.191.27/; sid:900624163; rev:1;) alert tcp $HOME_NET any -> [146.185.253.179] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.179/; sid:900624184; rev:1;) alert tcp $HOME_NET any -> [172.245.157.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.157.135/; sid:900624185; rev:1;) alert tcp $HOME_NET any -> [5.255.96.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.217/; sid:900624186; rev:1;) alert tcp $HOME_NET any -> [103.227.147.82] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.227.147.82/; sid:900624157; rev:1;) alert tcp $HOME_NET any -> [31.131.21.168] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.21.168/; sid:900624154; rev:1;) alert tcp $HOME_NET any -> [144.139.173.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.173.73/; sid:900624150; rev:1;) alert tcp $HOME_NET any -> [184.57.130.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.57.130.8/; sid:900624148; rev:1;) alert tcp $HOME_NET any -> [180.47.95.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.47.95.158/; sid:900624159; rev:1;) alert tcp $HOME_NET any -> [177.0.241.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.0.241.28/; sid:900624152; rev:1;) alert tcp $HOME_NET any -> [190.160.53.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.160.53.126/; sid:900624151; rev:1;) alert tcp $HOME_NET any -> [82.240.207.95] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.240.207.95/; sid:900624149; rev:1;) alert tcp $HOME_NET any -> [181.197.99.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.99.169/; sid:902148944; rev:1;) alert tcp $HOME_NET any -> [45.118.136.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.136.92/; sid:900624141; rev:1;) alert tcp $HOME_NET any -> [190.157.65.124] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.157.65.124/; sid:902148896; rev:1;) alert tcp $HOME_NET any -> [190.87.164.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.87.164.21/; sid:902148838; rev:1;) alert tcp $HOME_NET any -> [190.147.165.160] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.165.160/; sid:902148821; rev:1;) alert tcp $HOME_NET any -> [177.73.3.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.73.3.204/; sid:900624140; rev:1;) alert tcp $HOME_NET any -> [177.38.15.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.38.15.151/; sid:900624147; rev:1;) alert tcp $HOME_NET any -> [45.161.242.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.161.242.102/; sid:900624145; rev:1;) alert tcp $HOME_NET any -> [212.156.219.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.156.219.6/; sid:900624143; rev:1;) alert tcp $HOME_NET any -> [78.192.181.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.192.181.26/; sid:900624144; rev:1;) alert tcp $HOME_NET any -> [188.120.242.75] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.242.75/; sid:900624139; rev:1;) alert tcp $HOME_NET any -> [5.2.76.29] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.29/; sid:900624158; rev:1;) alert tcp $HOME_NET any -> [37.211.54.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.54.144/; sid:902143795; rev:1;) alert tcp $HOME_NET any -> [134.19.217.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.19.217.180/; sid:900624136; rev:1;) alert tcp $HOME_NET any -> [80.102.134.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.102.134.174/; sid:900624146; rev:1;) alert tcp $HOME_NET any -> [190.244.125.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.244.125.144/; sid:900624132; rev:1;) alert tcp $HOME_NET any -> [49.205.182.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.205.182.223/; sid:902142869; rev:1;) alert tcp $HOME_NET any -> [88.247.144.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.144.128/; sid:902142868; rev:1;) alert tcp $HOME_NET any -> [117.4.120.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.120.226/; sid:900624142; rev:1;) alert tcp $HOME_NET any -> [43.231.62.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.231.62.58/; sid:900624130; rev:1;) alert tcp $HOME_NET any -> [191.91.197.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.91.197.29/; sid:900624138; rev:1;) alert tcp $HOME_NET any -> [81.169.202.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.202.3/; sid:900624129; rev:1;) alert tcp $HOME_NET any -> [200.126.237.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.237.113/; sid:900624126; rev:1;) alert tcp $HOME_NET any -> [67.20.141.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.20.141.76/; sid:900624128; rev:1;) alert tcp $HOME_NET any -> [188.129.197.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.129.197.149/; sid:900624125; rev:1;) alert tcp $HOME_NET any -> [128.106.71.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.106.71.243/; sid:900624131; rev:1;) alert tcp $HOME_NET any -> [47.150.248.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.150.248.161/; sid:900624127; rev:1;) alert tcp $HOME_NET any -> [24.179.13.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.119/; sid:900624133; rev:1;) alert tcp $HOME_NET any -> [186.80.169.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.80.169.128/; sid:900624156; rev:1;) alert tcp $HOME_NET any -> [84.9.167.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.9.167.76/; sid:900624137; rev:1;) alert tcp $HOME_NET any -> [178.156.202.157] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.157/; sid:900624124; rev:1;) alert tcp $HOME_NET any -> [219.74.19.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.74.19.70/; sid:902140445; rev:1;) alert tcp $HOME_NET any -> [189.168.169.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.168.169.129/; sid:900624155; rev:1;) alert tcp $HOME_NET any -> [46.4.167.242] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.167.242/; sid:900624121; rev:1;) alert tcp $HOME_NET any -> [190.63.184.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.63.184.182/; sid:902135935; rev:1;) alert tcp $HOME_NET any -> [201.251.133.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.133.92/; sid:902132948; rev:1;) alert tcp $HOME_NET any -> [5.154.58.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.154.58.24/; sid:902132939; rev:1;) alert tcp $HOME_NET any -> [93.114.205.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.114.205.169/; sid:900624120; rev:1;) alert tcp $HOME_NET any -> [153.160.71.129] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.160.71.129/; sid:900624122; rev:1;) alert tcp $HOME_NET any -> [47.156.64.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.64.4/; sid:900624117; rev:1;) alert tcp $HOME_NET any -> [116.90.229.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.229.22/; sid:900624135; rev:1;) alert tcp $HOME_NET any -> [200.41.121.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.41.121.90/; sid:900624110; rev:1;) alert tcp $HOME_NET any -> [103.97.95.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.97.95.221/; sid:900624109; rev:1;) alert tcp $HOME_NET any -> [90.79.26.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.79.26.91/; sid:900624108; rev:1;) alert tcp $HOME_NET any -> [187.51.47.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.51.47.26/; sid:902131773; rev:1;) alert tcp $HOME_NET any -> [2.47.112.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.47.112.152/; sid:900624115; rev:1;) alert tcp $HOME_NET any -> [182.73.199.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.199.226/; sid:900624107; rev:1;) alert tcp $HOME_NET any -> [181.16.18.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.18.72/; sid:900624116; rev:1;) alert tcp $HOME_NET any -> [187.234.40.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.234.40.193/; sid:902131665; rev:1;) alert tcp $HOME_NET any -> [116.73.14.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.73.14.186/; sid:900624113; rev:1;) alert tcp $HOME_NET any -> [104.182.56.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.182.56.131/; sid:900624105; rev:1;) alert tcp $HOME_NET any -> [220.210.163.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.210.163.76/; sid:900624111; rev:1;) alert tcp $HOME_NET any -> [102.22.62.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.22.62.71/; sid:900624114; rev:1;) alert tcp $HOME_NET any -> [60.117.26.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.117.26.28/; sid:900624112; rev:1;) alert tcp $HOME_NET any -> [113.161.147.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.161.147.51/; sid:900624106; rev:1;) alert tcp $HOME_NET any -> [187.235.244.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.244.9/; sid:902130723; rev:1;) alert tcp $HOME_NET any -> [187.146.179.75] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.179.75/; sid:902130663; rev:1;) alert tcp $HOME_NET any -> [185.203.118.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.118.37/; sid:900624103; rev:1;) alert tcp $HOME_NET any -> [195.123.239.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.67/; sid:900624101; rev:1;) alert tcp $HOME_NET any -> [86.18.105.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.18.105.123/; sid:902130283; rev:1;) alert tcp $HOME_NET any -> [190.147.12.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.12.71/; sid:902130278; rev:1;) alert tcp $HOME_NET any -> [186.138.56.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.56.183/; sid:902130270; rev:1;) alert tcp $HOME_NET any -> [200.127.15.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.15.72/; sid:902130255; rev:1;) alert tcp $HOME_NET any -> [86.1.139.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.1.139.205/; sid:902130253; rev:1;) alert tcp $HOME_NET any -> [217.12.209.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.200/; sid:900624100; rev:1;) alert tcp $HOME_NET any -> [146.185.253.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.178/; sid:900624099; rev:1;) alert tcp $HOME_NET any -> [45.32.158.232] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.32.158.232/; sid:902128654; rev:1;) alert tcp $HOME_NET any -> [5.79.119.1] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.79.119.1/; sid:902128623; rev:1;) alert tcp $HOME_NET any -> [110.93.196.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.196.197/; sid:902128516; rev:1;) alert tcp $HOME_NET any -> [152.168.228.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.228.112/; sid:902128507; rev:1;) alert tcp $HOME_NET any -> [90.192.84.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.192.84.225/; sid:902128505; rev:1;) alert tcp $HOME_NET any -> [190.143.151.86] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.143.151.86/; sid:902128497; rev:1;) alert tcp $HOME_NET any -> [185.62.188.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.159/; sid:900624102; rev:1;) alert tcp $HOME_NET any -> [185.244.39.65] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.39.65/; sid:900624118; rev:1;) alert tcp $HOME_NET any -> [172.245.156.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.156.138/; sid:900624093; rev:1;) alert tcp $HOME_NET any -> [186.33.141.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.33.141.88/; sid:900624091; rev:1;) alert tcp $HOME_NET any -> [115.73.192.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.73.192.128/; sid:902127277; rev:1;) alert tcp $HOME_NET any -> [77.69.8.132] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.69.8.132/; sid:900624088; rev:1;) alert tcp $HOME_NET any -> [59.120.74.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.120.74.106/; sid:900624094; rev:1;) alert tcp $HOME_NET any -> [31.146.61.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.146.61.34/; sid:900624087; rev:1;) alert tcp $HOME_NET any -> [14.161.6.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.161.6.60/; sid:900624095; rev:1;) alert tcp $HOME_NET any -> [164.77.131.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.77.131.165/; sid:900624085; rev:1;) alert tcp $HOME_NET any -> [1.163.163.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.163.163.199/; sid:900624083; rev:1;) alert tcp $HOME_NET any -> [71.222.157.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.222.157.155/; sid:900624082; rev:1;) alert tcp $HOME_NET any -> [185.155.20.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.155.20.82/; sid:900624080; rev:1;) alert tcp $HOME_NET any -> [58.177.172.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.177.172.160/; sid:900624081; rev:1;) alert tcp $HOME_NET any -> [165.255.105.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.105.53/; sid:900624084; rev:1;) alert tcp $HOME_NET any -> [181.164.25.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.25.59/; sid:900624119; rev:1;) alert tcp $HOME_NET any -> [181.230.116.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.116.163/; sid:900624079; rev:1;) alert tcp $HOME_NET any -> [66.161.235.4] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.161.235.4/; sid:902126604; rev:1;) alert tcp $HOME_NET any -> [64.44.51.113] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.113/; sid:900624076; rev:1;) alert tcp $HOME_NET any -> [91.231.166.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.166.124/; sid:900624073; rev:1;) alert tcp $HOME_NET any -> [173.66.242.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.66.242.48/; sid:902122090; rev:1;) alert tcp $HOME_NET any -> [169.0.115.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.115.97/; sid:902122087; rev:1;) alert tcp $HOME_NET any -> [189.252.205.128] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.205.128/; sid:902122073; rev:1;) alert tcp $HOME_NET any -> [222.252.184.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.252.184.181/; sid:902121991; rev:1;) alert tcp $HOME_NET any -> [186.3.185.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.185.206/; sid:902121983; rev:1;) alert tcp $HOME_NET any -> [62.84.75.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.84.75.50/; sid:900624097; rev:1;) alert tcp $HOME_NET any -> [187.236.208.90] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.236.208.90/; sid:902121942; rev:1;) alert tcp $HOME_NET any -> [187.241.28.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.241.28.114/; sid:902121940; rev:1;) alert tcp $HOME_NET any -> [177.144.135.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.144.135.2/; sid:900624077; rev:1;) alert tcp $HOME_NET any -> [190.128.90.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.90.22/; sid:900624075; rev:1;) alert tcp $HOME_NET any -> [179.184.65.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.184.65.222/; sid:900624070; rev:1;) alert tcp $HOME_NET any -> [190.79.103.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.103.57/; sid:902121870; rev:1;) alert tcp $HOME_NET any -> [189.42.145.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.42.145.34/; sid:900624068; rev:1;) alert tcp $HOME_NET any -> [183.91.15.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.91.15.80/; sid:900624065; rev:1;) alert tcp $HOME_NET any -> [200.108.250.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.108.250.176/; sid:900624066; rev:1;) alert tcp $HOME_NET any -> [200.116.191.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.191.114/; sid:900624071; rev:1;) alert tcp $HOME_NET any -> [54.39.187.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.187.202/; sid:900624067; rev:1;) alert tcp $HOME_NET any -> [177.139.131.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.139.131.143/; sid:900624069; rev:1;) alert tcp $HOME_NET any -> [185.20.185.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.20.185.76/; sid:900624089; rev:1;) alert tcp $HOME_NET any -> [46.17.107.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.107.65/; sid:900624090; rev:1;) alert tcp $HOME_NET any -> [49.204.68.26] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.204.68.26/; sid:902117501; rev:1;) alert tcp $HOME_NET any -> [185.98.87.206] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.206/; sid:900624061; rev:1;) alert tcp $HOME_NET any -> [188.165.62.4] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.4/; sid:900624062; rev:1;) alert tcp $HOME_NET any -> [113.160.235.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.235.179/; sid:902113139; rev:1;) alert tcp $HOME_NET any -> [80.103.116.1] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.103.116.1/; sid:902113131; rev:1;) alert tcp $HOME_NET any -> [148.102.77.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.102.77.148/; sid:902113042; rev:1;) alert tcp $HOME_NET any -> [93.51.50.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.51.50.171/; sid:900624055; rev:1;) alert tcp $HOME_NET any -> [181.13.24.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.24.83/; sid:900624063; rev:1;) alert tcp $HOME_NET any -> [200.7.243.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.243.109/; sid:900624052; rev:1;) alert tcp $HOME_NET any -> [185.144.138.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.144.138.187/; sid:900624050; rev:1;) alert tcp $HOME_NET any -> [91.242.138.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.242.138.11/; sid:900624054; rev:1;) alert tcp $HOME_NET any -> [185.14.31.98] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.98/; sid:900624044; rev:1;) alert tcp $HOME_NET any -> [45.142.213.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.213.70/; sid:900624046; rev:1;) alert tcp $HOME_NET any -> [198.23.252.127] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.127/; sid:900624045; rev:1;) alert tcp $HOME_NET any -> [193.111.62.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.111.62.50/; sid:900624047; rev:1;) alert tcp $HOME_NET any -> [195.123.239.29] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.29/; sid:900624048; rev:1;) alert tcp $HOME_NET any -> [50.35.17.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.35.17.13/; sid:900624053; rev:1;) alert tcp $HOME_NET any -> [146.185.253.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.176/; sid:900624051; rev:1;) alert tcp $HOME_NET any -> [85.143.221.183] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.183/; sid:900624056; rev:1;) alert tcp $HOME_NET any -> [212.80.217.220] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.220/; sid:900624057; rev:1;) alert tcp $HOME_NET any -> [116.90.228.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.228.177/; sid:900624064; rev:1;) alert tcp $HOME_NET any -> [60.53.206.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.53.206.74/; sid:900624058; rev:1;) alert tcp $HOME_NET any -> [51.254.164.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.164.244/; sid:900624059; rev:1;) alert tcp $HOME_NET any -> [217.12.209.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.209.199/; sid:900624042; rev:1;) alert tcp $HOME_NET any -> [185.99.2.140] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.140/; sid:900624043; rev:1;) alert tcp $HOME_NET any -> [5.255.96.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.119/; sid:900624041; rev:1;) alert tcp $HOME_NET any -> [190.190.26.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.26.188/; sid:902112267; rev:1;) alert tcp $HOME_NET any -> [201.155.204.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.155.204.151/; sid:900624049; rev:1;) alert tcp $HOME_NET any -> [93.140.49.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.140.49.34/; sid:902112152; rev:1;) alert tcp $HOME_NET any -> [195.2.93.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.2.93.50/; sid:900624036; rev:1;) alert tcp $HOME_NET any -> [82.148.16.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.148.16.5/; sid:900624038; rev:1;) alert tcp $HOME_NET any -> [62.109.11.248] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.11.248/; sid:900624040; rev:1;) alert tcp $HOME_NET any -> [192.210.226.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.226.106/; sid:900624037; rev:1;) alert tcp $HOME_NET any -> [45.135.164.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.135.164.193/; sid:900624034; rev:1;) alert tcp $HOME_NET any -> [93.189.42.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.66/; sid:900624035; rev:1;) alert tcp $HOME_NET any -> [185.141.27.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.238/; sid:900624039; rev:1;) alert tcp $HOME_NET any -> [51.254.164.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.164.245/; sid:900624092; rev:1;) alert tcp $HOME_NET any -> [93.189.41.215] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.215/; sid:900624017; rev:1;) alert tcp $HOME_NET any -> [185.20.185.80] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.20.185.80/; sid:900624019; rev:1;) alert tcp $HOME_NET any -> [5.255.96.107] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.107/; sid:900624018; rev:1;) alert tcp $HOME_NET any -> [64.44.133.44] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.44/; sid:900624021; rev:1;) alert tcp $HOME_NET any -> [103.75.117.246] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.117.246/; sid:900624020; rev:1;) alert tcp $HOME_NET any -> [45.133.216.26] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.133.216.26/; sid:900624023; rev:1;) alert tcp $HOME_NET any -> [93.115.20.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.115.20.40/; sid:900624022; rev:1;) alert tcp $HOME_NET any -> [5.2.79.212] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.212/; sid:900624016; rev:1;) alert tcp $HOME_NET any -> [46.4.167.250] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.167.250/; sid:900624024; rev:1;) alert tcp $HOME_NET any -> [185.180.198.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.50/; sid:900624014; rev:1;) alert tcp $HOME_NET any -> [212.80.218.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.144/; sid:900624013; rev:1;) alert tcp $HOME_NET any -> [91.235.129.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.25/; sid:900624006; rev:1;) alert tcp $HOME_NET any -> [194.99.21.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.21.139/; sid:900624009; rev:1;) alert tcp $HOME_NET any -> [107.173.240.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.240.221/; sid:900624001; rev:1;) alert tcp $HOME_NET any -> [200.35.56.81] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.35.56.81/; sid:900624000; rev:1;) alert tcp $HOME_NET any -> [146.196.122.152] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.152/; sid:900624011; rev:1;) alert tcp $HOME_NET any -> [45.230.176.158] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.230.176.158/; sid:900624010; rev:1;) alert tcp $HOME_NET any -> [177.8.172.86] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.8.172.86/; sid:900624007; rev:1;) alert tcp $HOME_NET any -> [79.143.31.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.31.246/; sid:900624003; rev:1;) alert tcp $HOME_NET any -> [187.110.100.122] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.110.100.122/; sid:900623998; rev:1;) alert tcp $HOME_NET any -> [200.153.15.178] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.153.15.178/; sid:900624002; rev:1;) alert tcp $HOME_NET any -> [117.204.253.33] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.204.253.33/; sid:900623999; rev:1;) alert tcp $HOME_NET any -> [45.224.214.34] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.214.34/; sid:900624012; rev:1;) alert tcp $HOME_NET any -> [176.119.159.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.159.204/; sid:900624005; rev:1;) alert tcp $HOME_NET any -> [51.89.115.110] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.110/; sid:900624008; rev:1;) alert tcp $HOME_NET any -> [186.232.91.240] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.232.91.240/; sid:900624004; rev:1;) alert tcp $HOME_NET any -> [51.79.116.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.116.170/; sid:900623994; rev:1;) alert tcp $HOME_NET any -> [185.252.144.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.135/; sid:900623986; rev:1;) alert tcp $HOME_NET any -> [117.196.233.100] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.233.100/; sid:900623987; rev:1;) alert tcp $HOME_NET any -> [194.5.250.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.62/; sid:900623991; rev:1;) alert tcp $HOME_NET any -> [152.89.245.212] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.245.212/; sid:900623984; rev:1;) alert tcp $HOME_NET any -> [195.123.240.81] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.81/; sid:900623997; rev:1;) alert tcp $HOME_NET any -> [181.115.168.69] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.115.168.69/; sid:900623989; rev:1;) alert tcp $HOME_NET any -> [5.255.96.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.115/; sid:900623996; rev:1;) alert tcp $HOME_NET any -> [185.14.29.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.29.84/; sid:900623983; rev:1;) alert tcp $HOME_NET any -> [64.44.133.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.157/; sid:900623992; rev:1;) alert tcp $HOME_NET any -> [186.138.152.228] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.152.228/; sid:900623995; rev:1;) alert tcp $HOME_NET any -> [138.121.24.78] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.121.24.78/; sid:900623988; rev:1;) alert tcp $HOME_NET any -> [195.123.221.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.194/; sid:900623990; rev:1;) alert tcp $HOME_NET any -> [177.154.86.145] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.154.86.145/; sid:900623982; rev:1;) alert tcp $HOME_NET any -> [5.182.210.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.109/; sid:900623993; rev:1;) alert tcp $HOME_NET any -> [181.196.61.110] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.61.110/; sid:900623985; rev:1;) alert tcp $HOME_NET any -> [78.24.219.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.219.9/; sid:900623970; rev:1;) alert tcp $HOME_NET any -> [185.252.144.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.174/; sid:900623975; rev:1;) alert tcp $HOME_NET any -> [195.123.217.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.217.226/; sid:900623972; rev:1;) alert tcp $HOME_NET any -> [131.0.142.120] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.142.120/; sid:900623976; rev:1;) alert tcp $HOME_NET any -> [45.148.120.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.14/; sid:900623980; rev:1;) alert tcp $HOME_NET any -> [181.199.102.179] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.199.102.179/; sid:900623977; rev:1;) alert tcp $HOME_NET any -> [5.182.211.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.44/; sid:900623969; rev:1;) alert tcp $HOME_NET any -> [185.200.241.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.200.241.248/; sid:900623974; rev:1;) alert tcp $HOME_NET any -> [94.156.144.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.144.74/; sid:900623981; rev:1;) alert tcp $HOME_NET any -> [185.62.188.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.83/; sid:900623979; rev:1;) alert tcp $HOME_NET any -> [195.54.162.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.162.179/; sid:900623973; rev:1;) alert tcp $HOME_NET any -> [146.185.253.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.197/; sid:900623978; rev:1;) alert tcp $HOME_NET any -> [5.182.210.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.254/; sid:900623968; rev:1;) alert tcp $HOME_NET any -> [185.141.61.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.61.29/; sid:900623971; rev:1;) alert tcp $HOME_NET any -> [51.89.73.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.159/; sid:900623959; rev:1;) alert tcp $HOME_NET any -> [177.52.79.29] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.52.79.29/; sid:900623967; rev:1;) alert tcp $HOME_NET any -> [81.177.165.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.165.145/; sid:900623955; rev:1;) alert tcp $HOME_NET any -> [195.54.162.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.162.180/; sid:900623966; rev:1;) alert tcp $HOME_NET any -> [217.107.34.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.151/; sid:900623961; rev:1;) alert tcp $HOME_NET any -> [103.207.169.78] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.207.169.78/; sid:900623957; rev:1;) alert tcp $HOME_NET any -> [5.230.22.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.230.22.40/; sid:900623956; rev:1;) alert tcp $HOME_NET any -> [170.84.78.186] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.78.186/; sid:900623963; rev:1;) alert tcp $HOME_NET any -> [62.109.22.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.22.2/; sid:900623954; rev:1;) alert tcp $HOME_NET any -> [195.123.220.155] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.155/; sid:900623962; rev:1;) alert tcp $HOME_NET any -> [85.204.116.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.128/; sid:900623958; rev:1;) alert tcp $HOME_NET any -> [195.54.162.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.162.66/; sid:900623960; rev:1;) alert tcp $HOME_NET any -> [31.184.254.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.254.50/; sid:900623965; rev:1;) alert tcp $HOME_NET any -> [138.59.233.5] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.233.5/; sid:900623964; rev:1;) alert tcp $HOME_NET any -> [187.163.180.243] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.180.243/; sid:902108189; rev:1;) alert tcp $HOME_NET any -> [115.97.16.102] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.97.16.102/; sid:902108180; rev:1;) alert tcp $HOME_NET any -> [190.83.191.92] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.83.191.92/; sid:902108177; rev:1;) alert tcp $HOME_NET any -> [188.209.52.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.209.52.162/; sid:900623953; rev:1;) alert tcp $HOME_NET any -> [85.143.220.161] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.161/; sid:900624015; rev:1;) alert tcp $HOME_NET any -> [96.9.77.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.77.142/; sid:900624174; rev:1;) alert tcp $HOME_NET any -> [195.123.239.25] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.25/; sid:900624027; rev:1;) alert tcp $HOME_NET any -> [96.9.73.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.9.73.73/; sid:900624172; rev:1;) alert tcp $HOME_NET any -> [36.89.106.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.106.69/; sid:900624177; rev:1;) alert tcp $HOME_NET any -> [146.185.253.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.161/; sid:900624030; rev:1;) alert tcp $HOME_NET any -> [104.168.96.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.96.122/; sid:900624029; rev:1;) alert tcp $HOME_NET any -> [194.5.250.149] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.149/; sid:900624028; rev:1;) alert tcp $HOME_NET any -> [5.255.96.187] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.187/; sid:900624031; rev:1;) alert tcp $HOME_NET any -> [45.93.4.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.93.4.134/; sid:900624032; rev:1;) alert tcp $HOME_NET any -> [45.148.120.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.153/; sid:900624033; rev:1;) alert tcp $HOME_NET any -> [5.255.96.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.186/; sid:900624060; rev:1;) alert tcp $HOME_NET any -> [108.170.31.57] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.31.57/; sid:900623951; rev:1;) alert tcp $HOME_NET any -> [5.2.79.26] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.26/; sid:900623947; rev:1;) alert tcp $HOME_NET any -> [185.62.188.104] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.104/; sid:900623948; rev:1;) alert tcp $HOME_NET any -> [146.185.253.173] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.173/; sid:900623950; rev:1;) alert tcp $HOME_NET any -> [194.5.250.189] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.189/; sid:900623946; rev:1;) alert tcp $HOME_NET any -> [93.189.43.49] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.43.49/; sid:900623943; rev:1;) alert tcp $HOME_NET any -> [73.176.241.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.176.241.255/; sid:902101281; rev:1;) alert tcp $HOME_NET any -> [185.14.29.26] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.29.26/; sid:900623941; rev:1;) alert tcp $HOME_NET any -> [85.143.218.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.249/; sid:900623923; rev:1;) alert tcp $HOME_NET any -> [107.175.87.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.87.142/; sid:900623925; rev:1;) alert tcp $HOME_NET any -> [45.83.192.45] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.83.192.45/; sid:900623926; rev:1;) alert tcp $HOME_NET any -> [192.3.193.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.193.162/; sid:900623927; rev:1;) alert tcp $HOME_NET any -> [212.80.217.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.243/; sid:900623924; rev:1;) alert tcp $HOME_NET any -> [195.54.32.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.32.12/; sid:900623928; rev:1;) alert tcp $HOME_NET any -> [5.34.177.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.177.194/; sid:900623930; rev:1;) alert tcp $HOME_NET any -> [185.65.202.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.183/; sid:900623929; rev:1;) alert tcp $HOME_NET any -> [188.165.62.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.2/; sid:900623931; rev:1;) alert tcp $HOME_NET any -> [31.131.21.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.21.30/; sid:900623932; rev:1;) alert tcp $HOME_NET any -> [89.191.234.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.191.234.89/; sid:900623933; rev:1;) alert tcp $HOME_NET any -> [198.15.119.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.15.119.121/; sid:900623934; rev:1;) alert tcp $HOME_NET any -> [185.14.29.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.29.4/; sid:900623921; rev:1;) alert tcp $HOME_NET any -> [194.5.250.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.179/; sid:900623935; rev:1;) alert tcp $HOME_NET any -> [198.15.119.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.15.119.71/; sid:900623922; rev:1;) alert tcp $HOME_NET any -> [185.99.2.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.202/; sid:900623919; rev:1;) alert tcp $HOME_NET any -> [185.14.31.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.72/; sid:900623920; rev:1;) alert tcp $HOME_NET any -> [194.5.250.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.178/; sid:900623918; rev:1;) alert tcp $HOME_NET any -> [220.132.16.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.132.16.114/; sid:900623936; rev:1;) alert tcp $HOME_NET any -> [115.79.195.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.79.195.246/; sid:900623937; rev:1;) alert tcp $HOME_NET any -> [202.188.218.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.188.218.120/; sid:900623938; rev:1;) alert tcp $HOME_NET any -> [183.179.17.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.179.17.211/; sid:900623939; rev:1;) alert tcp $HOME_NET any -> [210.56.10.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.56.10.58/; sid:900623915; rev:1;) alert tcp $HOME_NET any -> [105.224.209.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.209.135/; sid:900623916; rev:1;) alert tcp $HOME_NET any -> [42.200.178.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.178.117/; sid:900623917; rev:1;) alert tcp $HOME_NET any -> [107.184.91.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.184.91.187/; sid:900623914; rev:1;) alert tcp $HOME_NET any -> [188.165.62.8] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.8/; sid:900623912; rev:1;) alert tcp $HOME_NET any -> [185.164.32.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.101/; sid:900623910; rev:1;) alert tcp $HOME_NET any -> [194.5.250.163] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.163/; sid:900623909; rev:1;) alert tcp $HOME_NET any -> [185.99.2.196] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.196/; sid:900623908; rev:1;) alert tcp $HOME_NET any -> [5.255.96.152] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.152/; sid:900623902; rev:1;) alert tcp $HOME_NET any -> [85.204.116.181] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.181/; sid:900623905; rev:1;) alert tcp $HOME_NET any -> [185.99.2.197] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.197/; sid:900623903; rev:1;) alert tcp $HOME_NET any -> [45.135.164.191] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.135.164.191/; sid:900623904; rev:1;) alert tcp $HOME_NET any -> [85.143.218.32] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.32/; sid:900623906; rev:1;) alert tcp $HOME_NET any -> [185.65.202.248] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.248/; sid:900623907; rev:1;) alert tcp $HOME_NET any -> [103.205.177.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.205.177.228/; sid:900623911; rev:1;) alert tcp $HOME_NET any -> [181.54.182.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.182.135/; sid:900623899; rev:1;) alert tcp $HOME_NET any -> [190.194.151.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.151.145/; sid:902059803; rev:1;) alert tcp $HOME_NET any -> [64.44.133.156] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.156/; sid:900623945; rev:1;) alert tcp $HOME_NET any -> [185.252.144.7] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.7/; sid:900623944; rev:1;) alert tcp $HOME_NET any -> [133.208.252.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.208.252.149/; sid:900623898; rev:1;) alert tcp $HOME_NET any -> [164.77.130.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.77.130.222/; sid:900623897; rev:1;) alert tcp $HOME_NET any -> [74.50.52.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.50.52.11/; sid:902056447; rev:1;) alert tcp $HOME_NET any -> [181.12.187.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.12.187.239/; sid:902054988; rev:1;) alert tcp $HOME_NET any -> [125.63.106.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.63.106.22/; sid:900623952; rev:1;) alert tcp $HOME_NET any -> [113.161.148.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.161.148.81/; sid:900623894; rev:1;) alert tcp $HOME_NET any -> [102.182.145.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.145.130/; sid:900623891; rev:1;) alert tcp $HOME_NET any -> [190.147.137.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.137.153/; sid:900623890; rev:1;) alert tcp $HOME_NET any -> [24.234.242.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.242.248/; sid:900623887; rev:1;) alert tcp $HOME_NET any -> [132.248.38.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.38.158/; sid:900623893; rev:1;) alert tcp $HOME_NET any -> [182.73.185.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.185.122/; sid:900623896; rev:1;) alert tcp $HOME_NET any -> [195.82.165.181] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.82.165.181/; sid:900623886; rev:1;) alert tcp $HOME_NET any -> [113.160.180.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.180.109/; sid:900623895; rev:1;) alert tcp $HOME_NET any -> [199.83.161.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.83.161.218/; sid:900623892; rev:1;) alert tcp $HOME_NET any -> [179.232.65.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.232.65.117/; sid:900623889; rev:1;) alert tcp $HOME_NET any -> [211.184.5.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.184.5.163/; sid:900623881; rev:1;) alert tcp $HOME_NET any -> [1.163.152.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.163.152.120/; sid:902049861; rev:1;) alert tcp $HOME_NET any -> [187.212.208.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.212.208.8/; sid:900623880; rev:1;) alert tcp $HOME_NET any -> [87.252.100.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.252.100.28/; sid:900623882; rev:1;) alert tcp $HOME_NET any -> [190.190.134.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.134.145/; sid:900623884; rev:1;) alert tcp $HOME_NET any -> [78.12.139.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.12.139.80/; sid:900623879; rev:1;) alert tcp $HOME_NET any -> [189.171.215.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.171.215.211/; sid:902048158; rev:1;) alert tcp $HOME_NET any -> [185.160.212.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.160.212.5/; sid:900623878; rev:1;) alert tcp $HOME_NET any -> [67.254.19.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.19.89/; sid:900623885; rev:1;) alert tcp $HOME_NET any -> [101.187.97.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.97.173/; sid:900623875; rev:1;) alert tcp $HOME_NET any -> [42.200.191.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.191.247/; sid:900623876; rev:1;) alert tcp $HOME_NET any -> [72.231.228.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.231.228.196/; sid:900623877; rev:1;) alert tcp $HOME_NET any -> [5.255.96.12] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.12/; sid:900623874; rev:1;) alert tcp $HOME_NET any -> [212.80.216.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.181/; sid:900623870; rev:1;) alert tcp $HOME_NET any -> [194.5.250.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.168/; sid:900623868; rev:1;) alert tcp $HOME_NET any -> [156.67.114.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.67.114.199/; sid:900623864; rev:1;) alert tcp $HOME_NET any -> [118.200.116.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.200.116.83/; sid:900623901; rev:1;) alert tcp $HOME_NET any -> [42.115.51.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.51.217/; sid:900623865; rev:1;) alert tcp $HOME_NET any -> [153.174.73.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.174.73.130/; sid:902039140; rev:1;) alert tcp $HOME_NET any -> [201.189.105.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.189.105.16/; sid:900623863; rev:1;) alert tcp $HOME_NET any -> [91.219.169.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.219.169.180/; sid:900623942; rev:1;) alert tcp $HOME_NET any -> [93.123.22.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.22.241/; sid:900623869; rev:1;) alert tcp $HOME_NET any -> [154.120.227.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.227.190/; sid:902131609; rev:1;) alert tcp $HOME_NET any -> [36.231.77.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.231.77.54/; sid:900623860; rev:1;) alert tcp $HOME_NET any -> [185.32.46.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.32.46.109/; sid:902035698; rev:1;) alert tcp $HOME_NET any -> [79.10.57.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.10.57.78/; sid:900623867; rev:1;) alert tcp $HOME_NET any -> [186.3.232.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.232.68/; sid:900623872; rev:1;) alert tcp $HOME_NET any -> [189.201.197.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.201.197.106/; sid:900623862; rev:1;) alert tcp $HOME_NET any -> [122.160.18.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.160.18.54/; sid:902034685; rev:1;) alert tcp $HOME_NET any -> [163.53.180.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.53.180.227/; sid:900623859; rev:1;) alert tcp $HOME_NET any -> [60.142.249.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.142.249.243/; sid:900623871; rev:1;) alert tcp $HOME_NET any -> [74.105.51.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.105.51.75/; sid:900623866; rev:1;) alert tcp $HOME_NET any -> [47.147.25.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.147.25.205/; sid:902034192; rev:1;) alert tcp $HOME_NET any -> [45.148.120.30] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.30/; sid:900623883; rev:1;) alert tcp $HOME_NET any -> [85.204.116.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.179/; sid:900623857; rev:1;) alert tcp $HOME_NET any -> [152.32.78.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.32.78.6/; sid:900623858; rev:1;) alert tcp $HOME_NET any -> [79.99.107.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.99.107.130/; sid:900623856; rev:1;) alert tcp $HOME_NET any -> [143.0.87.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.87.101/; sid:900623851; rev:1;) alert tcp $HOME_NET any -> [120.150.76.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.76.215/; sid:900623850; rev:1;) alert tcp $HOME_NET any -> [200.58.180.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.180.130/; sid:900623853; rev:1;) alert tcp $HOME_NET any -> [186.189.228.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.189.228.84/; sid:900623852; rev:1;) alert tcp $HOME_NET any -> [37.211.44.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.44.113/; sid:900623854; rev:1;) alert tcp $HOME_NET any -> [189.173.41.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.41.239/; sid:900623848; rev:1;) alert tcp $HOME_NET any -> [216.132.25.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.132.25.162/; sid:900623849; rev:1;) alert tcp $HOME_NET any -> [47.146.123.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.123.171/; sid:900623855; rev:1;) alert tcp $HOME_NET any -> [51.89.115.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.99/; sid:900623842; rev:1;) alert tcp $HOME_NET any -> [5.34.176.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.184/; sid:900623841; rev:1;) alert tcp $HOME_NET any -> [187.156.77.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.77.88/; sid:902033873; rev:1;) alert tcp $HOME_NET any -> [51.89.115.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.103/; sid:900623836; rev:1;) alert tcp $HOME_NET any -> [194.5.250.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.166/; sid:900623832; rev:1;) alert tcp $HOME_NET any -> [202.52.247.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.52.247.178/; sid:900623837; rev:1;) alert tcp $HOME_NET any -> [60.51.77.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.51.77.247/; sid:900623831; rev:1;) alert tcp $HOME_NET any -> [203.122.18.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.18.234/; sid:900623829; rev:1;) alert tcp $HOME_NET any -> [181.167.53.79] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.53.79/; sid:900623827; rev:1;) alert tcp $HOME_NET any -> [76.185.158.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.158.177/; sid:900623830; rev:1;) alert tcp $HOME_NET any -> [75.133.26.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.133.26.185/; sid:900623828; rev:1;) alert tcp $HOME_NET any -> [186.167.16.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.167.16.242/; sid:900623844; rev:1;) alert tcp $HOME_NET any -> [80.87.195.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.195.21/; sid:900623833; rev:1;) alert tcp $HOME_NET any -> [92.223.93.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.223.93.153/; sid:900623834; rev:1;) alert tcp $HOME_NET any -> [62.109.1.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.1.7/; sid:900623835; rev:1;) alert tcp $HOME_NET any -> [5.255.96.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.153/; sid:900623839; rev:1;) alert tcp $HOME_NET any -> [220.128.125.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.128.125.18/; sid:900623824; rev:1;) alert tcp $HOME_NET any -> [37.208.106.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.106.146/; sid:902029000; rev:1;) alert tcp $HOME_NET any -> [27.104.130.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.104.130.189/; sid:902028993; rev:1;) alert tcp $HOME_NET any -> [78.188.44.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.44.18/; sid:902028986; rev:1;) alert tcp $HOME_NET any -> [89.108.158.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.108.158.234/; sid:900623822; rev:1;) alert tcp $HOME_NET any -> [190.85.152.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.152.185/; sid:900623821; rev:1;) alert tcp $HOME_NET any -> [181.31.211.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.211.181/; sid:900623845; rev:1;) alert tcp $HOME_NET any -> [181.61.224.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.224.26/; sid:900623820; rev:1;) alert tcp $HOME_NET any -> [152.168.28.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.28.89/; sid:902028944; rev:1;) alert tcp $HOME_NET any -> [74.130.137.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.130.137.231/; sid:902028941; rev:1;) alert tcp $HOME_NET any -> [197.232.17.199] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.17.199/; sid:902028932; rev:1;) alert tcp $HOME_NET any -> [5.89.175.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.89.175.136/; sid:902028914; rev:1;) alert tcp $HOME_NET any -> [73.138.254.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.138.254.236/; sid:902028913; rev:1;) alert tcp $HOME_NET any -> [94.156.35.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.216/; sid:900623840; rev:1;) alert tcp $HOME_NET any -> [74.58.165.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.165.170/; sid:900623819; rev:1;) alert tcp $HOME_NET any -> [112.68.240.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.68.240.21/; sid:900623818; rev:1;) alert tcp $HOME_NET any -> [104.32.141.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.32.141.43/; sid:900623817; rev:1;) alert tcp $HOME_NET any -> [5.39.91.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.91.110/; sid:902028392; rev:1;) alert tcp $HOME_NET any -> [59.20.65.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.20.65.102/; sid:900623815; rev:1;) alert tcp $HOME_NET any -> [71.10.114.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.10.114.255/; sid:900623816; rev:1;) alert tcp $HOME_NET any -> [54.39.177.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.177.43/; sid:900623814; rev:1;) alert tcp $HOME_NET any -> [130.204.245.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.204.245.137/; sid:900623811; rev:1;) alert tcp $HOME_NET any -> [181.60.247.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.247.8/; sid:900623812; rev:1;) alert tcp $HOME_NET any -> [201.17.193.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.17.193.151/; sid:900623888; rev:1;) alert tcp $HOME_NET any -> [104.131.103.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.103.37/; sid:902028280; rev:1;) alert tcp $HOME_NET any -> [37.222.74.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.222.74.104/; sid:900623813; rev:1;) alert tcp $HOME_NET any -> [124.168.81.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.168.81.80/; sid:900623823; rev:1;) alert tcp $HOME_NET any -> [202.187.195.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.187.195.57/; sid:900623810; rev:1;) alert tcp $HOME_NET any -> [5.182.210.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.120/; sid:900623843; rev:1;) alert tcp $HOME_NET any -> [180.21.76.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.21.76.82/; sid:900623809; rev:1;) alert tcp $HOME_NET any -> [185.14.30.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.209/; sid:900623847; rev:1;) alert tcp $HOME_NET any -> [85.217.170.227] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.170.227/; sid:900623846; rev:1;) alert tcp $HOME_NET any -> [203.208.99.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.208.99.236/; sid:902027019; rev:1;) alert tcp $HOME_NET any -> [181.122.172.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.122.172.67/; sid:900623807; rev:1;) alert tcp $HOME_NET any -> [201.184.43.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.43.107/; sid:900623873; rev:1;) alert tcp $HOME_NET any -> [190.240.194.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.194.77/; sid:902017442; rev:1;) alert tcp $HOME_NET any -> [61.231.97.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.231.97.26/; sid:902017424; rev:1;) alert tcp $HOME_NET any -> [202.69.40.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.69.40.18/; sid:902017392; rev:1;) alert tcp $HOME_NET any -> [54.39.189.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.189.21/; sid:902017391; rev:1;) alert tcp $HOME_NET any -> [5.188.168.136] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.136/; sid:900623804; rev:1;) alert tcp $HOME_NET any -> [190.2.31.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.2.31.172/; sid:900623802; rev:1;) alert tcp $HOME_NET any -> [190.52.207.190] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.52.207.190/; sid:900623803; rev:1;) alert tcp $HOME_NET any -> [77.90.136.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.90.136.129/; sid:902014165; rev:1;) alert tcp $HOME_NET any -> [187.188.163.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.163.98/; sid:900623801; rev:1;) alert tcp $HOME_NET any -> [115.75.6.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.75.6.2/; sid:900623825; rev:1;) alert tcp $HOME_NET any -> [95.9.95.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.95.101/; sid:900623838; rev:1;) alert tcp $HOME_NET any -> [196.179.249.76] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.179.249.76/; sid:902013827; rev:1;) alert tcp $HOME_NET any -> [103.77.100.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.77.100.32/; sid:900623805; rev:1;) alert tcp $HOME_NET any -> [124.110.255.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.110.255.7/; sid:902013807; rev:1;) alert tcp $HOME_NET any -> [2.91.134.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.91.134.211/; sid:902013802; rev:1;) alert tcp $HOME_NET any -> [190.111.215.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.3/; sid:900623799; rev:1;) alert tcp $HOME_NET any -> [120.150.142.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.142.241/; sid:900623800; rev:1;) alert tcp $HOME_NET any -> [178.156.202.143] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.143/; sid:900623793; rev:1;) alert tcp $HOME_NET any -> [89.211.112.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.112.137/; sid:900623794; rev:1;) alert tcp $HOME_NET any -> [93.147.157.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.157.195/; sid:900623796; rev:1;) alert tcp $HOME_NET any -> [181.54.245.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.245.85/; sid:900623790; rev:1;) alert tcp $HOME_NET any -> [189.220.246.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.220.246.167/; sid:900623792; rev:1;) alert tcp $HOME_NET any -> [190.165.21.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.165.21.5/; sid:902011239; rev:1;) alert tcp $HOME_NET any -> [115.160.150.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.160.150.86/; sid:900623786; rev:1;) alert tcp $HOME_NET any -> [152.169.32.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.32.195/; sid:900623798; rev:1;) alert tcp $HOME_NET any -> [89.216.23.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.23.167/; sid:900623795; rev:1;) alert tcp $HOME_NET any -> [181.52.73.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.52.73.233/; sid:900623787; rev:1;) alert tcp $HOME_NET any -> [1.9.150.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.9.150.202/; sid:902011210; rev:1;) alert tcp $HOME_NET any -> [186.138.210.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.210.130/; sid:900623791; rev:1;) alert tcp $HOME_NET any -> [189.173.177.96] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.177.96/; sid:900623788; rev:1;) alert tcp $HOME_NET any -> [14.190.157.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.190.157.56/; sid:900623780; rev:1;) alert tcp $HOME_NET any -> [125.99.17.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.17.181/; sid:900623779; rev:1;) alert tcp $HOME_NET any -> [94.182.203.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.182.203.158/; sid:900623782; rev:1;) alert tcp $HOME_NET any -> [183.131.156.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.131.156.10/; sid:902010618; rev:1;) alert tcp $HOME_NET any -> [103.61.109.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.61.109.13/; sid:900623781; rev:1;) alert tcp $HOME_NET any -> [182.54.220.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.54.220.249/; sid:902010602; rev:1;) alert tcp $HOME_NET any -> [49.176.162.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.176.162.90/; sid:902148827; rev:1;) alert tcp $HOME_NET any -> [5.45.108.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.45.108.146/; sid:902010401; rev:1;) alert tcp $HOME_NET any -> [70.32.115.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.115.157/; sid:902010393; rev:1;) alert tcp $HOME_NET any -> [88.249.1.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.1.225/; sid:900623808; rev:1;) alert tcp $HOME_NET any -> [177.66.190.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.66.190.130/; sid:900623784; rev:1;) alert tcp $HOME_NET any -> [189.123.239.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.123.239.235/; sid:900623785; rev:1;) alert tcp $HOME_NET any -> [185.10.202.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.10.202.137/; sid:900623773; rev:1;) alert tcp $HOME_NET any -> [187.208.252.175] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.252.175/; sid:902010378; rev:1;) alert tcp $HOME_NET any -> [64.184.36.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.184.36.98/; sid:902010373; rev:1;) alert tcp $HOME_NET any -> [73.234.2.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.234.2.52/; sid:902010365; rev:1;) alert tcp $HOME_NET any -> [110.145.77.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.77.103/; sid:900623770; rev:1;) alert tcp $HOME_NET any -> [153.181.212.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.181.212.155/; sid:900623776; rev:1;) alert tcp $HOME_NET any -> [168.235.67.138] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.67.138/; sid:902010358; rev:1;) alert tcp $HOME_NET any -> [24.249.73.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.249.73.48/; sid:900623772; rev:1;) alert tcp $HOME_NET any -> [102.182.229.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.182.229.224/; sid:900623778; rev:1;) alert tcp $HOME_NET any -> [173.79.107.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.79.107.84/; sid:900623771; rev:1;) alert tcp $HOME_NET any -> [187.162.250.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.250.23/; sid:900623774; rev:1;) alert tcp $HOME_NET any -> [103.216.216.95] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.216.216.95/; sid:902009334; rev:1;) alert tcp $HOME_NET any -> [88.217.172.79] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.217.172.79/; sid:902009333; rev:1;) alert tcp $HOME_NET any -> [46.249.199.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.199.233/; sid:902009332; rev:1;) alert tcp $HOME_NET any -> [182.184.29.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.29.137/; sid:900623766; rev:1;) alert tcp $HOME_NET any -> [83.165.112.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.165.112.217/; sid:902008273; rev:1;) alert tcp $HOME_NET any -> [116.90.230.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.90.230.98/; sid:900623783; rev:1;) alert tcp $HOME_NET any -> [212.174.19.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.174.19.87/; sid:900623764; rev:1;) alert tcp $HOME_NET any -> [118.69.70.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.70.109/; sid:900623762; rev:1;) alert tcp $HOME_NET any -> [24.196.13.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.13.216/; sid:900623765; rev:1;) alert tcp $HOME_NET any -> [173.31.172.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.31.172.11/; sid:900623763; rev:1;) alert tcp $HOME_NET any -> [212.80.216.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.209/; sid:900623759; rev:1;) alert tcp $HOME_NET any -> [178.156.202.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.130/; sid:900623753; rev:1;) alert tcp $HOME_NET any -> [185.62.188.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.10/; sid:900623752; rev:1;) alert tcp $HOME_NET any -> [163.139.237.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.139.237.65/; sid:900623749; rev:1;) alert tcp $HOME_NET any -> [67.215.46.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.215.46.58/; sid:900623750; rev:1;) alert tcp $HOME_NET any -> [178.156.202.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.120/; sid:900623746; rev:1;) alert tcp $HOME_NET any -> [85.143.216.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.216.206/; sid:900623745; rev:1;) alert tcp $HOME_NET any -> [61.195.228.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.195.228.54/; sid:900623742; rev:1;) alert tcp $HOME_NET any -> [185.36.211.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.36.211.81/; sid:902002392; rev:1;) alert tcp $HOME_NET any -> [185.183.96.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.43/; sid:900623744; rev:1;) alert tcp $HOME_NET any -> [88.250.201.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.201.40/; sid:900623760; rev:1;) alert tcp $HOME_NET any -> [72.10.33.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.10.33.195/; sid:900624610; rev:1;) alert tcp $HOME_NET any -> [181.225.24.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.225.24.251/; sid:900623739; rev:1;) alert tcp $HOME_NET any -> [94.206.82.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.206.82.254/; sid:900623741; rev:1;) alert tcp $HOME_NET any -> [122.11.178.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.178.84/; sid:902002364; rev:1;) alert tcp $HOME_NET any -> [5.34.177.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.177.97/; sid:900623747; rev:1;) alert tcp $HOME_NET any -> [198.58.119.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.119.85/; sid:900623740; rev:1;) alert tcp $HOME_NET any -> [14.141.203.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.141.203.150/; sid:900623756; rev:1;) alert tcp $HOME_NET any -> [195.133.145.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.145.31/; sid:900623748; rev:1;) alert tcp $HOME_NET any -> [113.193.29.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.29.98/; sid:900623754; rev:1;) alert tcp $HOME_NET any -> [95.6.84.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.6.84.189/; sid:900623757; rev:1;) alert tcp $HOME_NET any -> [68.202.51.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.202.51.4/; sid:900623751; rev:1;) alert tcp $HOME_NET any -> [152.170.196.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.196.157/; sid:900623736; rev:1;) alert tcp $HOME_NET any -> [117.7.236.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.7.236.115/; sid:900623755; rev:1;) alert tcp $HOME_NET any -> [189.14.80.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.14.80.194/; sid:900624098; rev:1;) alert tcp $HOME_NET any -> [139.218.104.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.218.104.239/; sid:902002246; rev:1;) alert tcp $HOME_NET any -> [190.13.215.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.215.114/; sid:900623737; rev:1;) alert tcp $HOME_NET any -> [103.8.112.222] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.8.112.222/; sid:902002241; rev:1;) alert tcp $HOME_NET any -> [83.169.21.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.21.32/; sid:902002230; rev:1;) alert tcp $HOME_NET any -> [74.105.117.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.105.117.118/; sid:900623733; rev:1;) alert tcp $HOME_NET any -> [185.94.252.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.104/; sid:902002215; rev:1;) alert tcp $HOME_NET any -> [162.255.112.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.255.112.157/; sid:900623731; rev:1;) alert tcp $HOME_NET any -> [82.39.42.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.39.42.86/; sid:900623761; rev:1;) alert tcp $HOME_NET any -> [203.153.216.182] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.182/; sid:900623729; rev:1;) alert tcp $HOME_NET any -> [59.120.228.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.120.228.67/; sid:900623730; rev:1;) alert tcp $HOME_NET any -> [2.50.182.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.182.138/; sid:902002166; rev:1;) alert tcp $HOME_NET any -> [81.215.14.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.14.128/; sid:900623777; rev:1;) alert tcp $HOME_NET any -> [177.72.13.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.72.13.80/; sid:900623721; rev:1;) alert tcp $HOME_NET any -> [181.30.69.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.69.50/; sid:900624305; rev:1;) alert tcp $HOME_NET any -> [179.127.59.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.127.59.210/; sid:900623722; rev:1;) alert tcp $HOME_NET any -> [200.127.51.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.51.94/; sid:900623738; rev:1;) alert tcp $HOME_NET any -> [61.92.159.208] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.92.159.208/; sid:901999481; rev:1;) alert tcp $HOME_NET any -> [147.83.10.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.10.59/; sid:900623734; rev:1;) alert tcp $HOME_NET any -> [110.37.226.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.226.196/; sid:900623724; rev:1;) alert tcp $HOME_NET any -> [185.99.2.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.193/; sid:900623720; rev:1;) alert tcp $HOME_NET any -> [190.164.206.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.164.206.121/; sid:900623728; rev:1;) alert tcp $HOME_NET any -> [113.160.88.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.160.88.86/; sid:900623723; rev:1;) alert tcp $HOME_NET any -> [190.143.38.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.143.38.211/; sid:900623789; rev:1;) alert tcp $HOME_NET any -> [190.17.195.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.195.202/; sid:900623797; rev:1;) alert tcp $HOME_NET any -> [60.42.240.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.42.240.192/; sid:901997553; rev:1;) alert tcp $HOME_NET any -> [176.202.106.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.106.124/; sid:901997393; rev:1;) alert tcp $HOME_NET any -> [5.182.210.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.4/; sid:900623725; rev:1;) alert tcp $HOME_NET any -> [177.6.166.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.6.166.4/; sid:900623716; rev:1;) alert tcp $HOME_NET any -> [190.188.51.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.51.185/; sid:900623758; rev:1;) alert tcp $HOME_NET any -> [210.186.132.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.186.132.68/; sid:901996961; rev:1;) alert tcp $HOME_NET any -> [86.247.108.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.247.108.13/; sid:900623719; rev:1;) alert tcp $HOME_NET any -> [152.168.82.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.82.36/; sid:901996945; rev:1;) alert tcp $HOME_NET any -> [71.202.49.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.202.49.79/; sid:901996714; rev:1;) alert tcp $HOME_NET any -> [87.127.197.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.127.197.7/; sid:900623715; rev:1;) alert tcp $HOME_NET any -> [47.47.196.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.47.196.171/; sid:900623713; rev:1;) alert tcp $HOME_NET any -> [191.92.120.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.120.49/; sid:900623717; rev:1;) alert tcp $HOME_NET any -> [50.91.82.212] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.91.82.212/; sid:900623714; rev:1;) alert tcp $HOME_NET any -> [24.179.13.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.179.13.67/; sid:900623732; rev:1;) alert tcp $HOME_NET any -> [118.69.71.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.71.14/; sid:900623735; rev:1;) alert tcp $HOME_NET any -> [109.228.57.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.57.105/; sid:901996499; rev:1;) alert tcp $HOME_NET any -> [104.36.41.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.36.41.18/; sid:901996497; rev:1;) alert tcp $HOME_NET any -> [173.86.9.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.86.9.242/; sid:901996305; rev:1;) alert tcp $HOME_NET any -> [189.212.199.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.212.199.126/; sid:900624258; rev:1;) alert tcp $HOME_NET any -> [123.202.209.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.202.209.62/; sid:901996242; rev:1;) alert tcp $HOME_NET any -> [72.202.237.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.202.237.228/; sid:901996241; rev:1;) alert tcp $HOME_NET any -> [108.6.170.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.6.170.195/; sid:900623743; rev:1;) alert tcp $HOME_NET any -> [24.204.47.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.204.47.87/; sid:901996114; rev:1;) alert tcp $HOME_NET any -> [47.148.241.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.148.241.179/; sid:901996113; rev:1;) alert tcp $HOME_NET any -> [24.249.63.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.249.63.138/; sid:901995761; rev:1;) alert tcp $HOME_NET any -> [125.139.65.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.139.65.177/; sid:901995753; rev:1;) alert tcp $HOME_NET any -> [114.151.14.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.151.14.161/; sid:901995729; rev:1;) alert tcp $HOME_NET any -> [185.135.109.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.109.128/; sid:900624086; rev:1;) alert tcp $HOME_NET any -> [2.45.165.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.45.165.235/; sid:901993963; rev:1;) alert tcp $HOME_NET any -> [211.23.95.233] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.23.95.233/; sid:901993956; rev:1;) alert tcp $HOME_NET any -> [189.1.185.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.1.185.248/; sid:900623710; rev:1;) alert tcp $HOME_NET any -> [110.145.101.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.101.66/; sid:900623707; rev:1;) alert tcp $HOME_NET any -> [72.44.93.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.44.93.233/; sid:900623769; rev:1;) alert tcp $HOME_NET any -> [147.83.10.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.10.212/; sid:900623708; rev:1;) alert tcp $HOME_NET any -> [89.249.222.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.249.222.142/; sid:900623709; rev:1;) alert tcp $HOME_NET any -> [78.186.174.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.174.210/; sid:900623726; rev:1;) alert tcp $HOME_NET any -> [200.73.228.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.73.228.225/; sid:900624153; rev:1;) alert tcp $HOME_NET any -> [182.191.75.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.75.93/; sid:900623706; rev:1;) alert tcp $HOME_NET any -> [201.82.155.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.82.155.121/; sid:900623703; rev:1;) alert tcp $HOME_NET any -> [193.204.179.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.204.179.46/; sid:901991259; rev:1;) alert tcp $HOME_NET any -> [185.243.92.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.243.92.42/; sid:901991257; rev:1;) alert tcp $HOME_NET any -> [186.250.113.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.250.113.201/; sid:900623700; rev:1;) alert tcp $HOME_NET any -> [189.180.84.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.84.98/; sid:901991100; rev:1;) alert tcp $HOME_NET any -> [110.145.124.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.145.124.178/; sid:900623727; rev:1;) alert tcp $HOME_NET any -> [187.190.47.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.47.173/; sid:901991090; rev:1;) alert tcp $HOME_NET any -> [98.239.119.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.239.119.52/; sid:901991026; rev:1;) alert tcp $HOME_NET any -> [80.86.91.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.91.91/; sid:901990964; rev:1;) alert tcp $HOME_NET any -> [47.26.155.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.26.155.17/; sid:901990827; rev:1;) alert tcp $HOME_NET any -> [64.44.133.39] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.39/; sid:900623692; rev:1;) alert tcp $HOME_NET any -> [66.85.173.20] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.20/; sid:900623693; rev:1;) alert tcp $HOME_NET any -> [45.148.120.31] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.31/; sid:900623694; rev:1;) alert tcp $HOME_NET any -> [120.151.194.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.194.117/; sid:900623702; rev:1;) alert tcp $HOME_NET any -> [23.95.231.164] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.231.164/; sid:900623690; rev:1;) alert tcp $HOME_NET any -> [190.3.183.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.3.183.18/; sid:900623768; rev:1;) alert tcp $HOME_NET any -> [175.207.12.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.207.12.52/; sid:900623767; rev:1;) alert tcp $HOME_NET any -> [85.204.116.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.84/; sid:900623689; rev:1;) alert tcp $HOME_NET any -> [51.89.73.154] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.154/; sid:900623695; rev:1;) alert tcp $HOME_NET any -> [195.123.220.154] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.154/; sid:900623691; rev:1;) alert tcp $HOME_NET any -> [185.63.32.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.63.32.149/; sid:900623712; rev:1;) alert tcp $HOME_NET any -> [73.32.177.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.32.177.21/; sid:900623718; rev:1;) alert tcp $HOME_NET any -> [71.126.247.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.126.247.90/; sid:900623699; rev:1;) alert tcp $HOME_NET any -> [172.221.229.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.221.229.86/; sid:900623701; rev:1;) alert tcp $HOME_NET any -> [113.61.66.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.61.66.94/; sid:900624025; rev:1;) alert tcp $HOME_NET any -> [5.32.84.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.84.54/; sid:900623681; rev:1;) alert tcp $HOME_NET any -> [182.71.222.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.71.222.187/; sid:901974204; rev:1;) alert tcp $HOME_NET any -> [64.207.176.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.207.176.4/; sid:900623680; rev:1;) alert tcp $HOME_NET any -> [129.205.201.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.205.201.163/; sid:900623688; rev:1;) alert tcp $HOME_NET any -> [216.195.168.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.195.168.93/; sid:901973976; rev:1;) alert tcp $HOME_NET any -> [187.162.248.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.248.237/; sid:900623676; rev:1;) alert tcp $HOME_NET any -> [45.118.133.154] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.133.154/; sid:900623678; rev:1;) alert tcp $HOME_NET any -> [91.236.4.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.236.4.234/; sid:901973973; rev:1;) alert tcp $HOME_NET any -> [37.211.90.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.90.253/; sid:900623683; rev:1;) alert tcp $HOME_NET any -> [149.210.171.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.210.171.237/; sid:900623679; rev:1;) alert tcp $HOME_NET any -> [85.100.115.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.100.115.92/; sid:900623684; rev:1;) alert tcp $HOME_NET any -> [213.107.110.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.252/; sid:900623677; rev:1;) alert tcp $HOME_NET any -> [71.222.233.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.222.233.135/; sid:900623697; rev:1;) alert tcp $HOME_NET any -> [173.73.87.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.73.87.96/; sid:900623705; rev:1;) alert tcp $HOME_NET any -> [213.60.19.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.60.19.245/; sid:900623669; rev:1;) alert tcp $HOME_NET any -> [24.18.202.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.18.202.68/; sid:901969480; rev:1;) alert tcp $HOME_NET any -> [76.86.17.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.17.1/; sid:900623667; rev:1;) alert tcp $HOME_NET any -> [173.16.62.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.16.62.227/; sid:901969432; rev:1;) alert tcp $HOME_NET any -> [107.172.165.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.165.149/; sid:900623664; rev:1;) alert tcp $HOME_NET any -> [101.141.5.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.141.5.17/; sid:900623668; rev:1;) alert tcp $HOME_NET any -> [78.188.33.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.33.71/; sid:900623673; rev:1;) alert tcp $HOME_NET any -> [188.227.84.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.227.84.209/; sid:900623663; rev:1;) alert tcp $HOME_NET any -> [47.155.214.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.155.214.239/; sid:900623665; rev:1;) alert tcp $HOME_NET any -> [5.2.78.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.70/; sid:900623661; rev:1;) alert tcp $HOME_NET any -> [185.186.77.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.222/; sid:900623659; rev:1;) alert tcp $HOME_NET any -> [88.99.112.87] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.99.112.87/; sid:900623658; rev:1;) alert tcp $HOME_NET any -> [81.177.180.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.180.254/; sid:900623657; rev:1;) alert tcp $HOME_NET any -> [185.65.202.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.240/; sid:900623662; rev:1;) alert tcp $HOME_NET any -> [51.254.164.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.164.240/; sid:900623656; rev:1;) alert tcp $HOME_NET any -> [45.148.120.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.120.13/; sid:900623653; rev:1;) alert tcp $HOME_NET any -> [193.26.217.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.243/; sid:900623652; rev:1;) alert tcp $HOME_NET any -> [185.11.146.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.86/; sid:900623651; rev:1;) alert tcp $HOME_NET any -> [110.232.188.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.232.188.29/; sid:900623649; rev:1;) alert tcp $HOME_NET any -> [70.187.114.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.187.114.147/; sid:900623654; rev:1;) alert tcp $HOME_NET any -> [98.15.121.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.15.121.180/; sid:900623655; rev:1;) alert tcp $HOME_NET any -> [152.169.31.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.31.120/; sid:900623650; rev:1;) alert tcp $HOME_NET any -> [5.2.77.18] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.18/; sid:900623648; rev:1;) alert tcp $HOME_NET any -> [185.99.2.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.52/; sid:900623671; rev:1;) alert tcp $HOME_NET any -> [146.185.253.181] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.181/; sid:900623670; rev:1;) alert tcp $HOME_NET any -> [5.34.177.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.177.40/; sid:900623672; rev:1;) alert tcp $HOME_NET any -> [195.123.219.69] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.219.69/; sid:900623647; rev:1;) alert tcp $HOME_NET any -> [5.2.78.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.77/; sid:900623675; rev:1;) alert tcp $HOME_NET any -> [46.229.213.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.229.213.27/; sid:900623674; rev:1;) alert tcp $HOME_NET any -> [194.5.250.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.52/; sid:900623646; rev:1;) alert tcp $HOME_NET any -> [91.74.88.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.88.6/; sid:900623645; rev:1;) alert tcp $HOME_NET any -> [50.251.171.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.251.171.165/; sid:901960765; rev:1;) alert tcp $HOME_NET any -> [189.235.233.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.235.233.119/; sid:901960756; rev:1;) alert tcp $HOME_NET any -> [24.167.122.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.167.122.146/; sid:900623642; rev:1;) alert tcp $HOME_NET any -> [174.53.195.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.53.195.88/; sid:900623641; rev:1;) alert tcp $HOME_NET any -> [173.24.68.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.24.68.195/; sid:900623640; rev:1;) alert tcp $HOME_NET any -> [42.115.22.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.22.145/; sid:900623644; rev:1;) alert tcp $HOME_NET any -> [71.197.197.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.197.197.100/; sid:900623643; rev:1;) alert tcp $HOME_NET any -> [94.156.35.119] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.119/; sid:900623638; rev:1;) alert tcp $HOME_NET any -> [5.255.96.108] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.255.96.108/; sid:900623637; rev:1;) alert tcp $HOME_NET any -> [212.109.220.222] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.220.222/; sid:900623636; rev:1;) alert tcp $HOME_NET any -> [212.109.195.175] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.195.175/; sid:900623635; rev:1;) alert tcp $HOME_NET any -> [198.211.121.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.211.121.27/; sid:900623633; rev:1;) alert tcp $HOME_NET any -> [190.70.1.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.70.1.69/; sid:900623631; rev:1;) alert tcp $HOME_NET any -> [94.76.247.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.76.247.61/; sid:900623632; rev:1;) alert tcp $HOME_NET any -> [110.44.113.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.44.113.2/; sid:900623628; rev:1;) alert tcp $HOME_NET any -> [45.55.179.121] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.179.121/; sid:900623634; rev:1;) alert tcp $HOME_NET any -> [104.236.28.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.28.47/; sid:900623627; rev:1;) alert tcp $HOME_NET any -> [104.131.41.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.41.185/; sid:900623630; rev:1;) alert tcp $HOME_NET any -> [101.100.137.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.100.137.135/; sid:900623624; rev:1;) alert tcp $HOME_NET any -> [60.151.66.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.151.66.216/; sid:901937550; rev:1;) alert tcp $HOME_NET any -> [186.6.245.26] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.6.245.26/; sid:900623639; rev:1;) alert tcp $HOME_NET any -> [190.101.144.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.101.144.224/; sid:901937068; rev:1;) alert tcp $HOME_NET any -> [186.10.92.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.92.114/; sid:900623621; rev:1;) alert tcp $HOME_NET any -> [105.27.155.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.27.155.182/; sid:900623623; rev:1;) alert tcp $HOME_NET any -> [210.213.85.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.213.85.43/; sid:900623622; rev:1;) alert tcp $HOME_NET any -> [92.38.171.11] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.11/; sid:900623619; rev:1;) alert tcp $HOME_NET any -> [85.143.220.73] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.73/; sid:900623616; rev:1;) alert tcp $HOME_NET any -> [162.154.175.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.154.175.215/; sid:900623615; rev:1;) alert tcp $HOME_NET any -> [186.10.98.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.98.177/; sid:901926136; rev:1;) alert tcp $HOME_NET any -> [95.66.182.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.66.182.136/; sid:900623617; rev:1;) alert tcp $HOME_NET any -> [113.52.123.226] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.52.123.226/; sid:900623614; rev:1;) alert tcp $HOME_NET any -> [65.184.222.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.184.222.119/; sid:900623613; rev:1;) alert tcp $HOME_NET any -> [89.19.20.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.19.20.202/; sid:900623611; rev:1;) alert tcp $HOME_NET any -> [104.236.161.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.161.64/; sid:900623610; rev:1;) alert tcp $HOME_NET any -> [70.127.155.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.127.155.33/; sid:900623612; rev:1;) alert tcp $HOME_NET any -> [212.80.217.162] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.162/; sid:900623605; rev:1;) alert tcp $HOME_NET any -> [195.123.240.197] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.197/; sid:900623604; rev:1;) alert tcp $HOME_NET any -> [212.109.195.100] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.195.100/; sid:900623602; rev:1;) alert tcp $HOME_NET any -> [163.172.107.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.107.70/; sid:901919343; rev:1;) alert tcp $HOME_NET any -> [192.241.241.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.241.221/; sid:901919328; rev:1;) alert tcp $HOME_NET any -> [177.188.121.26] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.188.121.26/; sid:900623597; rev:1;) alert tcp $HOME_NET any -> [181.60.244.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.244.48/; sid:900623598; rev:1;) alert tcp $HOME_NET any -> [91.72.179.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.72.179.214/; sid:901919265; rev:1;) alert tcp $HOME_NET any -> [70.184.112.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.112.55/; sid:901919256; rev:1;) alert tcp $HOME_NET any -> [104.193.252.168] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.168/; sid:900623603; rev:1;) alert tcp $HOME_NET any -> [85.96.49.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.49.152/; sid:900623601; rev:1;) alert tcp $HOME_NET any -> [125.207.127.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.207.127.86/; sid:900623594; rev:1;) alert tcp $HOME_NET any -> [74.208.45.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.45.104/; sid:900623596; rev:1;) alert tcp $HOME_NET any -> [108.190.109.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.109.107/; sid:900623593; rev:1;) alert tcp $HOME_NET any -> [174.83.116.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.83.116.77/; sid:900623595; rev:1;) alert tcp $HOME_NET any -> [83.220.168.254] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.220.168.254/; sid:900623592; rev:1;) alert tcp $HOME_NET any -> [95.181.198.236] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.236/; sid:900623606; rev:1;) alert tcp $HOME_NET any -> [198.8.91.25] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.25/; sid:900623607; rev:1;) alert tcp $HOME_NET any -> [109.236.109.159] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.236.109.159/; sid:900623696; rev:1;) alert tcp $HOME_NET any -> [5.34.158.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.158.102/; sid:900623600; rev:1;) alert tcp $HOME_NET any -> [194.99.21.137] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.21.137/; sid:900623591; rev:1;) alert tcp $HOME_NET any -> [85.217.170.137] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.170.137/; sid:900623590; rev:1;) alert tcp $HOME_NET any -> [31.16.195.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.16.195.72/; sid:900623618; rev:1;) alert tcp $HOME_NET any -> [93.189.41.185] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.185/; sid:900623609; rev:1;) alert tcp $HOME_NET any -> [154.70.158.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.70.158.97/; sid:900623625; rev:1;) alert tcp $HOME_NET any -> [175.139.209.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.139.209.3/; sid:900623583; rev:1;) alert tcp $HOME_NET any -> [184.172.27.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.172.27.82/; sid:900623584; rev:1;) alert tcp $HOME_NET any -> [74.50.51.115] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.50.51.115/; sid:900623586; rev:1;) alert tcp $HOME_NET any -> [146.255.96.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.255.96.214/; sid:900623582; rev:1;) alert tcp $HOME_NET any -> [185.66.12.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.12.59/; sid:900623587; rev:1;) alert tcp $HOME_NET any -> [78.188.170.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.170.128/; sid:901913751; rev:1;) alert tcp $HOME_NET any -> [178.62.75.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.75.204/; sid:900623578; rev:1;) alert tcp $HOME_NET any -> [68.183.18.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.18.169/; sid:900623581; rev:1;) alert tcp $HOME_NET any -> [70.60.238.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.60.238.62/; sid:900623580; rev:1;) alert tcp $HOME_NET any -> [184.162.115.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.162.115.11/; sid:901913726; rev:1;) alert tcp $HOME_NET any -> [136.243.205.112] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.205.112/; sid:900623577; rev:1;) alert tcp $HOME_NET any -> [218.255.173.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.255.173.106/; sid:900623576; rev:1;) alert tcp $HOME_NET any -> [23.243.215.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.243.215.4/; sid:900623575; rev:1;) alert tcp $HOME_NET any -> [200.69.224.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.69.224.73/; sid:900623585; rev:1;) alert tcp $HOME_NET any -> [207.177.72.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.177.72.129/; sid:900623574; rev:1;) alert tcp $HOME_NET any -> [64.66.6.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.66.6.71/; sid:900623698; rev:1;) alert tcp $HOME_NET any -> [195.250.143.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.250.143.182/; sid:900623579; rev:1;) alert tcp $HOME_NET any -> [223.197.185.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.197.185.60/; sid:900623629; rev:1;) alert tcp $HOME_NET any -> [5.2.75.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.75.93/; sid:900623566; rev:1;) alert tcp $HOME_NET any -> [85.204.116.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.237/; sid:900623565; rev:1;) alert tcp $HOME_NET any -> [195.123.216.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.216.223/; sid:900623564; rev:1;) alert tcp $HOME_NET any -> [93.189.42.146] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.146/; sid:900623563; rev:1;) alert tcp $HOME_NET any -> [211.192.153.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.192.153.224/; sid:900623561; rev:1;) alert tcp $HOME_NET any -> [23.92.16.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.16.164/; sid:900623560; rev:1;) alert tcp $HOME_NET any -> [14.201.35.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.201.35.38/; sid:901892870; rev:1;) alert tcp $HOME_NET any -> [5.182.210.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.230/; sid:900623555; rev:1;) alert tcp $HOME_NET any -> [185.99.2.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.160/; sid:900623554; rev:1;) alert tcp $HOME_NET any -> [5.2.75.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.75.167/; sid:900623553; rev:1;) alert tcp $HOME_NET any -> [194.5.250.155] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.155/; sid:900623550; rev:1;) alert tcp $HOME_NET any -> [194.87.238.87] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.238.87/; sid:900623551; rev:1;) alert tcp $HOME_NET any -> [185.178.46.184] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.178.46.184/; sid:900623552; rev:1;) alert tcp $HOME_NET any -> [189.78.156.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.78.156.8/; sid:900623558; rev:1;) alert tcp $HOME_NET any -> [144.139.228.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.228.113/; sid:900623557; rev:1;) alert tcp $HOME_NET any -> [118.200.47.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.200.47.120/; sid:900623556; rev:1;) alert tcp $HOME_NET any -> [146.185.219.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.165/; sid:900623549; rev:1;) alert tcp $HOME_NET any -> [164.68.120.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.56/; sid:900623547; rev:1;) alert tcp $HOME_NET any -> [51.89.115.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.116/; sid:900623548; rev:1;) alert tcp $HOME_NET any -> [74.108.124.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.108.124.180/; sid:900623573; rev:1;) alert tcp $HOME_NET any -> [37.211.67.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.67.229/; sid:901883310; rev:1;) alert tcp $HOME_NET any -> [202.229.211.95] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.229.211.95/; sid:900623543; rev:1;) alert tcp $HOME_NET any -> [87.81.51.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.81.51.125/; sid:901883178; rev:1;) alert tcp $HOME_NET any -> [190.146.205.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.205.227/; sid:900623806; rev:1;) alert tcp $HOME_NET any -> [202.175.121.202] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.175.121.202/; sid:900623536; rev:1;) alert tcp $HOME_NET any -> [222.144.13.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.144.13.169/; sid:900623537; rev:1;) alert tcp $HOME_NET any -> [70.184.9.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.9.39/; sid:900623538; rev:1;) alert tcp $HOME_NET any -> [150.246.246.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.246.246.238/; sid:900623542; rev:1;) alert tcp $HOME_NET any -> [186.138.186.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.186.74/; sid:900623541; rev:1;) alert tcp $HOME_NET any -> [151.231.7.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.231.7.154/; sid:900623568; rev:1;) alert tcp $HOME_NET any -> [72.176.87.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.176.87.136/; sid:900623544; rev:1;) alert tcp $HOME_NET any -> [108.6.140.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.6.140.26/; sid:900623535; rev:1;) alert tcp $HOME_NET any -> [189.159.112.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.112.237/; sid:901877269; rev:1;) alert tcp $HOME_NET any -> [115.65.111.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.65.111.148/; sid:902113102; rev:1;) alert tcp $HOME_NET any -> [45.55.65.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.65.123/; sid:900623528; rev:1;) alert tcp $HOME_NET any -> [42.200.226.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.226.58/; sid:900623527; rev:1;) alert tcp $HOME_NET any -> [78.101.70.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.70.199/; sid:900623530; rev:1;) alert tcp $HOME_NET any -> [188.218.104.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.218.104.226/; sid:900623522; rev:1;) alert tcp $HOME_NET any -> [73.125.15.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.125.15.41/; sid:900623524; rev:1;) alert tcp $HOME_NET any -> [146.185.253.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.18/; sid:900623545; rev:1;) alert tcp $HOME_NET any -> [70.180.35.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.180.35.211/; sid:900623562; rev:1;) alert tcp $HOME_NET any -> [88.225.230.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.230.33/; sid:901876589; rev:1;) alert tcp $HOME_NET any -> [185.207.57.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.207.57.205/; sid:901876581; rev:1;) alert tcp $HOME_NET any -> [88.247.53.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.53.159/; sid:901876575; rev:1;) alert tcp $HOME_NET any -> [81.214.142.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.142.115/; sid:900623533; rev:1;) alert tcp $HOME_NET any -> [190.63.7.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.63.7.166/; sid:900623520; rev:1;) alert tcp $HOME_NET any -> [203.45.161.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.45.161.179/; sid:900623523; rev:1;) alert tcp $HOME_NET any -> [177.103.157.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.157.126/; sid:900623526; rev:1;) alert tcp $HOME_NET any -> [99.229.254.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.229.254.209/; sid:900623521; rev:1;) alert tcp $HOME_NET any -> [75.114.235.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.114.235.105/; sid:900623529; rev:1;) alert tcp $HOME_NET any -> [186.200.205.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.200.205.170/; sid:900623540; rev:1;) alert tcp $HOME_NET any -> [190.131.167.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.167.50/; sid:901869505; rev:1;) alert tcp $HOME_NET any -> [115.95.6.218] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.95.6.218/; sid:901869498; rev:1;) alert tcp $HOME_NET any -> [152.168.248.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.248.128/; sid:900623516; rev:1;) alert tcp $HOME_NET any -> [74.101.225.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.101.225.121/; sid:900623518; rev:1;) alert tcp $HOME_NET any -> [181.196.27.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.27.123/; sid:901869431; rev:1;) alert tcp $HOME_NET any -> [175.181.7.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.181.7.188/; sid:901869418; rev:1;) alert tcp $HOME_NET any -> [81.214.253.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.253.80/; sid:900623515; rev:1;) alert tcp $HOME_NET any -> [68.114.229.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.114.229.171/; sid:900623517; rev:1;) alert tcp $HOME_NET any -> [180.33.71.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.33.71.88/; sid:900623519; rev:1;) alert tcp $HOME_NET any -> [61.37.31.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.37.31.243/; sid:900624096; rev:1;) alert tcp $HOME_NET any -> [181.167.96.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.96.215/; sid:900624687; rev:1;) alert tcp $HOME_NET any -> [85.143.219.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.58/; sid:900623567; rev:1;) alert tcp $HOME_NET any -> [178.20.74.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.20.74.212/; sid:900623569; rev:1;) alert tcp $HOME_NET any -> [5.199.130.105] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.199.130.105/; sid:900623514; rev:1;) alert tcp $HOME_NET any -> [176.9.43.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.43.37/; sid:900623513; rev:1;) alert tcp $HOME_NET any -> [5.196.200.208] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.200.208/; sid:901862873; rev:1;) alert tcp $HOME_NET any -> [81.213.78.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.78.151/; sid:900623511; rev:1;) alert tcp $HOME_NET any -> [185.94.252.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.12/; sid:901862611; rev:1;) alert tcp $HOME_NET any -> [90.69.145.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.69.145.210/; sid:900623512; rev:1;) alert tcp $HOME_NET any -> [91.242.136.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.242.136.103/; sid:900623506; rev:1;) alert tcp $HOME_NET any -> [186.223.86.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.223.86.136/; sid:901859573; rev:1;) alert tcp $HOME_NET any -> [220.247.70.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.247.70.174/; sid:900623504; rev:1;) alert tcp $HOME_NET any -> [178.152.92.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.92.246/; sid:900623503; rev:1;) alert tcp $HOME_NET any -> [153.137.36.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.137.36.142/; sid:900623501; rev:1;) alert tcp $HOME_NET any -> [74.130.83.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.130.83.133/; sid:900623508; rev:1;) alert tcp $HOME_NET any -> [76.104.80.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.104.80.47/; sid:900623507; rev:1;) alert tcp $HOME_NET any -> [153.183.25.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.183.25.24/; sid:900623502; rev:1;) alert tcp $HOME_NET any -> [68.62.245.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.62.245.148/; sid:900623505; rev:1;) alert tcp $HOME_NET any -> [5.2.79.72] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.72/; sid:900623497; rev:1;) alert tcp $HOME_NET any -> [64.44.133.131] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.131/; sid:900623498; rev:1;) alert tcp $HOME_NET any -> [85.204.116.233] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.233/; sid:900623499; rev:1;) alert tcp $HOME_NET any -> [195.123.221.53] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.53/; sid:900623495; rev:1;) alert tcp $HOME_NET any -> [146.185.253.177] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.177/; sid:900623494; rev:1;) alert tcp $HOME_NET any -> [179.208.84.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.208.84.218/; sid:900623486; rev:1;) alert tcp $HOME_NET any -> [195.223.215.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.223.215.190/; sid:900623488; rev:1;) alert tcp $HOME_NET any -> [78.101.95.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.101.95.172/; sid:901838813; rev:1;) alert tcp $HOME_NET any -> [178.33.167.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.167.120/; sid:901838788; rev:1;) alert tcp $HOME_NET any -> [24.70.40.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.70.40.15/; sid:901838787; rev:1;) alert tcp $HOME_NET any -> [62.75.141.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.141.82/; sid:901838784; rev:1;) alert tcp $HOME_NET any -> [201.236.135.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.135.104/; sid:900623483; rev:1;) alert tcp $HOME_NET any -> [190.143.39.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.143.39.231/; sid:900623482; rev:1;) alert tcp $HOME_NET any -> [205.185.117.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.117.108/; sid:901838775; rev:1;) alert tcp $HOME_NET any -> [60.250.78.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.250.78.22/; sid:901838763; rev:1;) alert tcp $HOME_NET any -> [190.114.244.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.114.244.182/; sid:900623481; rev:1;) alert tcp $HOME_NET any -> [200.71.200.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.200.4/; sid:900623484; rev:1;) alert tcp $HOME_NET any -> [188.85.143.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.85.143.170/; sid:900623487; rev:1;) alert tcp $HOME_NET any -> [59.135.126.129] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.135.126.129/; sid:900623485; rev:1;) alert tcp $HOME_NET any -> [100.6.23.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.6.23.40/; sid:900623480; rev:1;) alert tcp $HOME_NET any -> [98.199.196.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.199.196.197/; sid:900623493; rev:1;) alert tcp $HOME_NET any -> [85.105.241.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.241.192/; sid:900623492; rev:1;) alert tcp $HOME_NET any -> [98.192.74.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.192.74.164/; sid:900623489; rev:1;) alert tcp $HOME_NET any -> [61.221.152.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.221.152.140/; sid:900623475; rev:1;) alert tcp $HOME_NET any -> [122.176.116.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.116.57/; sid:900623477; rev:1;) alert tcp $HOME_NET any -> [200.82.88.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.88.254/; sid:900623472; rev:1;) alert tcp $HOME_NET any -> [58.92.179.55] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.92.179.55/; sid:900623473; rev:1;) alert tcp $HOME_NET any -> [101.187.197.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.197.33/; sid:900623463; rev:1;) alert tcp $HOME_NET any -> [98.30.113.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.30.113.161/; sid:900623469; rev:1;) alert tcp $HOME_NET any -> [181.13.24.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.24.82/; sid:900623464; rev:1;) alert tcp $HOME_NET any -> [78.142.114.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.142.114.69/; sid:900623470; rev:1;) alert tcp $HOME_NET any -> [201.229.45.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.229.45.222/; sid:900623465; rev:1;) alert tcp $HOME_NET any -> [81.17.92.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.17.92.70/; sid:900623468; rev:1;) alert tcp $HOME_NET any -> [185.160.229.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.160.229.26/; sid:901830766; rev:1;) alert tcp $HOME_NET any -> [64.40.250.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.250.5/; sid:900623467; rev:1;) alert tcp $HOME_NET any -> [68.172.243.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.172.243.146/; sid:900623466; rev:1;) alert tcp $HOME_NET any -> [70.123.95.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.95.180/; sid:900623462; rev:1;) alert tcp $HOME_NET any -> [177.103.240.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.240.93/; sid:900623471; rev:1;) alert tcp $HOME_NET any -> [202.62.39.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.62.39.111/; sid:900623589; rev:1;) alert tcp $HOME_NET any -> [200.82.170.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.170.231/; sid:900623559; rev:1;) alert tcp $HOME_NET any -> [91.117.159.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.159.233/; sid:901825464; rev:1;) alert tcp $HOME_NET any -> [81.16.1.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.16.1.45/; sid:901825463; rev:1;) alert tcp $HOME_NET any -> [181.129.96.162] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.96.162/; sid:900623453; rev:1;) alert tcp $HOME_NET any -> [97.120.32.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.120.32.227/; sid:901825458; rev:1;) alert tcp $HOME_NET any -> [83.35.213.87] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.35.213.87/; sid:900623459; rev:1;) alert tcp $HOME_NET any -> [82.152.149.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.152.149.79/; sid:900623454; rev:1;) alert tcp $HOME_NET any -> [73.239.11.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.239.11.159/; sid:900623457; rev:1;) alert tcp $HOME_NET any -> [189.26.118.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.26.118.194/; sid:900623940; rev:1;) alert tcp $HOME_NET any -> [95.213.236.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.236.64/; sid:901824336; rev:1;) alert tcp $HOME_NET any -> [72.189.57.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.189.57.105/; sid:900623449; rev:1;) alert tcp $HOME_NET any -> [187.72.47.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.72.47.161/; sid:900623474; rev:1;) alert tcp $HOME_NET any -> [122.19.63.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.19.63.27/; sid:900623451; rev:1;) alert tcp $HOME_NET any -> [125.209.114.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.114.180/; sid:900623458; rev:1;) alert tcp $HOME_NET any -> [211.20.154.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.20.154.102/; sid:901824074; rev:1;) alert tcp $HOME_NET any -> [76.11.76.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.11.76.47/; sid:900623447; rev:1;) alert tcp $HOME_NET any -> [61.204.119.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.204.119.188/; sid:902017410; rev:1;) alert tcp $HOME_NET any -> [24.141.12.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.141.12.228/; sid:900623445; rev:1;) alert tcp $HOME_NET any -> [24.196.49.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.49.98/; sid:900623448; rev:1;) alert tcp $HOME_NET any -> [5.34.176.242] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.242/; sid:900623450; rev:1;) alert tcp $HOME_NET any -> [185.105.1.141] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.105.1.141/; sid:900623452; rev:1;) alert tcp $HOME_NET any -> [5.182.210.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.226/; sid:900623430; rev:1;) alert tcp $HOME_NET any -> [188.165.62.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.36/; sid:900623429; rev:1;) alert tcp $HOME_NET any -> [198.23.252.132] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.132/; sid:900623428; rev:1;) alert tcp $HOME_NET any -> [5.34.176.218] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.218/; sid:900623427; rev:1;) alert tcp $HOME_NET any -> [185.99.2.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.117/; sid:900623425; rev:1;) alert tcp $HOME_NET any -> [93.189.46.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.46.122/; sid:900623423; rev:1;) alert tcp $HOME_NET any -> [201.213.100.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.100.141/; sid:902285339; rev:1;) alert tcp $HOME_NET any -> [94.176.234.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.176.234.118/; sid:901814770; rev:1;) alert tcp $HOME_NET any -> [139.47.135.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.47.135.215/; sid:900623418; rev:1;) alert tcp $HOME_NET any -> [186.177.165.196] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.165.196/; sid:900623419; rev:1;) alert tcp $HOME_NET any -> [60.152.212.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.152.212.149/; sid:900623434; rev:1;) alert tcp $HOME_NET any -> [95.130.37.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.130.37.244/; sid:901814706; rev:1;) alert tcp $HOME_NET any -> [77.74.78.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.74.78.80/; sid:901814704; rev:1;) alert tcp $HOME_NET any -> [160.226.171.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.226.171.255/; sid:901814701; rev:1;) alert tcp $HOME_NET any -> [181.54.246.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.246.80/; sid:900623415; rev:1;) alert tcp $HOME_NET any -> [186.147.245.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.147.245.204/; sid:900623416; rev:1;) alert tcp $HOME_NET any -> [165.255.142.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.142.118/; sid:900623414; rev:1;) alert tcp $HOME_NET any -> [5.2.78.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.43/; sid:900623421; rev:1;) alert tcp $HOME_NET any -> [120.151.135.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.135.224/; sid:901814522; rev:1;) alert tcp $HOME_NET any -> [197.89.27.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.27.26/; sid:900623410; rev:1;) alert tcp $HOME_NET any -> [72.186.137.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.186.137.156/; sid:900623412; rev:1;) alert tcp $HOME_NET any -> [58.171.38.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.38.26/; sid:900623444; rev:1;) alert tcp $HOME_NET any -> [162.247.155.133] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.133/; sid:900623413; rev:1;) alert tcp $HOME_NET any -> [70.184.69.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.69.146/; sid:900623422; rev:1;) alert tcp $HOME_NET any -> [76.185.136.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.136.132/; sid:900623417; rev:1;) alert tcp $HOME_NET any -> [185.142.99.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.8/; sid:900623424; rev:1;) alert tcp $HOME_NET any -> [146.185.253.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.122/; sid:900623431; rev:1;) alert tcp $HOME_NET any -> [82.146.62.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.62.52/; sid:900623432; rev:1;) alert tcp $HOME_NET any -> [85.143.220.228] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.228/; sid:900623433; rev:1;) alert tcp $HOME_NET any -> [212.109.220.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.220.111/; sid:900623435; rev:1;) alert tcp $HOME_NET any -> [104.168.96.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.96.113/; sid:900623439; rev:1;) alert tcp $HOME_NET any -> [85.143.217.237] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.237/; sid:900623443; rev:1;) alert tcp $HOME_NET any -> [5.182.210.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.246/; sid:900623510; rev:1;) alert tcp $HOME_NET any -> [5.2.78.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.98/; sid:900623406; rev:1;) alert tcp $HOME_NET any -> [185.62.188.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.34/; sid:900623407; rev:1;) alert tcp $HOME_NET any -> [78.189.180.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.180.107/; sid:900623403; rev:1;) alert tcp $HOME_NET any -> [37.139.21.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.21.175/; sid:901812044; rev:1;) alert tcp $HOME_NET any -> [183.82.123.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.123.60/; sid:900623399; rev:1;) alert tcp $HOME_NET any -> [210.171.146.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.171.146.118/; sid:901812018; rev:1;) alert tcp $HOME_NET any -> [125.209.114.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.114.182/; sid:901812016; rev:1;) alert tcp $HOME_NET any -> [60.130.173.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.130.173.117/; sid:900623436; rev:1;) alert tcp $HOME_NET any -> [78.189.60.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.60.109/; sid:900623401; rev:1;) alert tcp $HOME_NET any -> [76.87.58.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.87.58.38/; sid:901812001; rev:1;) alert tcp $HOME_NET any -> [186.15.52.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.52.123/; sid:900623408; rev:1;) alert tcp $HOME_NET any -> [2.47.112.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.47.112.72/; sid:900623395; rev:1;) alert tcp $HOME_NET any -> [177.34.142.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.34.142.163/; sid:901811994; rev:1;) alert tcp $HOME_NET any -> [172.104.169.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.169.32/; sid:901811986; rev:1;) alert tcp $HOME_NET any -> [120.150.247.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.247.164/; sid:900623393; rev:1;) alert tcp $HOME_NET any -> [59.120.5.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.120.5.154/; sid:900623397; rev:1;) alert tcp $HOME_NET any -> [192.241.143.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.143.52/; sid:900623394; rev:1;) alert tcp $HOME_NET any -> [93.189.41.107] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.107/; sid:900623438; rev:1;) alert tcp $HOME_NET any -> [76.69.26.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.26.71/; sid:900623409; rev:1;) alert tcp $HOME_NET any -> [66.7.242.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.7.242.50/; sid:900623411; rev:1;) alert tcp $HOME_NET any -> [86.123.138.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.138.76/; sid:900623396; rev:1;) alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900623402; rev:1;) alert tcp $HOME_NET any -> [154.73.137.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.73.137.131/; sid:900623398; rev:1;) alert tcp $HOME_NET any -> [177.239.160.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.239.160.121/; sid:900623426; rev:1;) alert tcp $HOME_NET any -> [91.250.96.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.250.96.22/; sid:900623405; rev:1;) alert tcp $HOME_NET any -> [89.211.186.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.186.227/; sid:900623404; rev:1;) alert tcp $HOME_NET any -> [189.201.197.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.201.197.98/; sid:900623599; rev:1;) alert tcp $HOME_NET any -> [62.109.15.126] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.15.126/; sid:900623392; rev:1;) alert tcp $HOME_NET any -> [78.24.221.145] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.221.145/; sid:900623387; rev:1;) alert tcp $HOME_NET any -> [195.133.146.185] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.146.185/; sid:900623388; rev:1;) alert tcp $HOME_NET any -> [92.63.98.59] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.98.59/; sid:900623385; rev:1;) alert tcp $HOME_NET any -> [176.31.87.209] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.87.209/; sid:900623384; rev:1;) alert tcp $HOME_NET any -> [212.109.223.162] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.162/; sid:900623383; rev:1;) alert tcp $HOME_NET any -> [185.186.77.247] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.247/; sid:900623382; rev:1;) alert tcp $HOME_NET any -> [195.123.218.13] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.218.13/; sid:900623377; rev:1;) alert tcp $HOME_NET any -> [195.123.218.14] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.218.14/; sid:900623378; rev:1;) alert tcp $HOME_NET any -> [189.179.108.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.179.108.157/; sid:900623367; rev:1;) alert tcp $HOME_NET any -> [27.109.153.201] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.153.201/; sid:900623371; rev:1;) alert tcp $HOME_NET any -> [88.249.120.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.120.205/; sid:900623389; rev:1;) alert tcp $HOME_NET any -> [60.231.217.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.231.217.199/; sid:900623373; rev:1;) alert tcp $HOME_NET any -> [98.174.166.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.174.166.205/; sid:900623374; rev:1;) alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900623370; rev:1;) alert tcp $HOME_NET any -> [221.165.123.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.165.123.72/; sid:900623369; rev:1;) alert tcp $HOME_NET any -> [177.103.159.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.159.44/; sid:901794091; rev:1;) alert tcp $HOME_NET any -> [190.151.5.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.5.130/; sid:900623365; rev:1;) alert tcp $HOME_NET any -> [190.191.82.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.82.216/; sid:900623366; rev:1;) alert tcp $HOME_NET any -> [76.31.115.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.31.115.125/; sid:901794068; rev:1;) alert tcp $HOME_NET any -> [198.199.112.197] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.112.197/; sid:900623364; rev:1;) alert tcp $HOME_NET any -> [106.248.79.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.248.79.174/; sid:900623375; rev:1;) alert tcp $HOME_NET any -> [183.91.3.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.91.3.63/; sid:900623376; rev:1;) alert tcp $HOME_NET any -> [41.215.79.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.79.182/; sid:900623379; rev:1;) alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900623372; rev:1;) alert tcp $HOME_NET any -> [146.185.253.107] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.107/; sid:900623363; rev:1;) alert tcp $HOME_NET any -> [194.5.250.97] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.97/; sid:900624517; rev:1;) alert tcp $HOME_NET any -> [103.94.122.254] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.122.254/; sid:900623386; rev:1;) alert tcp $HOME_NET any -> [198.8.91.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.10/; sid:900623360; rev:1;) alert tcp $HOME_NET any -> [23.95.231.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.231.187/; sid:900623359; rev:1;) alert tcp $HOME_NET any -> [5.2.76.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.122/; sid:900623358; rev:1;) alert tcp $HOME_NET any -> [92.63.105.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.105.138/; sid:900623353; rev:1;) alert tcp $HOME_NET any -> [85.143.219.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.230/; sid:900623357; rev:1;) alert tcp $HOME_NET any -> [95.181.198.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.151/; sid:900623354; rev:1;) alert tcp $HOME_NET any -> [185.99.2.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.149/; sid:900623355; rev:1;) alert tcp $HOME_NET any -> [79.174.12.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.174.12.245/; sid:900623356; rev:1;) alert tcp $HOME_NET any -> [188.0.135.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.0.135.237/; sid:900623352; rev:1;) alert tcp $HOME_NET any -> [58.162.218.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.162.218.151/; sid:900623336; rev:1;) alert tcp $HOME_NET any -> [114.109.179.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.179.60/; sid:900623340; rev:1;) alert tcp $HOME_NET any -> [177.92.14.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.92.14.34/; sid:901764506; rev:1;) alert tcp $HOME_NET any -> [41.60.200.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.200.34/; sid:900623332; rev:1;) alert tcp $HOME_NET any -> [181.126.70.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.70.117/; sid:900623330; rev:1;) alert tcp $HOME_NET any -> [5.32.55.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.55.214/; sid:900623334; rev:1;) alert tcp $HOME_NET any -> [173.66.96.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.66.96.135/; sid:900623347; rev:1;) alert tcp $HOME_NET any -> [186.86.247.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.247.171/; sid:900623331; rev:1;) alert tcp $HOME_NET any -> [180.33.6.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.33.6.136/; sid:900623338; rev:1;) alert tcp $HOME_NET any -> [78.210.132.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.210.132.35/; sid:900623345; rev:1;) alert tcp $HOME_NET any -> [112.68.254.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.68.254.127/; sid:900623325; rev:1;) alert tcp $HOME_NET any -> [1.221.254.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.221.254.82/; sid:900623329; rev:1;) alert tcp $HOME_NET any -> [1.217.126.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.217.126.11/; sid:900623324; rev:1;) alert tcp $HOME_NET any -> [91.73.169.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.169.210/; sid:900623328; rev:1;) alert tcp $HOME_NET any -> [86.108.77.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.108.77.73/; sid:900623327; rev:1;) alert tcp $HOME_NET any -> [196.6.119.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.6.119.137/; sid:900623326; rev:1;) alert tcp $HOME_NET any -> [47.180.91.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.91.213/; sid:900623333; rev:1;) alert tcp $HOME_NET any -> [45.73.157.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.157.243/; sid:900623335; rev:1;) alert tcp $HOME_NET any -> [113.190.254.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.190.254.245/; sid:900623339; rev:1;) alert tcp $HOME_NET any -> [190.38.152.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.152.143/; sid:901763642; rev:1;) alert tcp $HOME_NET any -> [190.231.42.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.231.42.130/; sid:901763641; rev:1;) alert tcp $HOME_NET any -> [187.54.225.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.54.225.76/; sid:901763640; rev:1;) alert tcp $HOME_NET any -> [209.146.22.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.146.22.34/; sid:900623321; rev:1;) alert tcp $HOME_NET any -> [73.217.39.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.217.39.73/; sid:900623337; rev:1;) alert tcp $HOME_NET any -> [190.55.181.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.181.54/; sid:900623320; rev:1;) alert tcp $HOME_NET any -> [178.153.176.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.176.124/; sid:900623348; rev:1;) alert tcp $HOME_NET any -> [139.130.242.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.242.43/; sid:900623319; rev:1;) alert tcp $HOME_NET any -> [189.203.177.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.41/; sid:900623323; rev:1;) alert tcp $HOME_NET any -> [201.137.247.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.247.222/; sid:900623317; rev:1;) alert tcp $HOME_NET any -> [190.201.144.85] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.144.85/; sid:900623362; rev:1;) alert tcp $HOME_NET any -> [75.86.6.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.86.6.174/; sid:901763290; rev:1;) alert tcp $HOME_NET any -> [91.205.173.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.173.150/; sid:900623318; rev:1;) alert tcp $HOME_NET any -> [88.249.181.198] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.198/; sid:900623343; rev:1;) alert tcp $HOME_NET any -> [183.87.40.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.40.21/; sid:900623341; rev:1;) alert tcp $HOME_NET any -> [5.2.77.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.116/; sid:900623344; rev:1;) alert tcp $HOME_NET any -> [185.172.129.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.101/; sid:900623313; rev:1;) alert tcp $HOME_NET any -> [194.32.79.187] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.79.187/; sid:900623346; rev:1;) alert tcp $HOME_NET any -> [185.144.138.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.144.138.190/; sid:900623361; rev:1;) alert tcp $HOME_NET any -> [185.99.2.131] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.131/; sid:900623349; rev:1;) alert tcp $HOME_NET any -> [198.23.252.115] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.115/; sid:900623350; rev:1;) alert tcp $HOME_NET any -> [167.86.123.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.123.176/; sid:900623351; rev:1;) alert tcp $HOME_NET any -> [91.191.206.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.206.60/; sid:900624026; rev:1;) alert tcp $HOME_NET any -> [181.231.220.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.220.232/; sid:900623380; rev:1;) alert tcp $HOME_NET any -> [79.7.158.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.7.158.208/; sid:900623310; rev:1;) alert tcp $HOME_NET any -> [110.170.65.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.170.65.146/; sid:900623312; rev:1;) alert tcp $HOME_NET any -> [62.15.36.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.15.36.103/; sid:900623309; rev:1;) alert tcp $HOME_NET any -> [94.200.126.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.126.42/; sid:900623381; rev:1;) alert tcp $HOME_NET any -> [110.2.118.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.2.118.164/; sid:900623305; rev:1;) alert tcp $HOME_NET any -> [190.231.210.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.231.210.35/; sid:901740807; rev:1;) alert tcp $HOME_NET any -> [181.53.29.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.53.29.136/; sid:900623302; rev:1;) alert tcp $HOME_NET any -> [182.187.137.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.187.137.199/; sid:900623342; rev:1;) alert tcp $HOME_NET any -> [112.186.195.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.186.195.176/; sid:900623311; rev:1;) alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900623299; rev:1;) alert tcp $HOME_NET any -> [160.119.153.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.119.153.20/; sid:900623314; rev:1;) alert tcp $HOME_NET any -> [144.139.91.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.91.187/; sid:900623301; rev:1;) alert tcp $HOME_NET any -> [200.45.187.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.45.187.90/; sid:900623303; rev:1;) alert tcp $HOME_NET any -> [185.99.2.209] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.209/; sid:900623295; rev:1;) alert tcp $HOME_NET any -> [172.245.153.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.153.186/; sid:900623294; rev:1;) alert tcp $HOME_NET any -> [5.2.73.126] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.73.126/; sid:900623304; rev:1;) alert tcp $HOME_NET any -> [192.99.255.32] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.255.32/; sid:900623296; rev:1;) alert tcp $HOME_NET any -> [37.230.115.111] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.115.111/; sid:900623298; rev:1;) alert tcp $HOME_NET any -> [185.246.67.49] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.49/; sid:900623306; rev:1;) alert tcp $HOME_NET any -> [198.23.252.138] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.138/; sid:900623297; rev:1;) alert tcp $HOME_NET any -> [114.179.127.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.179.127.48/; sid:900623300; rev:1;) alert tcp $HOME_NET any -> [190.219.149.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.149.236/; sid:900623308; rev:1;) alert tcp $HOME_NET any -> [194.87.95.54] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.95.54/; sid:900623291; rev:1;) alert tcp $HOME_NET any -> [184.164.137.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.137.176/; sid:900623287; rev:1;) alert tcp $HOME_NET any -> [5.2.64.184] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.64.184/; sid:900623289; rev:1;) alert tcp $HOME_NET any -> [46.173.214.227] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.173.214.227/; sid:900623285; rev:1;) alert tcp $HOME_NET any -> [108.20.69.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.20.69.44/; sid:901687139; rev:1;) alert tcp $HOME_NET any -> [200.21.90.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.90.5/; sid:900623286; rev:1;) alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900623283; rev:1;) alert tcp $HOME_NET any -> [59.8.197.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.8.197.241/; sid:900623284; rev:1;) alert tcp $HOME_NET any -> [178.237.139.83] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.237.139.83/; sid:900623282; rev:1;) alert tcp $HOME_NET any -> [210.6.85.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.6.85.121/; sid:900623290; rev:1;) alert tcp $HOME_NET any -> [62.138.26.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.26.28/; sid:901686181; rev:1;) alert tcp $HOME_NET any -> [70.169.53.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.169.53.234/; sid:900623281; rev:1;) alert tcp $HOME_NET any -> [136.243.250.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.250.34/; sid:900623279; rev:1;) alert tcp $HOME_NET any -> [47.153.183.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.153.183.211/; sid:900623307; rev:1;) alert tcp $HOME_NET any -> [172.82.152.14] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.14/; sid:900623278; rev:1;) alert tcp $HOME_NET any -> [107.181.175.119] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.119/; sid:900623276; rev:1;) alert tcp $HOME_NET any -> [185.186.77.229] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.229/; sid:900623277; rev:1;) alert tcp $HOME_NET any -> [164.68.107.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.107.58/; sid:900623275; rev:1;) alert tcp $HOME_NET any -> [188.120.231.230] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.231.230/; sid:900623274; rev:1;) alert tcp $HOME_NET any -> [185.192.109.114] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.192.109.114/; sid:900623273; rev:1;) alert tcp $HOME_NET any -> [185.63.191.109] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.63.191.109/; sid:900623270; rev:1;) alert tcp $HOME_NET any -> [185.11.146.147] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.147/; sid:900623269; rev:1;) alert tcp $HOME_NET any -> [64.44.51.120] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.120/; sid:900623268; rev:1;) alert tcp $HOME_NET any -> [190.247.9.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.247.9.40/; sid:900623913; rev:1;) alert tcp $HOME_NET any -> [203.160.173.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.173.202/; sid:901663847; rev:1;) alert tcp $HOME_NET any -> [186.177.174.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.174.163/; sid:900623271; rev:1;) alert tcp $HOME_NET any -> [5.178.245.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.178.245.100/; sid:900623266; rev:1;) alert tcp $HOME_NET any -> [41.185.29.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.185.29.128/; sid:901663844; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900623293; rev:1;) alert tcp $HOME_NET any -> [203.153.216.178] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.178/; sid:901663825; rev:1;) alert tcp $HOME_NET any -> [158.69.167.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.167.246/; sid:901663820; rev:1;) alert tcp $HOME_NET any -> [211.48.165.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.48.165.9/; sid:901663814; rev:1;) alert tcp $HOME_NET any -> [41.190.148.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.190.148.90/; sid:901663805; rev:1;) alert tcp $HOME_NET any -> [188.251.213.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.251.213.180/; sid:917324300; rev:1;) alert tcp $HOME_NET any -> [14.161.30.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.161.30.33/; sid:900623264; rev:1;) alert tcp $HOME_NET any -> [92.223.59.28] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.223.59.28/; sid:900623260; rev:1;) alert tcp $HOME_NET any -> [203.124.57.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.124.57.50/; sid:900623265; rev:1;) alert tcp $HOME_NET any -> [93.189.41.190] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.190/; sid:900623261; rev:1;) alert tcp $HOME_NET any -> [212.253.82.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.253.82.142/; sid:900623267; rev:1;) alert tcp $HOME_NET any -> [164.68.108.243] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.108.243/; sid:900623258; rev:1;) alert tcp $HOME_NET any -> [107.173.26.231] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.26.231/; sid:900623272; rev:1;) alert tcp $HOME_NET any -> [185.172.129.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.176/; sid:900623257; rev:1;) alert tcp $HOME_NET any -> [85.143.216.194] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.216.194/; sid:900623256; rev:1;) alert tcp $HOME_NET any -> [5.2.78.38] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.38/; sid:900623255; rev:1;) alert tcp $HOME_NET any -> [51.89.115.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.124/; sid:900623253; rev:1;) alert tcp $HOME_NET any -> [146.185.253.164] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.164/; sid:900623254; rev:1;) alert tcp $HOME_NET any -> [188.165.62.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.34/; sid:900623252; rev:1;) alert tcp $HOME_NET any -> [198.23.209.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.209.201/; sid:900623251; rev:1;) alert tcp $HOME_NET any -> [172.82.152.104] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.104/; sid:900623250; rev:1;) alert tcp $HOME_NET any -> [216.251.83.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.83.79/; sid:900623259; rev:1;) alert tcp $HOME_NET any -> [164.68.120.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.60/; sid:900623248; rev:1;) alert tcp $HOME_NET any -> [78.24.223.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.223.88/; sid:900623247; rev:1;) alert tcp $HOME_NET any -> [146.185.253.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.191/; sid:900624173; rev:1;) alert tcp $HOME_NET any -> [36.89.88.111] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.88.111/; sid:900623246; rev:1;) alert tcp $HOME_NET any -> [203.176.135.102] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.135.102/; sid:900623241; rev:1;) alert tcp $HOME_NET any -> [185.213.20.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.213.20.246/; sid:900623242; rev:1;) alert tcp $HOME_NET any -> [185.141.27.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.190/; sid:900623240; rev:1;) alert tcp $HOME_NET any -> [188.120.254.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.254.68/; sid:900623243; rev:1;) alert tcp $HOME_NET any -> [5.2.70.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.70.145/; sid:900623244; rev:1;) alert tcp $HOME_NET any -> [45.8.230.203] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.230.203/; sid:900623245; rev:1;) alert tcp $HOME_NET any -> [185.99.2.128] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.128/; sid:900624402; rev:1;) alert tcp $HOME_NET any -> [93.144.226.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.144.226.57/; sid:900623249; rev:1;) alert tcp $HOME_NET any -> [112.218.134.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.218.134.227/; sid:901633004; rev:1;) alert tcp $HOME_NET any -> [62.109.22.226] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.22.226/; sid:900623234; rev:1;) alert tcp $HOME_NET any -> [177.74.232.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.74.232.124/; sid:900624175; rev:1;) alert tcp $HOME_NET any -> [51.89.115.126] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.126/; sid:900623236; rev:1;) alert tcp $HOME_NET any -> [85.217.171.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.52/; sid:900623237; rev:1;) alert tcp $HOME_NET any -> [45.143.93.9] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.143.93.9/; sid:900623233; rev:1;) alert tcp $HOME_NET any -> [5.2.78.79] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.79/; sid:900623232; rev:1;) alert tcp $HOME_NET any -> [51.89.204.240] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.204.240/; sid:900623229; rev:1;) alert tcp $HOME_NET any -> [185.62.190.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.190.167/; sid:900623230; rev:1;) alert tcp $HOME_NET any -> [146.185.253.126] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.126/; sid:900623226; rev:1;) alert tcp $HOME_NET any -> [5.182.210.221] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.221/; sid:900623221; rev:1;) alert tcp $HOME_NET any -> [185.99.2.168] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.168/; sid:900623222; rev:1;) alert tcp $HOME_NET any -> [92.16.222.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.16.222.156/; sid:900623219; rev:1;) alert tcp $HOME_NET any -> [190.17.94.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.94.108/; sid:900623216; rev:1;) alert tcp $HOME_NET any -> [88.248.140.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.248.140.80/; sid:901597850; rev:1;) alert tcp $HOME_NET any -> [83.248.141.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.248.141.198/; sid:900623227; rev:1;) alert tcp $HOME_NET any -> [151.237.36.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.36.220/; sid:900623209; rev:1;) alert tcp $HOME_NET any -> [200.123.183.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.183.137/; sid:902081585; rev:1;) alert tcp $HOME_NET any -> [190.161.180.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.180.184/; sid:900623212; rev:1;) alert tcp $HOME_NET any -> [37.187.6.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.6.63/; sid:901597696; rev:1;) alert tcp $HOME_NET any -> [190.210.236.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.139/; sid:900623213; rev:1;) alert tcp $HOME_NET any -> [177.242.21.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.21.126/; sid:900623211; rev:1;) alert tcp $HOME_NET any -> [190.189.224.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.224.117/; sid:902034241; rev:1;) alert tcp $HOME_NET any -> [76.164.99.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.164.99.46/; sid:900623220; rev:1;) alert tcp $HOME_NET any -> [209.141.54.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.54.221/; sid:900625505; rev:1;) alert tcp $HOME_NET any -> [177.180.115.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.180.115.224/; sid:900623210; rev:1;) alert tcp $HOME_NET any -> [82.165.15.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.15.188/; sid:901593588; rev:1;) alert tcp $HOME_NET any -> [189.61.200.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.61.200.9/; sid:901593576; rev:1;) alert tcp $HOME_NET any -> [59.148.227.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.227.190/; sid:900623704; rev:1;) alert tcp $HOME_NET any -> [160.16.215.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.215.66/; sid:901593458; rev:1;) alert tcp $HOME_NET any -> [197.94.32.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.32.129/; sid:900623202; rev:1;) alert tcp $HOME_NET any -> [121.88.5.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.88.5.176/; sid:901593451; rev:1;) alert tcp $HOME_NET any -> [219.78.255.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.78.255.48/; sid:901593449; rev:1;) alert tcp $HOME_NET any -> [138.122.5.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.5.214/; sid:900623196; rev:1;) alert tcp $HOME_NET any -> [159.69.89.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.89.130/; sid:900623200; rev:1;) alert tcp $HOME_NET any -> [71.83.82.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.83.82.123/; sid:901593436; rev:1;) alert tcp $HOME_NET any -> [47.149.28.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.28.234/; sid:901593435; rev:1;) alert tcp $HOME_NET any -> [83.165.78.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.165.78.227/; sid:900623195; rev:1;) alert tcp $HOME_NET any -> [219.75.66.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.75.66.103/; sid:900623194; rev:1;) alert tcp $HOME_NET any -> [212.237.50.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.50.61/; sid:900623205; rev:1;) alert tcp $HOME_NET any -> [2.45.112.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.45.112.134/; sid:900623193; rev:1;) alert tcp $HOME_NET any -> [144.217.117.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.117.207/; sid:900623197; rev:1;) alert tcp $HOME_NET any -> [68.187.160.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.187.160.28/; sid:900623239; rev:1;) alert tcp $HOME_NET any -> [24.181.125.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.181.125.62/; sid:900623207; rev:1;) alert tcp $HOME_NET any -> [98.156.206.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.156.206.153/; sid:900623208; rev:1;) alert tcp $HOME_NET any -> [78.189.165.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.165.52/; sid:900623217; rev:1;) alert tcp $HOME_NET any -> [85.100.122.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.100.122.211/; sid:900623218; rev:1;) alert tcp $HOME_NET any -> [165.228.195.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.195.93/; sid:900623223; rev:1;) alert tcp $HOME_NET any -> [175.114.178.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.114.178.83/; sid:900623198; rev:1;) alert tcp $HOME_NET any -> [200.114.167.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.167.85/; sid:900623201; rev:1;) alert tcp $HOME_NET any -> [45.79.75.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.75.232/; sid:900623203; rev:1;) alert tcp $HOME_NET any -> [108.61.99.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.61.99.179/; sid:900623199; rev:1;) alert tcp $HOME_NET any -> [24.105.202.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.105.202.216/; sid:900623322; rev:1;) alert tcp $HOME_NET any -> [24.94.237.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.94.237.248/; sid:900623280; rev:1;) alert tcp $HOME_NET any -> [190.171.153.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.153.139/; sid:900623263; rev:1;) alert tcp $HOME_NET any -> [179.5.118.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.5.118.12/; sid:900623316; rev:1;) alert tcp $HOME_NET any -> [98.178.241.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.178.241.106/; sid:900623288; rev:1;) alert tcp $HOME_NET any -> [191.183.21.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.183.21.190/; sid:900623192; rev:1;) alert tcp $HOME_NET any -> [190.93.210.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.93.210.113/; sid:900623204; rev:1;) alert tcp $HOME_NET any -> [195.123.221.35] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.35/; sid:900623190; rev:1;) alert tcp $HOME_NET any -> [95.9.217.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.217.200/; sid:900623455; rev:1;) alert tcp $HOME_NET any -> [5.34.176.93] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.93/; sid:900623187; rev:1;) alert tcp $HOME_NET any -> [183.99.239.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.99.239.141/; sid:900623181; rev:1;) alert tcp $HOME_NET any -> [82.36.103.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.36.103.14/; sid:901575548; rev:1;) alert tcp $HOME_NET any -> [81.157.234.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.157.234.90/; sid:900623185; rev:1;) alert tcp $HOME_NET any -> [37.211.49.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.49.127/; sid:900623184; rev:1;) alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900623182; rev:1;) alert tcp $HOME_NET any -> [66.25.34.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.25.34.20/; sid:900623179; rev:1;) alert tcp $HOME_NET any -> [184.167.148.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.167.148.162/; sid:900623178; rev:1;) alert tcp $HOME_NET any -> [177.144.130.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.144.130.105/; sid:900623172; rev:1;) alert tcp $HOME_NET any -> [217.181.139.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.181.139.237/; sid:900623175; rev:1;) alert tcp $HOME_NET any -> [185.192.75.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.192.75.240/; sid:901575437; rev:1;) alert tcp $HOME_NET any -> [217.12.70.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.70.226/; sid:900623174; rev:1;) alert tcp $HOME_NET any -> [190.47.236.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.236.83/; sid:900623173; rev:1;) alert tcp $HOME_NET any -> [63.248.198.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.248.198.8/; sid:900623186; rev:1;) alert tcp $HOME_NET any -> [189.19.81.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.19.81.181/; sid:900623183; rev:1;) alert tcp $HOME_NET any -> [66.229.161.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.229.161.86/; sid:900623176; rev:1;) alert tcp $HOME_NET any -> [1.215.28.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.215.28.101/; sid:900623177; rev:1;) alert tcp $HOME_NET any -> [85.143.223.24] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.24/; sid:900623171; rev:1;) alert tcp $HOME_NET any -> [5.182.210.45] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.45/; sid:900623163; rev:1;) alert tcp $HOME_NET any -> [185.99.2.74] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.74/; sid:900623164; rev:1;) alert tcp $HOME_NET any -> [37.70.131.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.70.131.107/; sid:900623169; rev:1;) alert tcp $HOME_NET any -> [95.255.140.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.255.140.89/; sid:901569435; rev:1;) alert tcp $HOME_NET any -> [59.158.164.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.158.164.66/; sid:900623167; rev:1;) alert tcp $HOME_NET any -> [94.203.236.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.203.236.122/; sid:901569431; rev:1;) alert tcp $HOME_NET any -> [220.78.29.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.78.29.88/; sid:901569428; rev:1;) alert tcp $HOME_NET any -> [72.51.153.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.51.153.27/; sid:901569424; rev:1;) alert tcp $HOME_NET any -> [211.42.204.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.42.204.154/; sid:900623160; rev:1;) alert tcp $HOME_NET any -> [156.155.163.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.155.163.232/; sid:900623168; rev:1;) alert tcp $HOME_NET any -> [2.44.167.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.44.167.52/; sid:901568872; rev:1;) alert tcp $HOME_NET any -> [94.200.114.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.114.162/; sid:900623159; rev:1;) alert tcp $HOME_NET any -> [80.103.207.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.103.207.62/; sid:900623157; rev:1;) alert tcp $HOME_NET any -> [24.100.130.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.100.130.206/; sid:901568869; rev:1;) alert tcp $HOME_NET any -> [91.117.83.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.83.59/; sid:900623158; rev:1;) alert tcp $HOME_NET any -> [97.81.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.81.12.153/; sid:901568864; rev:1;) alert tcp $HOME_NET any -> [45.8.136.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.136.201/; sid:900623155; rev:1;) alert tcp $HOME_NET any -> [190.6.193.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.193.152/; sid:900623154; rev:1;) alert tcp $HOME_NET any -> [190.100.153.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.153.162/; sid:900623153; rev:1;) alert tcp $HOME_NET any -> [146.185.219.28] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.28/; sid:900623162; rev:1;) alert tcp $HOME_NET any -> [2.237.76.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.237.76.249/; sid:900623149; rev:1;) alert tcp $HOME_NET any -> [68.118.26.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.118.26.116/; sid:900623151; rev:1;) alert tcp $HOME_NET any -> [211.44.35.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.44.35.111/; sid:900623150; rev:1;) alert tcp $HOME_NET any -> [174.81.132.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.81.132.128/; sid:900623148; rev:1;) alert tcp $HOME_NET any -> [173.247.19.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.247.19.238/; sid:900623147; rev:1;) alert tcp $HOME_NET any -> [74.79.103.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.79.103.55/; sid:900623156; rev:1;) alert tcp $HOME_NET any -> [61.197.110.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.197.110.214/; sid:900623180; rev:1;) alert tcp $HOME_NET any -> [69.14.208.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.14.208.221/; sid:900623161; rev:1;) alert tcp $HOME_NET any -> [37.120.185.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.185.153/; sid:901566287; rev:1;) alert tcp $HOME_NET any -> [2.139.158.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.139.158.136/; sid:900623143; rev:1;) alert tcp $HOME_NET any -> [93.148.252.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.148.252.90/; sid:900623144; rev:1;) alert tcp $HOME_NET any -> [99.252.27.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.252.27.6/; sid:900623145; rev:1;) alert tcp $HOME_NET any -> [130.204.247.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.204.247.253/; sid:900623188; rev:1;) alert tcp $HOME_NET any -> [185.244.167.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.167.25/; sid:901565174; rev:1;) alert tcp $HOME_NET any -> [91.117.131.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.131.122/; sid:900623146; rev:1;) alert tcp $HOME_NET any -> [58.185.224.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.185.224.18/; sid:900623141; rev:1;) alert tcp $HOME_NET any -> [51.77.113.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.113.97/; sid:901565157; rev:1;) alert tcp $HOME_NET any -> [105.225.77.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.77.21/; sid:901565145; rev:1;) alert tcp $HOME_NET any -> [190.38.252.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.252.45/; sid:901565144; rev:1;) alert tcp $HOME_NET any -> [81.0.63.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.63.86/; sid:901564243; rev:1;) alert tcp $HOME_NET any -> [2.235.190.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.235.190.23/; sid:900623142; rev:1;) alert tcp $HOME_NET any -> [24.93.212.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.93.212.32/; sid:901564231; rev:1;) alert tcp $HOME_NET any -> [70.46.247.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.247.81/; sid:900623138; rev:1;) alert tcp $HOME_NET any -> [82.155.161.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.155.161.203/; sid:900623139; rev:1;) alert tcp $HOME_NET any -> [104.137.176.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.137.176.186/; sid:900623137; rev:1;) alert tcp $HOME_NET any -> [174.77.190.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.77.190.137/; sid:900623135; rev:1;) alert tcp $HOME_NET any -> [37.46.132.101] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.132.101/; sid:900623140; rev:1;) alert tcp $HOME_NET any -> [66.209.97.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.209.97.122/; sid:900623136; rev:1;) alert tcp $HOME_NET any -> [152.170.108.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.108.99/; sid:900623826; rev:1;) alert tcp $HOME_NET any -> [85.152.174.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.174.56/; sid:900623461; rev:1;) alert tcp $HOME_NET any -> [181.167.35.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.35.84/; sid:900623152; rev:1;) alert tcp $HOME_NET any -> [212.109.195.15] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.195.15/; sid:900623134; rev:1;) alert tcp $HOME_NET any -> [93.189.42.185] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.185/; sid:900623131; rev:1;) alert tcp $HOME_NET any -> [185.180.198.143] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.143/; sid:900623133; rev:1;) alert tcp $HOME_NET any -> [195.123.241.207] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.207/; sid:900623130; rev:1;) alert tcp $HOME_NET any -> [195.123.245.122] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.122/; sid:900623129; rev:1;) alert tcp $HOME_NET any -> [118.36.70.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.36.70.245/; sid:900623125; rev:1;) alert tcp $HOME_NET any -> [223.255.148.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.255.148.134/; sid:900623122; rev:1;) alert tcp $HOME_NET any -> [192.241.146.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.146.84/; sid:901545388; rev:1;) alert tcp $HOME_NET any -> [80.11.158.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.158.65/; sid:900623123; rev:1;) alert tcp $HOME_NET any -> [111.125.71.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.71.22/; sid:901545380; rev:1;) alert tcp $HOME_NET any -> [87.9.181.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.9.181.247/; sid:900623119; rev:1;) alert tcp $HOME_NET any -> [186.84.173.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.84.173.136/; sid:900623118; rev:1;) alert tcp $HOME_NET any -> [82.146.55.23] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.55.23/; sid:901545236; rev:1;) alert tcp $HOME_NET any -> [100.38.11.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.38.11.243/; sid:900623116; rev:1;) alert tcp $HOME_NET any -> [64.147.15.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.147.15.138/; sid:900623113; rev:1;) alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:901544832; rev:1;) alert tcp $HOME_NET any -> [200.7.243.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.243.108/; sid:900623111; rev:1;) alert tcp $HOME_NET any -> [218.44.21.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.44.21.114/; sid:900623112; rev:1;) alert tcp $HOME_NET any -> [179.13.185.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.185.19/; sid:901544807; rev:1;) alert tcp $HOME_NET any -> [73.214.99.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.214.99.25/; sid:900623110; rev:1;) alert tcp $HOME_NET any -> [113.61.76.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.61.76.239/; sid:900623121; rev:1;) alert tcp $HOME_NET any -> [88.247.26.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.26.78/; sid:900623128; rev:1;) alert tcp $HOME_NET any -> [108.184.9.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.184.9.44/; sid:900623114; rev:1;) alert tcp $HOME_NET any -> [181.46.176.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.176.38/; sid:900623117; rev:1;) alert tcp $HOME_NET any -> [164.68.115.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.115.146/; sid:900623115; rev:1;) alert tcp $HOME_NET any -> [185.14.30.135] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.135/; sid:900623124; rev:1;) alert tcp $HOME_NET any -> [45.9.250.244] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.250.244/; sid:900623108; rev:1;) alert tcp $HOME_NET any -> [185.186.77.243] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.243/; sid:900623106; rev:1;) alert tcp $HOME_NET any -> [193.37.212.139] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.139/; sid:900623107; rev:1;) alert tcp $HOME_NET any -> [198.46.161.216] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.216/; sid:900623103; rev:1;) alert tcp $HOME_NET any -> [31.131.182.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.182.30/; sid:901540953; rev:1;) alert tcp $HOME_NET any -> [138.59.177.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.177.106/; sid:900623100; rev:1;) alert tcp $HOME_NET any -> [45.50.177.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.50.177.164/; sid:900623098; rev:1;) alert tcp $HOME_NET any -> [149.135.123.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.123.65/; sid:901540822; rev:1;) alert tcp $HOME_NET any -> [175.103.239.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.239.50/; sid:900623097; rev:1;) alert tcp $HOME_NET any -> [89.215.225.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.215.225.15/; sid:900623120; rev:1;) alert tcp $HOME_NET any -> [42.51.192.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.51.192.231/; sid:901540787; rev:1;) alert tcp $HOME_NET any -> [178.134.1.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.1.238/; sid:900623095; rev:1;) alert tcp $HOME_NET any -> [47.6.15.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.15.79/; sid:900623102; rev:1;) alert tcp $HOME_NET any -> [168.235.82.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.82.183/; sid:900623315; rev:1;) alert tcp $HOME_NET any -> [186.67.208.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.208.78/; sid:900623132; rev:1;) alert tcp $HOME_NET any -> [192.227.232.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.50/; sid:900623105; rev:1;) alert tcp $HOME_NET any -> [120.51.83.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.83.89/; sid:900623094; rev:1;) alert tcp $HOME_NET any -> [173.91.11.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.91.11.142/; sid:900623101; rev:1;) alert tcp $HOME_NET any -> [96.234.38.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.38.186/; sid:900623096; rev:1;) alert tcp $HOME_NET any -> [73.60.8.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.8.210/; sid:900623099; rev:1;) alert tcp $HOME_NET any -> [192.227.232.116] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.116/; sid:900623086; rev:1;) alert tcp $HOME_NET any -> [86.70.224.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.70.224.211/; sid:900623082; rev:1;) alert tcp $HOME_NET any -> [67.254.196.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.196.78/; sid:900623080; rev:1;) alert tcp $HOME_NET any -> [139.59.12.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.12.63/; sid:901533369; rev:1;) alert tcp $HOME_NET any -> [119.57.36.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.57.36.54/; sid:900623078; rev:1;) alert tcp $HOME_NET any -> [37.46.129.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.129.215/; sid:901533364; rev:1;) alert tcp $HOME_NET any -> [190.161.67.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.67.63/; sid:901533362; rev:1;) alert tcp $HOME_NET any -> [175.127.140.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.127.140.68/; sid:900623077; rev:1;) alert tcp $HOME_NET any -> [86.98.157.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.3/; sid:900623083; rev:1;) alert tcp $HOME_NET any -> [78.187.204.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.204.70/; sid:900623081; rev:1;) alert tcp $HOME_NET any -> [85.72.180.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.72.180.68/; sid:901533344; rev:1;) alert tcp $HOME_NET any -> [64.53.242.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.53.242.181/; sid:900623075; rev:1;) alert tcp $HOME_NET any -> [184.184.202.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.184.202.167/; sid:901533314; rev:1;) alert tcp $HOME_NET any -> [144.2.165.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.2.165.179/; sid:901533313; rev:1;) alert tcp $HOME_NET any -> [139.162.118.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.118.88/; sid:901533298; rev:1;) alert tcp $HOME_NET any -> [79.7.114.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.7.114.1/; sid:900623089; rev:1;) alert tcp $HOME_NET any -> [71.76.45.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.76.45.83/; sid:901533287; rev:1;) alert tcp $HOME_NET any -> [114.8.133.71] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.8.133.71/; sid:900623085; rev:1;) alert tcp $HOME_NET any -> [103.209.178.208] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.178.208/; sid:900623071; rev:1;) alert tcp $HOME_NET any -> [85.235.219.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.235.219.74/; sid:900623084; rev:1;) alert tcp $HOME_NET any -> [98.24.231.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.24.231.64/; sid:901532742; rev:1;) alert tcp $HOME_NET any -> [174.57.150.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.57.150.13/; sid:900623088; rev:1;) alert tcp $HOME_NET any -> [78.186.102.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.102.195/; sid:900623091; rev:1;) alert tcp $HOME_NET any -> [91.117.31.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.31.181/; sid:900623068; rev:1;) alert tcp $HOME_NET any -> [165.100.148.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.100.148.200/; sid:901532711; rev:1;) alert tcp $HOME_NET any -> [153.190.41.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.190.41.185/; sid:901532710; rev:1;) alert tcp $HOME_NET any -> [171.100.142.238] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.100.142.238/; sid:900623166; rev:1;) alert tcp $HOME_NET any -> [96.38.234.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.38.234.10/; sid:900623073; rev:1;) alert tcp $HOME_NET any -> [75.80.148.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.80.148.244/; sid:900623076; rev:1;) alert tcp $HOME_NET any -> [91.74.175.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.175.46/; sid:900623072; rev:1;) alert tcp $HOME_NET any -> [110.143.84.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.84.202/; sid:900623074; rev:1;) alert tcp $HOME_NET any -> [190.146.14.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.14.143/; sid:900623079; rev:1;) alert tcp $HOME_NET any -> [74.59.187.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.187.94/; sid:900623191; rev:1;) alert tcp $HOME_NET any -> [23.94.70.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.70.12/; sid:900623060; rev:1;) alert tcp $HOME_NET any -> [185.14.30.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.176/; sid:900623058; rev:1;) alert tcp $HOME_NET any -> [201.173.217.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.173.217.124/; sid:900623056; rev:1;) alert tcp $HOME_NET any -> [1.33.230.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.33.230.137/; sid:900623053; rev:1;) alert tcp $HOME_NET any -> [74.105.102.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.105.102.97/; sid:900623057; rev:1;) alert tcp $HOME_NET any -> [73.11.153.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.11.153.178/; sid:901528373; rev:1;) alert tcp $HOME_NET any -> [198.46.161.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.213/; sid:900623054; rev:1;) alert tcp $HOME_NET any -> [194.5.250.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.58/; sid:900623055; rev:1;) alert tcp $HOME_NET any -> [200.41.121.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.41.121.69/; sid:900623067; rev:1;) alert tcp $HOME_NET any -> [68.174.15.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.174.15.223/; sid:900623064; rev:1;) alert tcp $HOME_NET any -> [2.42.173.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.42.173.240/; sid:900623063; rev:1;) alert tcp $HOME_NET any -> [47.156.70.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.70.145/; sid:900623070; rev:1;) alert tcp $HOME_NET any -> [85.152.208.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.208.146/; sid:900623065; rev:1;) alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900623052; rev:1;) alert tcp $HOME_NET any -> [119.252.165.75] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.252.165.75/; sid:900623050; rev:1;) alert tcp $HOME_NET any -> [85.143.218.118] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.118/; sid:900623051; rev:1;) alert tcp $HOME_NET any -> [180.180.216.177] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.180.216.177/; sid:900623231; rev:1;) alert tcp $HOME_NET any -> [172.82.152.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.136/; sid:900623047; rev:1;) alert tcp $HOME_NET any -> [185.117.119.169] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.169/; sid:900623048; rev:1;) alert tcp $HOME_NET any -> [184.164.137.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.137.190/; sid:900623049; rev:1;) alert tcp $HOME_NET any -> [5.2.75.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.75.137/; sid:900623046; rev:1;) alert tcp $HOME_NET any -> [121.100.19.18] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.100.19.18/; sid:900623044; rev:1;) alert tcp $HOME_NET any -> [110.142.38.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.38.16/; sid:900623039; rev:1;) alert tcp $HOME_NET any -> [66.34.201.20] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.34.201.20/; sid:900623043; rev:1;) alert tcp $HOME_NET any -> [37.59.24.177] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.24.177/; sid:900623041; rev:1;) alert tcp $HOME_NET any -> [100.14.117.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.14.117.137/; sid:900623038; rev:1;) alert tcp $HOME_NET any -> [66.76.63.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.76.63.99/; sid:900623042; rev:1;) alert tcp $HOME_NET any -> [5.88.27.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.27.67/; sid:900623036; rev:1;) alert tcp $HOME_NET any -> [87.106.46.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.46.107/; sid:901522342; rev:1;) alert tcp $HOME_NET any -> [104.33.129.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.129.244/; sid:901522328; rev:1;) alert tcp $HOME_NET any -> [195.191.107.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.191.107.67/; sid:901522308; rev:1;) alert tcp $HOME_NET any -> [115.179.91.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.179.91.58/; sid:900623031; rev:1;) alert tcp $HOME_NET any -> [46.105.128.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.128.215/; sid:900623034; rev:1;) alert tcp $HOME_NET any -> [103.9.145.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.145.19/; sid:900623032; rev:1;) alert tcp $HOME_NET any -> [67.171.182.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.171.182.231/; sid:900623035; rev:1;) alert tcp $HOME_NET any -> [12.176.19.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.176.19.218/; sid:900623040; rev:1;) alert tcp $HOME_NET any -> [190.171.135.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.135.235/; sid:900623087; rev:1;) alert tcp $HOME_NET any -> [192.227.232.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.21/; sid:900623030; rev:1;) alert tcp $HOME_NET any -> [64.44.51.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.106/; sid:900623029; rev:1;) alert tcp $HOME_NET any -> [24.27.122.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.27.122.202/; sid:900623033; rev:1;) alert tcp $HOME_NET any -> [76.221.133.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.221.133.146/; sid:900623037; rev:1;) alert tcp $HOME_NET any -> [93.67.154.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.67.154.252/; sid:900623025; rev:1;) alert tcp $HOME_NET any -> [202.186.240.165] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.186.240.165/; sid:900623023; rev:1;) alert tcp $HOME_NET any -> [37.183.121.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.183.121.32/; sid:900623024; rev:1;) alert tcp $HOME_NET any -> [96.61.113.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.61.113.203/; sid:900623026; rev:1;) alert tcp $HOME_NET any -> [41.77.74.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.74.214/; sid:902028983; rev:1;) alert tcp $HOME_NET any -> [86.6.123.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.6.123.109/; sid:900623022; rev:1;) alert tcp $HOME_NET any -> [85.109.190.235] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.190.235/; sid:900623061; rev:1;) alert tcp $HOME_NET any -> [58.93.151.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.93.151.148/; sid:900623104; rev:1;) alert tcp $HOME_NET any -> [92.38.171.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.54/; sid:900623019; rev:1;) alert tcp $HOME_NET any -> [107.172.251.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.251.159/; sid:900623018; rev:1;) alert tcp $HOME_NET any -> [45.51.40.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.51.40.140/; sid:900623069; rev:1;) alert tcp $HOME_NET any -> [80.21.182.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.21.182.46/; sid:900623062; rev:1;) alert tcp $HOME_NET any -> [107.172.208.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.208.52/; sid:900623016; rev:1;) alert tcp $HOME_NET any -> [83.156.88.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.156.88.159/; sid:900623020; rev:1;) alert tcp $HOME_NET any -> [86.98.156.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.239/; sid:900623012; rev:1;) alert tcp $HOME_NET any -> [185.159.102.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.159.102.74/; sid:901512247; rev:1;) alert tcp $HOME_NET any -> [116.48.142.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.48.142.21/; sid:900623010; rev:1;) alert tcp $HOME_NET any -> [101.187.134.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.134.207/; sid:900623011; rev:1;) alert tcp $HOME_NET any -> [79.31.85.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.31.85.103/; sid:900623017; rev:1;) alert tcp $HOME_NET any -> [82.8.232.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.8.232.51/; sid:900623013; rev:1;) alert tcp $HOME_NET any -> [195.123.221.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.5/; sid:900623008; rev:1;) alert tcp $HOME_NET any -> [107.172.29.110] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.110/; sid:900623002; rev:1;) alert tcp $HOME_NET any -> [176.106.183.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.106.183.253/; sid:900622997; rev:1;) alert tcp $HOME_NET any -> [82.79.244.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.79.244.92/; sid:901499254; rev:1;) alert tcp $HOME_NET any -> [210.224.65.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.224.65.117/; sid:901499245; rev:1;) alert tcp $HOME_NET any -> [1.32.54.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.32.54.12/; sid:900622994; rev:1;) alert tcp $HOME_NET any -> [121.175.14.59] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.14.59/; sid:901499232; rev:1;) alert tcp $HOME_NET any -> [188.216.24.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.216.24.204/; sid:900622992; rev:1;) alert tcp $HOME_NET any -> [130.45.45.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.45.45.31/; sid:900622991; rev:1;) alert tcp $HOME_NET any -> [105.227.58.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.58.49/; sid:901499204; rev:1;) alert tcp $HOME_NET any -> [64.44.133.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.151/; sid:900622990; rev:1;) alert tcp $HOME_NET any -> [144.217.50.246] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.246/; sid:900622989; rev:1;) alert tcp $HOME_NET any -> [98.15.140.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.15.140.226/; sid:900623014; rev:1;) alert tcp $HOME_NET any -> [193.33.38.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.33.38.208/; sid:900622985; rev:1;) alert tcp $HOME_NET any -> [188.230.134.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.230.134.205/; sid:900622986; rev:1;) alert tcp $HOME_NET any -> [58.171.42.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.42.66/; sid:900622996; rev:1;) alert tcp $HOME_NET any -> [164.68.101.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.101.171/; sid:901497219; rev:1;) alert tcp $HOME_NET any -> [92.186.52.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.52.193/; sid:901497210; rev:1;) alert tcp $HOME_NET any -> [173.70.81.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.70.81.77/; sid:901497189; rev:1;) alert tcp $HOME_NET any -> [189.134.4.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.4.209/; sid:900622995; rev:1;) alert tcp $HOME_NET any -> [77.245.12.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.245.12.212/; sid:900623000; rev:1;) alert tcp $HOME_NET any -> [139.130.241.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.241.252/; sid:900622998; rev:1;) alert tcp $HOME_NET any -> [186.215.101.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.215.101.106/; sid:901497622; rev:1;) alert tcp $HOME_NET any -> [103.122.75.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.75.218/; sid:900622978; rev:1;) alert tcp $HOME_NET any -> [83.110.107.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.107.243/; sid:900622982; rev:1;) alert tcp $HOME_NET any -> [187.74.69.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.74.69.152/; sid:901494964; rev:1;) alert tcp $HOME_NET any -> [98.196.49.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.196.49.107/; sid:901494699; rev:1;) alert tcp $HOME_NET any -> [186.68.48.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.48.204/; sid:900622977; rev:1;) alert tcp $HOME_NET any -> [191.103.76.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.76.34/; sid:901494683; rev:1;) alert tcp $HOME_NET any -> [96.126.121.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.126.121.64/; sid:900622976; rev:1;) alert tcp $HOME_NET any -> [200.119.11.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.11.118/; sid:900623009; rev:1;) alert tcp $HOME_NET any -> [24.28.178.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.178.71/; sid:900623015; rev:1;) alert tcp $HOME_NET any -> [85.143.220.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.41/; sid:900623001; rev:1;) alert tcp $HOME_NET any -> [70.175.171.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.175.171.251/; sid:900622983; rev:1;) alert tcp $HOME_NET any -> [194.5.250.50] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.50/; sid:900622981; rev:1;) alert tcp $HOME_NET any -> [204.63.252.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.63.252.182/; sid:900623027; rev:1;) alert tcp $HOME_NET any -> [146.185.219.94] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.94/; sid:900622971; rev:1;) alert tcp $HOME_NET any -> [172.82.152.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.130/; sid:900622970; rev:1;) alert tcp $HOME_NET any -> [193.37.213.110] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.213.110/; sid:900622969; rev:1;) alert tcp $HOME_NET any -> [189.225.211.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.211.171/; sid:900623007; rev:1;) alert tcp $HOME_NET any -> [77.241.53.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.241.53.234/; sid:900622963; rev:1;) alert tcp $HOME_NET any -> [177.103.201.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.201.23/; sid:900622974; rev:1;) alert tcp $HOME_NET any -> [81.82.247.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.82.247.216/; sid:900622962; rev:1;) alert tcp $HOME_NET any -> [192.210.217.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.217.94/; sid:901485469; rev:1;) alert tcp $HOME_NET any -> [210.111.160.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.111.160.220/; sid:901485447; rev:1;) alert tcp $HOME_NET any -> [69.30.205.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.205.162/; sid:900622961; rev:1;) alert tcp $HOME_NET any -> [114.183.140.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.183.140.94/; sid:901485442; rev:1;) alert tcp $HOME_NET any -> [92.17.138.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.138.248/; sid:901485441; rev:1;) alert tcp $HOME_NET any -> [178.153.91.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.91.22/; sid:901485440; rev:1;) alert tcp $HOME_NET any -> [93.147.141.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.141.5/; sid:900622967; rev:1;) alert tcp $HOME_NET any -> [91.73.197.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.197.90/; sid:900622972; rev:1;) alert tcp $HOME_NET any -> [213.179.105.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.179.105.214/; sid:900622956; rev:1;) alert tcp $HOME_NET any -> [165.228.24.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.24.197/; sid:900622954; rev:1;) alert tcp $HOME_NET any -> [91.231.166.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.166.126/; sid:900622958; rev:1;) alert tcp $HOME_NET any -> [108.179.206.219] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.179.206.219/; sid:900622960; rev:1;) alert tcp $HOME_NET any -> [108.191.2.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.191.2.72/; sid:900622953; rev:1;) alert tcp $HOME_NET any -> [162.241.92.219] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.92.219/; sid:900623620; rev:1;) alert tcp $HOME_NET any -> [110.142.161.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.161.90/; sid:900622979; rev:1;) alert tcp $HOME_NET any -> [63.246.252.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.246.252.234/; sid:900622965; rev:1;) alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900622951; rev:1;) alert tcp $HOME_NET any -> [194.5.250.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.35/; sid:900622950; rev:1;) alert tcp $HOME_NET any -> [185.62.189.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.189.132/; sid:900622952; rev:1;) alert tcp $HOME_NET any -> [188.152.7.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.152.7.140/; sid:900622955; rev:1;) alert tcp $HOME_NET any -> [68.129.203.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.129.203.162/; sid:900623005; rev:1;) alert tcp $HOME_NET any -> [185.160.212.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.160.212.3/; sid:900622975; rev:1;) alert tcp $HOME_NET any -> [83.165.163.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.165.163.225/; sid:900622984; rev:1;) alert tcp $HOME_NET any -> [80.29.54.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.29.54.20/; sid:900622993; rev:1;) alert tcp $HOME_NET any -> [212.64.171.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.64.171.206/; sid:900623028; rev:1;) alert tcp $HOME_NET any -> [172.105.213.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.213.30/; sid:900622959; rev:1;) alert tcp $HOME_NET any -> [73.167.135.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.167.135.180/; sid:900622964; rev:1;) alert tcp $HOME_NET any -> [72.29.55.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.29.55.174/; sid:900622966; rev:1;) alert tcp $HOME_NET any -> [91.187.80.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.187.80.246/; sid:900622957; rev:1;) alert tcp $HOME_NET any -> [185.43.5.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.5.84/; sid:900622949; rev:1;) alert tcp $HOME_NET any -> [5.2.72.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.72.84/; sid:900622947; rev:1;) alert tcp $HOME_NET any -> [194.99.22.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.22.48/; sid:900622948; rev:1;) alert tcp $HOME_NET any -> [107.172.208.51] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.208.51/; sid:900622946; rev:1;) alert tcp $HOME_NET any -> [5.34.177.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.177.50/; sid:900622945; rev:1;) alert tcp $HOME_NET any -> [61.19.246.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.19.246.238/; sid:900624751; rev:1;) alert tcp $HOME_NET any -> [83.99.211.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.99.211.160/; sid:900622943; rev:1;) alert tcp $HOME_NET any -> [45.129.121.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.129.121.222/; sid:900622941; rev:1;) alert tcp $HOME_NET any -> [123.142.37.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.142.37.165/; sid:900622939; rev:1;) alert tcp $HOME_NET any -> [37.132.193.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.132.193.19/; sid:900622936; rev:1;) alert tcp $HOME_NET any -> [110.143.18.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.18.92/; sid:901476972; rev:1;) alert tcp $HOME_NET any -> [188.14.39.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.14.39.65/; sid:900622935; rev:1;) alert tcp $HOME_NET any -> [47.146.42.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.42.234/; sid:900622937; rev:1;) alert tcp $HOME_NET any -> [66.55.71.152] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.152/; sid:900622933; rev:1;) alert tcp $HOME_NET any -> [118.201.230.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.201.230.249/; sid:901475882; rev:1;) alert tcp $HOME_NET any -> [190.5.162.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.5.162.204/; sid:900622940; rev:1;) alert tcp $HOME_NET any -> [173.13.135.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.13.135.102/; sid:900622930; rev:1;) alert tcp $HOME_NET any -> [91.242.138.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.242.138.5/; sid:900622932; rev:1;) alert tcp $HOME_NET any -> [212.186.191.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.186.191.177/; sid:900622931; rev:1;) alert tcp $HOME_NET any -> [72.69.99.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.69.99.47/; sid:900622942; rev:1;) alert tcp $HOME_NET any -> [95.179.195.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.195.74/; sid:900622938; rev:1;) alert tcp $HOME_NET any -> [194.5.250.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.125/; sid:900622929; rev:1;) alert tcp $HOME_NET any -> [107.172.29.105] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.105/; sid:900622928; rev:1;) alert tcp $HOME_NET any -> [185.174.172.203] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.172.203/; sid:900622927; rev:1;) alert tcp $HOME_NET any -> [172.82.152.115] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.115/; sid:900622926; rev:1;) alert tcp $HOME_NET any -> [45.80.148.168] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.168/; sid:900622925; rev:1;) alert tcp $HOME_NET any -> [212.73.150.4] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.4/; sid:900622923; rev:1;) alert tcp $HOME_NET any -> [190.100.16.210] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.16.210/; sid:900623235; rev:1;) alert tcp $HOME_NET any -> [107.2.2.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.2.2.28/; sid:900622915; rev:1;) alert tcp $HOME_NET any -> [189.236.4.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.4.214/; sid:901461135; rev:1;) alert tcp $HOME_NET any -> [144.139.56.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.56.105/; sid:900622968; rev:1;) alert tcp $HOME_NET any -> [116.48.138.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.48.138.115/; sid:900622924; rev:1;) alert tcp $HOME_NET any -> [118.200.218.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.200.218.193/; sid:900622913; rev:1;) alert tcp $HOME_NET any -> [60.53.3.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.53.3.153/; sid:900622980; rev:1;) alert tcp $HOME_NET any -> [122.11.164.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.164.183/; sid:900622944; rev:1;) alert tcp $HOME_NET any -> [187.233.220.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.220.93/; sid:900623006; rev:1;) alert tcp $HOME_NET any -> [190.101.87.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.101.87.170/; sid:900622987; rev:1;) alert tcp $HOME_NET any -> [172.90.70.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.90.70.168/; sid:900622920; rev:1;) alert tcp $HOME_NET any -> [189.180.105.125] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.105.125/; sid:900622921; rev:1;) alert tcp $HOME_NET any -> [188.165.62.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.47/; sid:900622911; rev:1;) alert tcp $HOME_NET any -> [146.185.253.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.175/; sid:900622910; rev:1;) alert tcp $HOME_NET any -> [200.71.193.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.193.220/; sid:900622914; rev:1;) alert tcp $HOME_NET any -> [47.50.251.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.251.130/; sid:900622917; rev:1;) alert tcp $HOME_NET any -> [94.156.35.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.206/; sid:900622908; rev:1;) alert tcp $HOME_NET any -> [197.90.159.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.90.159.42/; sid:900622918; rev:1;) alert tcp $HOME_NET any -> [109.166.89.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.166.89.91/; sid:900622912; rev:1;) alert tcp $HOME_NET any -> [211.218.105.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.218.105.101/; sid:900622919; rev:1;) alert tcp $HOME_NET any -> [190.12.119.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.12.119.180/; sid:900622916; rev:1;) alert tcp $HOME_NET any -> [162.244.32.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.52/; sid:900622907; rev:1;) alert tcp $HOME_NET any -> [162.247.155.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.113/; sid:900622906; rev:1;) alert tcp $HOME_NET any -> [167.86.123.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.123.83/; sid:900622905; rev:1;) alert tcp $HOME_NET any -> [51.89.73.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.144/; sid:900622903; rev:1;) alert tcp $HOME_NET any -> [103.75.117.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.117.188/; sid:900622902; rev:1;) alert tcp $HOME_NET any -> [45.141.100.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.100.190/; sid:900622909; rev:1;) alert tcp $HOME_NET any -> [107.181.187.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.221/; sid:900622904; rev:1;) alert tcp $HOME_NET any -> [85.217.170.153] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.170.153/; sid:900622899; rev:1;) alert tcp $HOME_NET any -> [5.2.77.78] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.78/; sid:900622900; rev:1;) alert tcp $HOME_NET any -> [5.2.72.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.72.102/; sid:900622897; rev:1;) alert tcp $HOME_NET any -> [192.227.173.100] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.173.100/; sid:900622898; rev:1;) alert tcp $HOME_NET any -> [82.118.21.57] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.57/; sid:900622895; rev:1;) alert tcp $HOME_NET any -> [5.182.210.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.30/; sid:900622894; rev:1;) alert tcp $HOME_NET any -> [66.55.71.151] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.151/; sid:900622896; rev:1;) alert tcp $HOME_NET any -> [85.204.116.154] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.154/; sid:900622893; rev:1;) alert tcp $HOME_NET any -> [194.5.250.121] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.121/; sid:900622891; rev:1;) alert tcp $HOME_NET any -> [172.245.159.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.159.121/; sid:900622890; rev:1;) alert tcp $HOME_NET any -> [192.227.232.46] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.46/; sid:900622892; rev:1;) alert tcp $HOME_NET any -> [198.15.119.79] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.15.119.79/; sid:900622889; rev:1;) alert tcp $HOME_NET any -> [172.82.152.140] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.140/; sid:900622886; rev:1;) alert tcp $HOME_NET any -> [120.150.246.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.246.241/; sid:900622879; rev:1;) alert tcp $HOME_NET any -> [197.254.221.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.221.174/; sid:900622882; rev:1;) alert tcp $HOME_NET any -> [195.244.215.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.244.215.206/; sid:900622881; rev:1;) alert tcp $HOME_NET any -> [190.186.164.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.164.23/; sid:900622885; rev:1;) alert tcp $HOME_NET any -> [47.187.70.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.70.124/; sid:900622878; rev:1;) alert tcp $HOME_NET any -> [2.38.99.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.38.99.79/; sid:900622876; rev:1;) alert tcp $HOME_NET any -> [125.230.36.147] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.230.36.147/; sid:900622875; rev:1;) alert tcp $HOME_NET any -> [187.144.236.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.236.211/; sid:901449857; rev:1;) alert tcp $HOME_NET any -> [72.27.212.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.212.209/; sid:900622872; rev:1;) alert tcp $HOME_NET any -> [85.105.183.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.183.228/; sid:900622873; rev:1;) alert tcp $HOME_NET any -> [187.250.92.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.92.82/; sid:900622870; rev:1;) alert tcp $HOME_NET any -> [41.218.118.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.218.118.66/; sid:900622871; rev:1;) alert tcp $HOME_NET any -> [95.219.199.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.219.199.225/; sid:900622877; rev:1;) alert tcp $HOME_NET any -> [161.18.233.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.18.233.114/; sid:901449612; rev:1;) alert tcp $HOME_NET any -> [81.213.145.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.145.45/; sid:900622874; rev:1;) alert tcp $HOME_NET any -> [77.211.249.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.211.249.124/; sid:900622884; rev:1;) alert tcp $HOME_NET any -> [187.190.49.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.49.92/; sid:900622887; rev:1;) alert tcp $HOME_NET any -> [12.229.155.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.229.155.122/; sid:900622880; rev:1;) alert tcp $HOME_NET any -> [5.88.182.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.182.250/; sid:900622883; rev:1;) alert tcp $HOME_NET any -> [128.65.154.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.65.154.183/; sid:900622922; rev:1;) alert tcp $HOME_NET any -> [101.187.247.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.247.29/; sid:900623045; rev:1;) alert tcp $HOME_NET any -> [201.183.251.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.251.100/; sid:900622934; rev:1;) alert tcp $HOME_NET any -> [195.226.144.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.226.144.249/; sid:900622888; rev:1;) alert tcp $HOME_NET any -> [81.177.22.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.22.39/; sid:900622864; rev:1;) alert tcp $HOME_NET any -> [186.0.68.43] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.68.43/; sid:900622865; rev:1;) alert tcp $HOME_NET any -> [86.142.102.191] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.142.102.191/; sid:901442969; rev:1;) alert tcp $HOME_NET any -> [190.17.42.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.42.79/; sid:900622862; rev:1;) alert tcp $HOME_NET any -> [54.38.94.197] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.94.197/; sid:900622863; rev:1;) alert tcp $HOME_NET any -> [85.143.221.75] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.75/; sid:900622859; rev:1;) alert tcp $HOME_NET any -> [37.46.135.95] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.135.95/; sid:900622858; rev:1;) alert tcp $HOME_NET any -> [45.132.19.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.132.19.197/; sid:900622855; rev:1;) alert tcp $HOME_NET any -> [185.99.2.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.115/; sid:900622860; rev:1;) alert tcp $HOME_NET any -> [146.185.219.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.50/; sid:900622854; rev:1;) alert tcp $HOME_NET any -> [146.185.253.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.174/; sid:900622853; rev:1;) alert tcp $HOME_NET any -> [45.56.88.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.88.91/; sid:900622866; rev:1;) alert tcp $HOME_NET any -> [59.110.18.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.110.18.236/; sid:900622867; rev:1;) alert tcp $HOME_NET any -> [80.211.32.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.32.88/; sid:900622869; rev:1;) alert tcp $HOME_NET any -> [50.63.13.135] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.63.13.135/; sid:900622868; rev:1;) alert tcp $HOME_NET any -> [66.85.173.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.56/; sid:900622852; rev:1;) alert tcp $HOME_NET any -> [185.174.173.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.173.143/; sid:900622851; rev:1;) alert tcp $HOME_NET any -> [195.123.221.232] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.232/; sid:900622850; rev:1;) alert tcp $HOME_NET any -> [51.89.73.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.148/; sid:900622861; rev:1;) alert tcp $HOME_NET any -> [185.234.72.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.64/; sid:900622857; rev:1;) alert tcp $HOME_NET any -> [51.68.220.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.220.244/; sid:900622856; rev:1;) alert tcp $HOME_NET any -> [24.45.193.161] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.45.193.161/; sid:900622848; rev:1;) alert tcp $HOME_NET any -> [142.127.57.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.127.57.63/; sid:900622849; rev:1;) alert tcp $HOME_NET any -> [186.66.224.182] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.224.182/; sid:900622846; rev:1;) alert tcp $HOME_NET any -> [5.2.76.197] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.197/; sid:900622845; rev:1;) alert tcp $HOME_NET any -> [45.138.157.23] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.23/; sid:900622844; rev:1;) alert tcp $HOME_NET any -> [188.225.10.47] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.10.47/; sid:900622843; rev:1;) alert tcp $HOME_NET any -> [81.177.181.222] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.181.222/; sid:900622842; rev:1;) alert tcp $HOME_NET any -> [185.90.61.107] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.107/; sid:900622841; rev:1;) alert tcp $HOME_NET any -> [46.17.105.97] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.105.97/; sid:900622840; rev:1;) alert tcp $HOME_NET any -> [188.120.251.251] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.251.251/; sid:900622839; rev:1;) alert tcp $HOME_NET any -> [203.130.0.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.0.69/; sid:900622838; rev:1;) alert tcp $HOME_NET any -> [182.176.116.139] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.116.139/; sid:901430862; rev:1;) alert tcp $HOME_NET any -> [80.93.48.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.93.48.49/; sid:900622836; rev:1;) alert tcp $HOME_NET any -> [2.57.184.9] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.57.184.9/; sid:900622834; rev:1;) alert tcp $HOME_NET any -> [31.31.77.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.31.77.83/; sid:901430645; rev:1;) alert tcp $HOME_NET any -> [94.192.228.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.192.228.255/; sid:901430635; rev:1;) alert tcp $HOME_NET any -> [167.114.242.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.242.226/; sid:901430629; rev:1;) alert tcp $HOME_NET any -> [68.169.37.208] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.37.208/; sid:901430620; rev:1;) alert tcp $HOME_NET any -> [192.161.190.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.161.190.171/; sid:900622835; rev:1;) alert tcp $HOME_NET any -> [104.236.137.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.137.72/; sid:900622837; rev:1;) alert tcp $HOME_NET any -> [206.189.112.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.112.148/; sid:900622833; rev:1;) alert tcp $HOME_NET any -> [51.254.69.222] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.222/; sid:900622830; rev:1;) alert tcp $HOME_NET any -> [5.34.176.212] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.212/; sid:900622832; rev:1;) alert tcp $HOME_NET any -> [206.81.10.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.10.215/; sid:900622847; rev:1;) alert tcp $HOME_NET any -> [148.251.185.186] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.186/; sid:900622831; rev:1;) alert tcp $HOME_NET any -> [5.182.211.61] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.61/; sid:900622829; rev:1;) alert tcp $HOME_NET any -> [81.177.180.252] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.180.252/; sid:900622827; rev:1;) alert tcp $HOME_NET any -> [51.89.115.113] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.113/; sid:900622826; rev:1;) alert tcp $HOME_NET any -> [146.185.253.170] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.170/; sid:900622825; rev:1;) alert tcp $HOME_NET any -> [185.203.243.138] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.243.138/; sid:900622824; rev:1;) alert tcp $HOME_NET any -> [91.92.136.82] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.136.82/; sid:900622823; rev:1;) alert tcp $HOME_NET any -> [5.2.76.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.193/; sid:900622822; rev:1;) alert tcp $HOME_NET any -> [185.99.2.245] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.245/; sid:900622821; rev:1;) alert tcp $HOME_NET any -> [185.222.202.183] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.183/; sid:900622828; rev:1;) alert tcp $HOME_NET any -> [189.252.3.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.3.161/; sid:900622820; rev:1;) alert tcp $HOME_NET any -> [50.116.86.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.86.205/; sid:900622819; rev:1;) alert tcp $HOME_NET any -> [82.145.43.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.145.43.153/; sid:900624823; rev:1;) alert tcp $HOME_NET any -> [117.196.233.79] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.233.79/; sid:900622817; rev:1;) alert tcp $HOME_NET any -> [212.73.150.233] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.233/; sid:900622816; rev:1;) alert tcp $HOME_NET any -> [182.48.194.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.194.6/; sid:900622813; rev:1;) alert tcp $HOME_NET any -> [198.58.120.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.120.26/; sid:900622815; rev:1;) alert tcp $HOME_NET any -> [209.97.168.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.97.168.52/; sid:900622814; rev:1;) alert tcp $HOME_NET any -> [192.3.73.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.73.164/; sid:900622809; rev:1;) alert tcp $HOME_NET any -> [103.196.211.212] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.196.211.212/; sid:900622808; rev:1;) alert tcp $HOME_NET any -> [23.94.3.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.3.13/; sid:900622807; rev:1;) alert tcp $HOME_NET any -> [108.170.52.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.52.149/; sid:900622806; rev:1;) alert tcp $HOME_NET any -> [185.99.2.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.242/; sid:900622805; rev:1;) alert tcp $HOME_NET any -> [195.123.220.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.193/; sid:900622804; rev:1;) alert tcp $HOME_NET any -> [190.147.215.53] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.215.53/; sid:900622802; rev:1;) alert tcp $HOME_NET any -> [90.77.228.193] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.77.228.193/; sid:900622803; rev:1;) alert tcp $HOME_NET any -> [181.91.215.151] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.91.215.151/; sid:900622810; rev:1;) alert tcp $HOME_NET any -> [190.189.79.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.79.73/; sid:900622800; rev:1;) alert tcp $HOME_NET any -> [149.202.197.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.197.94/; sid:900622801; rev:1;) alert tcp $HOME_NET any -> [164.68.96.155] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.96.155/; sid:900622799; rev:1;) alert tcp $HOME_NET any -> [94.103.82.99] 2050 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.82.99/; sid:900622797; rev:1;) alert tcp $HOME_NET any -> [139.162.75.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.75.91/; sid:900622798; rev:1;) alert tcp $HOME_NET any -> [192.3.104.48] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.48/; sid:900622795; rev:1;) alert tcp $HOME_NET any -> [51.89.115.100] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.100/; sid:900622794; rev:1;) alert tcp $HOME_NET any -> [185.99.2.169] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.169/; sid:900622793; rev:1;) alert tcp $HOME_NET any -> [195.123.220.184] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.184/; sid:900622791; rev:1;) alert tcp $HOME_NET any -> [107.172.39.48] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.39.48/; sid:900622792; rev:1;) alert tcp $HOME_NET any -> [93.189.42.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.182/; sid:900622796; rev:1;) alert tcp $HOME_NET any -> [212.73.150.127] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.127/; sid:900622788; rev:1;) alert tcp $HOME_NET any -> [89.32.41.104] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.104/; sid:900622789; rev:1;) alert tcp $HOME_NET any -> [212.80.218.237] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.237/; sid:900622790; rev:1;) alert tcp $HOME_NET any -> [85.217.171.229] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.229/; sid:900622786; rev:1;) alert tcp $HOME_NET any -> [192.3.247.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.106/; sid:900622787; rev:1;) alert tcp $HOME_NET any -> [107.170.24.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.24.125/; sid:900622785; rev:1;) alert tcp $HOME_NET any -> [212.129.14.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.14.27/; sid:901389121; rev:1;) alert tcp $HOME_NET any -> [87.118.70.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.118.70.69/; sid:901388748; rev:1;) alert tcp $HOME_NET any -> [217.26.163.82] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.26.163.82/; sid:900622783; rev:1;) alert tcp $HOME_NET any -> [164.132.75.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.75.130/; sid:900622780; rev:1;) alert tcp $HOME_NET any -> [172.104.233.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.233.225/; sid:900622781; rev:1;) alert tcp $HOME_NET any -> [222.239.249.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.239.249.166/; sid:900622784; rev:1;) alert tcp $HOME_NET any -> [5.2.74.153] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.74.153/; sid:900622778; rev:1;) alert tcp $HOME_NET any -> [194.36.191.37] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.37/; sid:900622779; rev:1;) alert tcp $HOME_NET any -> [185.117.119.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.179/; sid:900622782; rev:1;) alert tcp $HOME_NET any -> [198.46.163.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.163.40/; sid:900622776; rev:1;) alert tcp $HOME_NET any -> [45.141.100.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.100.6/; sid:900622769; rev:1;) alert tcp $HOME_NET any -> [5.34.176.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.43/; sid:900622770; rev:1;) alert tcp $HOME_NET any -> [94.156.35.235] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.235/; sid:900622771; rev:1;) alert tcp $HOME_NET any -> [188.165.62.17] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.17/; sid:900622772; rev:1;) alert tcp $HOME_NET any -> [185.90.61.85] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.85/; sid:900622767; rev:1;) alert tcp $HOME_NET any -> [146.185.219.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.131/; sid:900622774; rev:1;) alert tcp $HOME_NET any -> [37.230.114.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.114.53/; sid:900622773; rev:1;) alert tcp $HOME_NET any -> [146.185.253.131] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.131/; sid:900622768; rev:1;) alert tcp $HOME_NET any -> [5.2.74.126] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.74.126/; sid:900622766; rev:1;) alert tcp $HOME_NET any -> [194.5.250.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.169/; sid:900622775; rev:1;) alert tcp $HOME_NET any -> [198.46.161.221] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.221/; sid:900622764; rev:1;) alert tcp $HOME_NET any -> [195.123.220.74] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.74/; sid:900622763; rev:1;) alert tcp $HOME_NET any -> [146.185.253.123] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.123/; sid:900622762; rev:1;) alert tcp $HOME_NET any -> [23.95.20.181] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.20.181/; sid:900622761; rev:1;) alert tcp $HOME_NET any -> [185.99.2.167] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.167/; sid:900622759; rev:1;) alert tcp $HOME_NET any -> [66.55.71.141] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.141/; sid:900622758; rev:1;) alert tcp $HOME_NET any -> [45.137.151.25] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.151.25/; sid:900622756; rev:1;) alert tcp $HOME_NET any -> [92.169.250.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.169.250.229/; sid:900622765; rev:1;) alert tcp $HOME_NET any -> [192.227.232.82] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.82/; sid:900622757; rev:1;) alert tcp $HOME_NET any -> [66.85.173.9] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.9/; sid:900622760; rev:1;) alert tcp $HOME_NET any -> [198.58.109.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.109.168/; sid:900622751; rev:1;) alert tcp $HOME_NET any -> [213.189.36.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.189.36.51/; sid:900622752; rev:1;) alert tcp $HOME_NET any -> [70.32.78.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.78.99/; sid:900622753; rev:1;) alert tcp $HOME_NET any -> [195.201.56.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.56.68/; sid:901368144; rev:1;) alert tcp $HOME_NET any -> [110.93.247.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.247.98/; sid:900622755; rev:1;) alert tcp $HOME_NET any -> [187.230.99.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.230.99.192/; sid:900622749; rev:1;) alert tcp $HOME_NET any -> [195.201.56.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.56.70/; sid:900622750; rev:1;) alert tcp $HOME_NET any -> [65.23.154.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.23.154.17/; sid:900622754; rev:1;) alert tcp $HOME_NET any -> [188.225.82.114] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.82.114/; sid:900622747; rev:1;) alert tcp $HOME_NET any -> [178.170.189.19] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.19/; sid:900622746; rev:1;) alert tcp $HOME_NET any -> [87.106.253.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.253.248/; sid:900625316; rev:1;) alert tcp $HOME_NET any -> [181.129.104.139] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.104.139/; sid:900622744; rev:1;) alert tcp $HOME_NET any -> [45.238.37.14] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.238.37.14/; sid:900622742; rev:1;) alert tcp $HOME_NET any -> [181.129.167.82] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900622743; rev:1;) alert tcp $HOME_NET any -> [181.112.157.42] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900622740; rev:1;) alert tcp $HOME_NET any -> [103.255.10.24] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.10.24/; sid:900622741; rev:1;) alert tcp $HOME_NET any -> [86.98.64.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.64.189/; sid:900622738; rev:1;) alert tcp $HOME_NET any -> [162.144.46.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.46.90/; sid:901359742; rev:1;) alert tcp $HOME_NET any -> [46.17.6.116] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.6.116/; sid:901359716; rev:1;) alert tcp $HOME_NET any -> [163.172.97.112] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.97.112/; sid:900622735; rev:1;) alert tcp $HOME_NET any -> [91.205.173.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.173.54/; sid:900622734; rev:1;) alert tcp $HOME_NET any -> [105.226.188.128] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.188.128/; sid:900622733; rev:1;) alert tcp $HOME_NET any -> [107.170.27.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.27.84/; sid:900622736; rev:1;) alert tcp $HOME_NET any -> [144.76.56.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.56.36/; sid:900622737; rev:1;) alert tcp $HOME_NET any -> [134.209.214.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.214.126/; sid:901359486; rev:1;) alert tcp $HOME_NET any -> [191.92.209.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.209.110/; sid:900622739; rev:1;) alert tcp $HOME_NET any -> [190.72.235.47] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.235.47/; sid:900622732; rev:1;) alert tcp $HOME_NET any -> [185.222.202.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.25/; sid:900622731; rev:1;) alert tcp $HOME_NET any -> [144.91.80.253] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.80.253/; sid:900622730; rev:1;) alert tcp $HOME_NET any -> [78.46.87.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.87.133/; sid:901354446; rev:1;) alert tcp $HOME_NET any -> [172.245.13.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.13.50/; sid:901354443; rev:1;) alert tcp $HOME_NET any -> [37.59.24.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.24.25/; sid:901354427; rev:1;) alert tcp $HOME_NET any -> [204.225.249.100] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.225.249.100/; sid:901830764; rev:1;) alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900622727; rev:1;) alert tcp $HOME_NET any -> [60.54.37.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.37.25/; sid:901354327; rev:1;) alert tcp $HOME_NET any -> [177.226.25.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.226.25.78/; sid:900622745; rev:1;) alert tcp $HOME_NET any -> [78.47.106.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.106.72/; sid:900622729; rev:1;) alert tcp $HOME_NET any -> [190.214.13.2] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.13.2/; sid:900622724; rev:1;) alert tcp $HOME_NET any -> [103.63.31.38] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.63.31.38/; sid:900622722; rev:1;) alert tcp $HOME_NET any -> [190.146.176.67] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.176.67/; sid:900622723; rev:1;) alert tcp $HOME_NET any -> [189.226.151.198] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.151.198/; sid:900622725; rev:1;) alert tcp $HOME_NET any -> [72.47.202.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.202.235/; sid:900622728; rev:1;) alert tcp $HOME_NET any -> [181.129.134.18] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.134.18/; sid:900622718; rev:1;) alert tcp $HOME_NET any -> [5.2.79.203] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.203/; sid:900622715; rev:1;) alert tcp $HOME_NET any -> [181.113.28.146] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.28.146/; sid:900622716; rev:1;) alert tcp $HOME_NET any -> [185.99.2.166] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.166/; sid:900622714; rev:1;) alert tcp $HOME_NET any -> [66.85.173.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.57/; sid:900622713; rev:1;) alert tcp $HOME_NET any -> [181.196.207.202] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.207.202/; sid:900622717; rev:1;) alert tcp $HOME_NET any -> [173.212.220.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.220.251/; sid:900622709; rev:1;) alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:901347428; rev:1;) alert tcp $HOME_NET any -> [189.154.130.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.130.167/; sid:901347421; rev:1;) alert tcp $HOME_NET any -> [104.238.80.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.80.237/; sid:900622707; rev:1;) alert tcp $HOME_NET any -> [189.141.224.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.224.163/; sid:900622710; rev:1;) alert tcp $HOME_NET any -> [192.241.255.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.255.77/; sid:900622711; rev:1;) alert tcp $HOME_NET any -> [81.2.235.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.2.235.48/; sid:900622708; rev:1;) alert tcp $HOME_NET any -> [117.206.149.29] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.206.149.29/; sid:900622704; rev:1;) alert tcp $HOME_NET any -> [117.197.119.219] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.119.219/; sid:900622705; rev:1;) alert tcp $HOME_NET any -> [177.105.242.229] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.105.242.229/; sid:900622701; rev:1;) alert tcp $HOME_NET any -> [45.141.102.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.102.2/; sid:900622696; rev:1;) alert tcp $HOME_NET any -> [185.57.167.32] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.57.167.32/; sid:900622699; rev:1;) alert tcp $HOME_NET any -> [194.5.250.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.109/; sid:900622695; rev:1;) alert tcp $HOME_NET any -> [212.73.150.144] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.144/; sid:900622697; rev:1;) alert tcp $HOME_NET any -> [185.222.202.242] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.242/; sid:900622694; rev:1;) alert tcp $HOME_NET any -> [185.189.122.68] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.122.68/; sid:900622698; rev:1;) alert tcp $HOME_NET any -> [195.123.239.79] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.79/; sid:900622706; rev:1;) alert tcp $HOME_NET any -> [185.11.146.90] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.90/; sid:900622690; rev:1;) alert tcp $HOME_NET any -> [194.5.250.162] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.162/; sid:900622688; rev:1;) alert tcp $HOME_NET any -> [103.219.213.102] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.219.213.102/; sid:900622687; rev:1;) alert tcp $HOME_NET any -> [195.123.238.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.214/; sid:900622686; rev:1;) alert tcp $HOME_NET any -> [195.123.220.151] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.151/; sid:900622685; rev:1;) alert tcp $HOME_NET any -> [95.181.198.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.94/; sid:900622683; rev:1;) alert tcp $HOME_NET any -> [152.169.32.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.32.143/; sid:900622691; rev:1;) alert tcp $HOME_NET any -> [94.67.21.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.67.21.187/; sid:901322107; rev:1;) alert tcp $HOME_NET any -> [190.4.50.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.4.50.26/; sid:900622682; rev:1;) alert tcp $HOME_NET any -> [185.177.59.41] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.41/; sid:900622676; rev:1;) alert tcp $HOME_NET any -> [190.128.222.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.222.14/; sid:901316853; rev:1;) alert tcp $HOME_NET any -> [186.109.28.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.28.142/; sid:901316838; rev:1;) alert tcp $HOME_NET any -> [181.140.173.186] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.173.186/; sid:900622702; rev:1;) alert tcp $HOME_NET any -> [5.2.77.5] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.5/; sid:900622673; rev:1;) alert tcp $HOME_NET any -> [51.89.115.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.98/; sid:900622671; rev:1;) alert tcp $HOME_NET any -> [66.55.71.129] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.129/; sid:900622672; rev:1;) alert tcp $HOME_NET any -> [181.57.193.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.14/; sid:900622669; rev:1;) alert tcp $HOME_NET any -> [190.51.63.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.63.1/; sid:901314580; rev:1;) alert tcp $HOME_NET any -> [189.252.102.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.102.40/; sid:900622675; rev:1;) alert tcp $HOME_NET any -> [74.208.125.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.125.192/; sid:900622670; rev:1;) alert tcp $HOME_NET any -> [189.173.113.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.113.67/; sid:900622678; rev:1;) alert tcp $HOME_NET any -> [190.142.200.108] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.142.200.108/; sid:900622681; rev:1;) alert tcp $HOME_NET any -> [91.108.150.213] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.108.150.213/; sid:900622689; rev:1;) alert tcp $HOME_NET any -> [170.84.78.224] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.78.224/; sid:900622684; rev:1;) alert tcp $HOME_NET any -> [191.100.24.201] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.100.24.201/; sid:900622693; rev:1;) alert tcp $HOME_NET any -> [181.197.108.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.108.171/; sid:900622712; rev:1;) alert tcp $HOME_NET any -> [181.113.28.162] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.28.162/; sid:900622668; rev:1;) alert tcp $HOME_NET any -> [189.28.185.50] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.28.185.50/; sid:900622666; rev:1;) alert tcp $HOME_NET any -> [194.5.250.136] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.136/; sid:900622667; rev:1;) alert tcp $HOME_NET any -> [117.255.221.135] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.221.135/; sid:900622700; rev:1;) alert tcp $HOME_NET any -> [184.95.51.5] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.95.51.5/; sid:900622674; rev:1;) alert tcp $HOME_NET any -> [192.3.247.117] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.117/; sid:900622665; rev:1;) alert tcp $HOME_NET any -> [185.252.144.145] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.145/; sid:900622664; rev:1;) alert tcp $HOME_NET any -> [195.133.145.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.145.141/; sid:900622663; rev:1;) alert tcp $HOME_NET any -> [193.34.144.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.34.144.138/; sid:900622661; rev:1;) alert tcp $HOME_NET any -> [179.12.170.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.170.148/; sid:900622660; rev:1;) alert tcp $HOME_NET any -> [190.79.228.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.228.89/; sid:900622657; rev:1;) alert tcp $HOME_NET any -> [170.130.31.177] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.130.31.177/; sid:900622656; rev:1;) alert tcp $HOME_NET any -> [165.227.156.155] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.156.155/; sid:900622659; rev:1;) alert tcp $HOME_NET any -> [104.239.175.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.239.175.211/; sid:900622658; rev:1;) alert tcp $HOME_NET any -> [211.110.229.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.229.161/; sid:900622662; rev:1;) alert tcp $HOME_NET any -> [171.101.153.86] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.153.86/; sid:900622651; rev:1;) alert tcp $HOME_NET any -> [67.225.179.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.225.179.64/; sid:900622652; rev:1;) alert tcp $HOME_NET any -> [124.150.175.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.150.175.129/; sid:901297781; rev:1;) alert tcp $HOME_NET any -> [188.220.235.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.220.235.237/; sid:900622653; rev:1;) alert tcp $HOME_NET any -> [187.147.152.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.152.244/; sid:900622650; rev:1;) alert tcp $HOME_NET any -> [105.228.98.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.98.115/; sid:901297664; rev:1;) alert tcp $HOME_NET any -> [189.189.56.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.56.216/; sid:900622649; rev:1;) alert tcp $HOME_NET any -> [185.99.2.181] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.181/; sid:900622643; rev:1;) alert tcp $HOME_NET any -> [85.204.116.74] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.74/; sid:900622644; rev:1;) alert tcp $HOME_NET any -> [139.162.185.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.185.116/; sid:901294670; rev:1;) alert tcp $HOME_NET any -> [74.208.173.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.173.91/; sid:900622642; rev:1;) alert tcp $HOME_NET any -> [186.18.224.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.224.149/; sid:900622647; rev:1;) alert tcp $HOME_NET any -> [193.26.217.24] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.24/; sid:900622641; rev:1;) alert tcp $HOME_NET any -> [185.117.75.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.112/; sid:900622640; rev:1;) alert tcp $HOME_NET any -> [201.190.133.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.133.235/; sid:900622648; rev:1;) alert tcp $HOME_NET any -> [142.93.114.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.114.137/; sid:901291109; rev:1;) alert tcp $HOME_NET any -> [190.210.184.138] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.184.138/; sid:900622638; rev:1;) alert tcp $HOME_NET any -> [51.255.165.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.165.160/; sid:900622639; rev:1;) alert tcp $HOME_NET any -> [86.150.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.70.135/; sid:901289945; rev:1;) alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900622636; rev:1;) alert tcp $HOME_NET any -> [111.119.233.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.119.233.65/; sid:900622637; rev:1;) alert tcp $HOME_NET any -> [145.239.188.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.93/; sid:900622632; rev:1;) alert tcp $HOME_NET any -> [45.67.231.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.164/; sid:900622628; rev:1;) alert tcp $HOME_NET any -> [212.80.216.52] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.52/; sid:900622629; rev:1;) alert tcp $HOME_NET any -> [192.3.247.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.11/; sid:900622630; rev:1;) alert tcp $HOME_NET any -> [188.225.82.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.82.68/; sid:900622626; rev:1;) alert tcp $HOME_NET any -> [192.95.62.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.95.62.150/; sid:900622627; rev:1;) alert tcp $HOME_NET any -> [45.66.10.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.10.22/; sid:900622631; rev:1;) alert tcp $HOME_NET any -> [202.29.215.114] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.215.114/; sid:900622634; rev:1;) alert tcp $HOME_NET any -> [212.22.75.95] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.95/; sid:900622625; rev:1;) alert tcp $HOME_NET any -> [194.5.250.134] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.134/; sid:900622633; rev:1;) alert tcp $HOME_NET any -> [172.82.152.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.126/; sid:900622624; rev:1;) alert tcp $HOME_NET any -> [185.222.202.244] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.244/; sid:900622623; rev:1;) alert tcp $HOME_NET any -> [62.109.30.70] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.30.70/; sid:900622622; rev:1;) alert tcp $HOME_NET any -> [23.94.233.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.233.210/; sid:900622621; rev:1;) alert tcp $HOME_NET any -> [31.202.132.13] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.13/; sid:900622620; rev:1;) alert tcp $HOME_NET any -> [85.143.219.157] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.157/; sid:900622618; rev:1;) alert tcp $HOME_NET any -> [185.128.214.204] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.128.214.204/; sid:900622616; rev:1;) alert tcp $HOME_NET any -> [185.14.30.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.84/; sid:900622615; rev:1;) alert tcp $HOME_NET any -> [185.99.2.104] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.104/; sid:900622619; rev:1;) alert tcp $HOME_NET any -> [45.235.213.126] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.235.213.126/; sid:900622614; rev:1;) alert tcp $HOME_NET any -> [95.216.212.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.212.157/; sid:901258273; rev:1;) alert tcp $HOME_NET any -> [142.93.87.198] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.87.198/; sid:901258266; rev:1;) alert tcp $HOME_NET any -> [200.109.58.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.58.183/; sid:901258257; rev:1;) alert tcp $HOME_NET any -> [207.154.204.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.204.40/; sid:901255629; rev:1;) alert tcp $HOME_NET any -> [163.172.40.218] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.40.218/; sid:900622609; rev:1;) alert tcp $HOME_NET any -> [45.56.79.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.79.249/; sid:900622610; rev:1;) alert tcp $HOME_NET any -> [192.241.220.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.220.155/; sid:900622611; rev:1;) alert tcp $HOME_NET any -> [41.75.135.93] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.135.93/; sid:900622613; rev:1;) alert tcp $HOME_NET any -> [190.195.148.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.148.163/; sid:900622612; rev:1;) alert tcp $HOME_NET any -> [186.15.57.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.57.7/; sid:901250630; rev:1;) alert tcp $HOME_NET any -> [201.184.41.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.41.228/; sid:901250628; rev:1;) alert tcp $HOME_NET any -> [190.229.205.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.229.205.11/; sid:900622608; rev:1;) alert tcp $HOME_NET any -> [183.102.238.69] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.102.238.69/; sid:900622606; rev:1;) alert tcp $HOME_NET any -> [187.155.29.74] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.29.74/; sid:901250544; rev:1;) alert tcp $HOME_NET any -> [189.145.6.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.145.6.189/; sid:900622601; rev:1;) alert tcp $HOME_NET any -> [46.105.131.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.68/; sid:900622603; rev:1;) alert tcp $HOME_NET any -> [201.210.70.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.70.8/; sid:900622602; rev:1;) alert tcp $HOME_NET any -> [186.159.246.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.246.121/; sid:900622600; rev:1;) alert tcp $HOME_NET any -> [167.99.105.223] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.223/; sid:900622604; rev:1;) alert tcp $HOME_NET any -> [190.182.161.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.182.161.7/; sid:900622607; rev:1;) alert tcp $HOME_NET any -> [192.3.104.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.46/; sid:900622598; rev:1;) alert tcp $HOME_NET any -> [85.25.138.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.138.55/; sid:900622595; rev:1;) alert tcp $HOME_NET any -> [195.123.247.137] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.137/; sid:900622596; rev:1;) alert tcp $HOME_NET any -> [51.89.115.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.125/; sid:900622597; rev:1;) alert tcp $HOME_NET any -> [181.198.203.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.45/; sid:900622589; rev:1;) alert tcp $HOME_NET any -> [172.104.70.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.70.207/; sid:901240598; rev:1;) alert tcp $HOME_NET any -> [198.57.217.170] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.217.170/; sid:901763293; rev:1;) alert tcp $HOME_NET any -> [124.150.175.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.150.175.133/; sid:900622588; rev:1;) alert tcp $HOME_NET any -> [187.131.163.89] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.163.89/; sid:901240577; rev:1;) alert tcp $HOME_NET any -> [220.241.38.226] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.241.38.226/; sid:900622593; rev:1;) alert tcp $HOME_NET any -> [85.104.121.33] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.121.33/; sid:900622592; rev:1;) alert tcp $HOME_NET any -> [42.190.4.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.190.4.92/; sid:901239518; rev:1;) alert tcp $HOME_NET any -> [211.229.116.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.229.116.130/; sid:900622594; rev:1;) alert tcp $HOME_NET any -> [212.129.24.79] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.79/; sid:900622591; rev:1;) alert tcp $HOME_NET any -> [128.201.174.107] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.174.107/; sid:900622586; rev:1;) alert tcp $HOME_NET any -> [201.210.120.239] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.120.239/; sid:900622585; rev:1;) alert tcp $HOME_NET any -> [185.68.93.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.43/; sid:900622583; rev:1;) alert tcp $HOME_NET any -> [201.187.105.123] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.187.105.123/; sid:900622581; rev:1;) alert tcp $HOME_NET any -> [190.111.255.219] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.255.219/; sid:900622582; rev:1;) alert tcp $HOME_NET any -> [144.91.79.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.79.9/; sid:900622576; rev:1;) alert tcp $HOME_NET any -> [185.62.188.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.117/; sid:900622577; rev:1;) alert tcp $HOME_NET any -> [101.108.92.111] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.108.92.111/; sid:900622578; rev:1;) alert tcp $HOME_NET any -> [181.10.207.234] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.207.234/; sid:900622580; rev:1;) alert tcp $HOME_NET any -> [190.152.125.22] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.125.22/; sid:900622579; rev:1;) alert tcp $HOME_NET any -> [181.29.164.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.164.248/; sid:900622573; rev:1;) alert tcp $HOME_NET any -> [173.249.47.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.47.77/; sid:900622572; rev:1;) alert tcp $HOME_NET any -> [37.187.2.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.2.199/; sid:900622571; rev:1;) alert tcp $HOME_NET any -> [60.52.64.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.52.64.122/; sid:901216162; rev:1;) alert tcp $HOME_NET any -> [138.186.179.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.186.179.235/; sid:901216157; rev:1;) alert tcp $HOME_NET any -> [189.166.13.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.13.109/; sid:900622568; rev:1;) alert tcp $HOME_NET any -> [201.106.32.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.106.32.171/; sid:900622574; rev:1;) alert tcp $HOME_NET any -> [96.20.84.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.84.254/; sid:900622569; rev:1;) alert tcp $HOME_NET any -> [148.72.151.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.72.151.34/; sid:900622570; rev:1;) alert tcp $HOME_NET any -> [195.123.238.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.191/; sid:900622567; rev:1;) alert tcp $HOME_NET any -> [187.193.89.61] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.89.61/; sid:900622563; rev:1;) alert tcp $HOME_NET any -> [91.204.163.19] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.204.163.19/; sid:900622565; rev:1;) alert tcp $HOME_NET any -> [144.139.158.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.158.155/; sid:900622562; rev:1;) alert tcp $HOME_NET any -> [187.155.95.26] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.95.26/; sid:901210320; rev:1;) alert tcp $HOME_NET any -> [189.218.243.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.243.150/; sid:900622566; rev:1;) alert tcp $HOME_NET any -> [23.253.207.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.207.142/; sid:901210292; rev:1;) alert tcp $HOME_NET any -> [201.213.32.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.32.59/; sid:900622564; rev:1;) alert tcp $HOME_NET any -> [189.159.113.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.113.125/; sid:900622561; rev:1;) alert tcp $HOME_NET any -> [187.143.219.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.143.219.242/; sid:901206236; rev:1;) alert tcp $HOME_NET any -> [162.241.134.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.134.130/; sid:901206230; rev:1;) alert tcp $HOME_NET any -> [45.79.95.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.95.107/; sid:901206151; rev:1;) alert tcp $HOME_NET any -> [186.23.132.93] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.132.93/; sid:900622559; rev:1;) alert tcp $HOME_NET any -> [189.189.21.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.21.214/; sid:901206143; rev:1;) alert tcp $HOME_NET any -> [144.91.79.12] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.79.12/; sid:900622552; rev:1;) alert tcp $HOME_NET any -> [185.222.202.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.76/; sid:900622550; rev:1;) alert tcp $HOME_NET any -> [85.25.92.96] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.92.96/; sid:900622558; rev:1;) alert tcp $HOME_NET any -> [45.56.122.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.122.75/; sid:900622557; rev:1;) alert tcp $HOME_NET any -> [45.33.54.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.54.74/; sid:900622556; rev:1;) alert tcp $HOME_NET any -> [190.217.1.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.217.1.149/; sid:900622554; rev:1;) alert tcp $HOME_NET any -> [190.16.101.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.101.10/; sid:900622812; rev:1;) alert tcp $HOME_NET any -> [23.229.115.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.229.115.217/; sid:900622553; rev:1;) alert tcp $HOME_NET any -> [190.120.104.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.104.21/; sid:900622575; rev:1;) alert tcp $HOME_NET any -> [201.250.54.115] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.250.54.115/; sid:900622547; rev:1;) alert tcp $HOME_NET any -> [190.146.131.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.131.105/; sid:901199392; rev:1;) alert tcp $HOME_NET any -> [189.132.130.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.132.130.111/; sid:901199357; rev:1;) alert tcp $HOME_NET any -> [185.45.24.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.45.24.254/; sid:900622545; rev:1;) alert tcp $HOME_NET any -> [200.90.86.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.86.170/; sid:900622541; rev:1;) alert tcp $HOME_NET any -> [194.5.250.95] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.95/; sid:900622542; rev:1;) alert tcp $HOME_NET any -> [172.245.97.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.97.148/; sid:900622543; rev:1;) alert tcp $HOME_NET any -> [200.30.227.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.30.227.135/; sid:900622548; rev:1;) alert tcp $HOME_NET any -> [185.222.202.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.192/; sid:900622539; rev:1;) alert tcp $HOME_NET any -> [181.197.2.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.80/; sid:900622540; rev:1;) alert tcp $HOME_NET any -> [190.113.146.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.113.146.128/; sid:900622528; rev:1;) alert tcp $HOME_NET any -> [203.99.188.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.188.11/; sid:900622532; rev:1;) alert tcp $HOME_NET any -> [190.228.212.165] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.212.165/; sid:900622527; rev:1;) alert tcp $HOME_NET any -> [184.82.233.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.233.15/; sid:900622530; rev:1;) alert tcp $HOME_NET any -> [190.166.25.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.166.25.99/; sid:900622526; rev:1;) alert tcp $HOME_NET any -> [79.127.57.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.43/; sid:900622534; rev:1;) alert tcp $HOME_NET any -> [181.16.17.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.17.210/; sid:900622525; rev:1;) alert tcp $HOME_NET any -> [186.92.11.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.92.11.143/; sid:900622544; rev:1;) alert tcp $HOME_NET any -> [186.109.91.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.91.136/; sid:900622536; rev:1;) alert tcp $HOME_NET any -> [200.127.121.99] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.121.99/; sid:900622521; rev:1;) alert tcp $HOME_NET any -> [186.47.122.182] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.122.182/; sid:900622520; rev:1;) alert tcp $HOME_NET any -> [89.228.243.148] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.228.243.148/; sid:900622516; rev:1;) alert tcp $HOME_NET any -> [170.82.156.53] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.156.53/; sid:900622517; rev:1;) alert tcp $HOME_NET any -> [46.174.235.36] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.174.235.36/; sid:900622518; rev:1;) alert tcp $HOME_NET any -> [181.112.52.26] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.52.26/; sid:900622519; rev:1;) alert tcp $HOME_NET any -> [85.25.255.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.255.207/; sid:900622522; rev:1;) alert tcp $HOME_NET any -> [195.123.220.115] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.115/; sid:900622529; rev:1;) alert tcp $HOME_NET any -> [186.84.173.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.84.173.153/; sid:900622551; rev:1;) alert tcp $HOME_NET any -> [89.191.234.91] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.191.234.91/; sid:900622531; rev:1;) alert tcp $HOME_NET any -> [93.189.42.200] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.200/; sid:900622533; rev:1;) alert tcp $HOME_NET any -> [198.98.51.170] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.170/; sid:900622535; rev:1;) alert tcp $HOME_NET any -> [201.217.113.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.217.113.58/; sid:901168088; rev:1;) alert tcp $HOME_NET any -> [78.46.103.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.103.90/; sid:900622512; rev:1;) alert tcp $HOME_NET any -> [94.177.216.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.216.217/; sid:900622507; rev:1;) alert tcp $HOME_NET any -> [69.163.33.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.84/; sid:900622508; rev:1;) alert tcp $HOME_NET any -> [131.0.103.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.103.200/; sid:900622511; rev:1;) alert tcp $HOME_NET any -> [120.138.101.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.138.101.250/; sid:900622510; rev:1;) alert tcp $HOME_NET any -> [105.227.100.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.100.228/; sid:900622515; rev:1;) alert tcp $HOME_NET any -> [186.71.150.23] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.150.23/; sid:900622513; rev:1;) alert tcp $HOME_NET any -> [31.128.13.45] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.128.13.45/; sid:900622505; rev:1;) alert tcp $HOME_NET any -> [190.97.30.167] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.30.167/; sid:900622546; rev:1;) alert tcp $HOME_NET any -> [192.3.104.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.40/; sid:900622502; rev:1;) alert tcp $HOME_NET any -> [66.85.156.81] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.81/; sid:900622498; rev:1;) alert tcp $HOME_NET any -> [51.89.115.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.120/; sid:900622497; rev:1;) alert tcp $HOME_NET any -> [194.36.189.165] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.165/; sid:900622496; rev:1;) alert tcp $HOME_NET any -> [144.91.76.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.76.214/; sid:900622495; rev:1;) alert tcp $HOME_NET any -> [194.5.250.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.98/; sid:900622494; rev:1;) alert tcp $HOME_NET any -> [91.232.52.187] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.232.52.187/; sid:900622493; rev:1;) alert tcp $HOME_NET any -> [186.146.110.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.110.108/; sid:900622492; rev:1;) alert tcp $HOME_NET any -> [187.144.61.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.61.73/; sid:901148533; rev:1;) alert tcp $HOME_NET any -> [181.44.166.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.166.242/; sid:900622503; rev:1;) alert tcp $HOME_NET any -> [181.51.251.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.51.251.236/; sid:901148491; rev:1;) alert tcp $HOME_NET any -> [181.99.223.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.223.250/; sid:900622499; rev:1;) alert tcp $HOME_NET any -> [31.148.99.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.99.63/; sid:900622490; rev:1;) alert tcp $HOME_NET any -> [75.154.163.1] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.154.163.1/; sid:900622500; rev:1;) alert tcp $HOME_NET any -> [181.61.143.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.143.177/; sid:900622811; rev:1;) alert tcp $HOME_NET any -> [186.90.29.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.29.228/; sid:900622501; rev:1;) alert tcp $HOME_NET any -> [181.135.153.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.135.153.203/; sid:900622491; rev:1;) alert tcp $HOME_NET any -> [37.44.212.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.148/; sid:900622489; rev:1;) alert tcp $HOME_NET any -> [198.144.190.254] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.144.190.254/; sid:900622488; rev:1;) alert tcp $HOME_NET any -> [193.37.212.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.246/; sid:900622487; rev:1;) alert tcp $HOME_NET any -> [94.177.183.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.183.28/; sid:900622509; rev:1;) alert tcp $HOME_NET any -> [131.161.253.190] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.161.253.190/; sid:900622486; rev:1;) alert tcp $HOME_NET any -> [66.55.71.111] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.111/; sid:900622484; rev:1;) alert tcp $HOME_NET any -> [46.21.153.81] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.81/; sid:900622485; rev:1;) alert tcp $HOME_NET any -> [185.164.32.125] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.125/; sid:900622483; rev:1;) alert tcp $HOME_NET any -> [93.123.73.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.192/; sid:900622480; rev:1;) alert tcp $HOME_NET any -> [179.43.147.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.43.147.72/; sid:900622478; rev:1;) alert tcp $HOME_NET any -> [186.176.138.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.138.171/; sid:901145460; rev:1;) alert tcp $HOME_NET any -> [186.47.121.58] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.121.58/; sid:900622479; rev:1;) alert tcp $HOME_NET any -> [195.123.221.236] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.236/; sid:900622504; rev:1;) alert tcp $HOME_NET any -> [178.183.150.169] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.183.150.169/; sid:900622477; rev:1;) alert tcp $HOME_NET any -> [94.103.91.61] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.91.61/; sid:900622475; rev:1;) alert tcp $HOME_NET any -> [199.241.114.0] 42118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.241.114.0/; sid:901143542; rev:1;) alert tcp $HOME_NET any -> [26.235.0.0] 61 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/26.235.0.0/; sid:901143541; rev:1;) alert tcp $HOME_NET any -> [86.22.221.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.22.221.170/; sid:900622514; rev:1;) alert tcp $HOME_NET any -> [80.255.86.20] 24076 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.255.86.20/; sid:901137341; rev:1;) alert tcp $HOME_NET any -> [139.20.36.116] 65286 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.20.36.116/; sid:901137340; rev:1;) alert tcp $HOME_NET any -> [69.164.201.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.201.54/; sid:900622471; rev:1;) alert tcp $HOME_NET any -> [74.208.68.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.68.48/; sid:900622470; rev:1;) alert tcp $HOME_NET any -> [154.120.227.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.227.206/; sid:900622472; rev:1;) alert tcp $HOME_NET any -> [195.123.240.189] 446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.189/; sid:900622467; rev:1;) alert tcp $HOME_NET any -> [157.7.164.178] 8081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.164.178/; sid:900622464; rev:1;) alert tcp $HOME_NET any -> [185.187.198.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.187.198.15/; sid:900622465; rev:1;) alert tcp $HOME_NET any -> [191.82.16.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.82.16.60/; sid:901127416; rev:1;) alert tcp $HOME_NET any -> [199.255.156.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.255.156.210/; sid:901127246; rev:1;) alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:901127227; rev:1;) alert tcp $HOME_NET any -> [162.241.208.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.208.52/; sid:900622463; rev:1;) alert tcp $HOME_NET any -> [139.60.163.32] 446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.32/; sid:900622461; rev:1;) alert tcp $HOME_NET any -> [189.160.49.234] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.49.234/; sid:900622482; rev:1;) alert tcp $HOME_NET any -> [194.5.250.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.94/; sid:900622460; rev:1;) alert tcp $HOME_NET any -> [14.160.93.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.160.93.230/; sid:900622474; rev:1;) alert tcp $HOME_NET any -> [167.71.10.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.10.37/; sid:900622462; rev:1;) alert tcp $HOME_NET any -> [200.55.168.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.168.82/; sid:900622466; rev:1;) alert tcp $HOME_NET any -> [203.99.187.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.187.137/; sid:900622473; rev:1;) alert tcp $HOME_NET any -> [46.21.153.17] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.17/; sid:900622458; rev:1;) alert tcp $HOME_NET any -> [31.202.132.155] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.155/; sid:900622457; rev:1;) alert tcp $HOME_NET any -> [85.143.218.203] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.203/; sid:900622456; rev:1;) alert tcp $HOME_NET any -> [212.80.216.58] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.58/; sid:900622455; rev:1;) alert tcp $HOME_NET any -> [78.24.217.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.217.84/; sid:900622453; rev:1;) alert tcp $HOME_NET any -> [81.177.26.27] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.27/; sid:900622454; rev:1;) alert tcp $HOME_NET any -> [199.195.254.138] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.254.138/; sid:900622452; rev:1;) alert tcp $HOME_NET any -> [68.183.170.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.170.114/; sid:900623534; rev:1;) alert tcp $HOME_NET any -> [192.81.213.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.81.213.192/; sid:901094143; rev:1;) alert tcp $HOME_NET any -> [133.167.80.63] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.167.80.63/; sid:900622447; rev:1;) alert tcp $HOME_NET any -> [24.45.195.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.45.195.162/; sid:900622449; rev:1;) alert tcp $HOME_NET any -> [188.137.81.201] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.137.81.201/; sid:900622451; rev:1;) alert tcp $HOME_NET any -> [201.184.105.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.105.242/; sid:900622448; rev:1;) alert tcp $HOME_NET any -> [82.196.15.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.196.15.205/; sid:901091527; rev:1;) alert tcp $HOME_NET any -> [216.98.148.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.181/; sid:900622443; rev:1;) alert tcp $HOME_NET any -> [198.199.114.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.114.69/; sid:900622440; rev:1;) alert tcp $HOME_NET any -> [189.253.27.123] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.27.123/; sid:900622439; rev:1;) alert tcp $HOME_NET any -> [203.99.188.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.188.203/; sid:901091454; rev:1;) alert tcp $HOME_NET any -> [181.47.235.26] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.47.235.26/; sid:900622438; rev:1;) alert tcp $HOME_NET any -> [216.75.37.196] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.75.37.196/; sid:902010603; rev:1;) alert tcp $HOME_NET any -> [144.76.62.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.62.10/; sid:900622437; rev:1;) alert tcp $HOME_NET any -> [213.138.100.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.138.100.98/; sid:900622445; rev:1;) alert tcp $HOME_NET any -> [70.32.94.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.94.58/; sid:900622442; rev:1;) alert tcp $HOME_NET any -> [23.239.29.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.29.211/; sid:900622441; rev:1;) alert tcp $HOME_NET any -> [91.83.93.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.105/; sid:900622444; rev:1;) alert tcp $HOME_NET any -> [185.244.150.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.150.142/; sid:900622434; rev:1;) alert tcp $HOME_NET any -> [81.190.160.139] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.190.160.139/; sid:900622432; rev:1;) alert tcp $HOME_NET any -> [45.80.148.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.30/; sid:900622431; rev:1;) alert tcp $HOME_NET any -> [45.142.213.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.213.58/; sid:900622430; rev:1;) alert tcp $HOME_NET any -> [85.11.116.194] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.11.116.194/; sid:900622429; rev:1;) alert tcp $HOME_NET any -> [185.164.32.113] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.113/; sid:900622428; rev:1;) alert tcp $HOME_NET any -> [45.66.11.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.11.116/; sid:900622427; rev:1;) alert tcp $HOME_NET any -> [94.156.144.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.144.3/; sid:900622424; rev:1;) alert tcp $HOME_NET any -> [89.25.238.170] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.25.238.170/; sid:900622423; rev:1;) alert tcp $HOME_NET any -> [46.21.153.5] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.5/; sid:900622421; rev:1;) alert tcp $HOME_NET any -> [185.79.243.37] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.79.243.37/; sid:900622420; rev:1;) alert tcp $HOME_NET any -> [185.251.38.165] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.165/; sid:900622422; rev:1;) alert tcp $HOME_NET any -> [185.222.202.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.223/; sid:900622418; rev:1;) alert tcp $HOME_NET any -> [198.98.51.83] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.83/; sid:900622419; rev:1;) alert tcp $HOME_NET any -> [185.14.31.109] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.109/; sid:900622417; rev:1;) alert tcp $HOME_NET any -> [194.5.250.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.83/; sid:900622425; rev:1;) alert tcp $HOME_NET any -> [92.242.40.148] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.40.148/; sid:900622426; rev:1;) alert tcp $HOME_NET any -> [23.94.233.194] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.233.194/; sid:900622416; rev:1;) alert tcp $HOME_NET any -> [31.214.138.207] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.214.138.207/; sid:900622433; rev:1;) alert tcp $HOME_NET any -> [195.123.247.99] 446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.99/; sid:900622436; rev:1;) alert tcp $HOME_NET any -> [195.123.220.88] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.88/; sid:900622415; rev:1;) alert tcp $HOME_NET any -> [5.185.67.137] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.185.67.137/; sid:900622446; rev:1;) alert tcp $HOME_NET any -> [104.244.76.156] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.76.156/; sid:900622412; rev:1;) alert tcp $HOME_NET any -> [192.241.220.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.220.183/; sid:901078100; rev:1;) alert tcp $HOME_NET any -> [173.249.157.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.157.58/; sid:900622414; rev:1;) alert tcp $HOME_NET any -> [91.109.5.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.109.5.28/; sid:900622411; rev:1;) alert tcp $HOME_NET any -> [107.172.248.84] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.84/; sid:900622410; rev:1;) alert tcp $HOME_NET any -> [185.142.99.61] 446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.61/; sid:900622409; rev:1;) alert tcp $HOME_NET any -> [5.1.86.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.86.195/; sid:901077451; rev:1;) alert tcp $HOME_NET any -> [68.183.190.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.190.199/; sid:900622408; rev:1;) alert tcp $HOME_NET any -> [38.132.99.147] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.132.99.147/; sid:900622405; rev:1;) alert tcp $HOME_NET any -> [194.5.250.89] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.89/; sid:900622403; rev:1;) alert tcp $HOME_NET any -> [66.55.71.106] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.106/; sid:900622404; rev:1;) alert tcp $HOME_NET any -> [212.22.75.94] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.94/; sid:900622402; rev:1;) alert tcp $HOME_NET any -> [198.24.134.7] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.24.134.7/; sid:900622406; rev:1;) alert tcp $HOME_NET any -> [185.222.202.218] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.218/; sid:900622537; rev:1;) alert tcp $HOME_NET any -> [185.164.32.135] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.135/; sid:900622584; rev:1;) alert tcp $HOME_NET any -> [209.141.58.175] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.175/; sid:900622399; rev:1;) alert tcp $HOME_NET any -> [93.123.73.40] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.40/; sid:900622398; rev:1;) alert tcp $HOME_NET any -> [195.123.239.16] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.16/; sid:900622397; rev:1;) alert tcp $HOME_NET any -> [194.5.250.87] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.87/; sid:900622395; rev:1;) alert tcp $HOME_NET any -> [23.95.227.178] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.227.178/; sid:900622394; rev:1;) alert tcp $HOME_NET any -> [152.89.236.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.236.214/; sid:901056274; rev:1;) alert tcp $HOME_NET any -> [94.192.225.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.192.225.46/; sid:900622401; rev:1;) alert tcp $HOME_NET any -> [78.189.94.99] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.94.99/; sid:900622393; rev:1;) alert tcp $HOME_NET any -> [27.4.80.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.4.80.183/; sid:901055217; rev:1;) alert tcp $HOME_NET any -> [182.188.39.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.39.68/; sid:901055109; rev:1;) alert tcp $HOME_NET any -> [46.101.212.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.212.195/; sid:900622390; rev:1;) alert tcp $HOME_NET any -> [68.169.49.14] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.49.14/; sid:900622391; rev:1;) alert tcp $HOME_NET any -> [172.105.11.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.11.15/; sid:900622392; rev:1;) alert tcp $HOME_NET any -> [103.31.232.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.31.232.93/; sid:900622389; rev:1;) alert tcp $HOME_NET any -> [185.222.202.193] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.193/; sid:900622386; rev:1;) alert tcp $HOME_NET any -> [5.61.35.158] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.61.35.158/; sid:900622384; rev:1;) alert tcp $HOME_NET any -> [69.162.169.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.162.169.173/; sid:900622407; rev:1;) alert tcp $HOME_NET any -> [15.201.133.244] 49300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.201.133.244/; sid:901051053; rev:1;) alert tcp $HOME_NET any -> [64.139.0.139] 50164 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.139.0.139/; sid:901051049; rev:1;) alert tcp $HOME_NET any -> [144.144.195.91] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.91/; sid:901051046; rev:1;) alert tcp $HOME_NET any -> [41.218.116.192] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.218.116.192/; sid:901051045; rev:1;) alert tcp $HOME_NET any -> [81.232.36.4] 65515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.232.36.4/; sid:901051044; rev:1;) alert tcp $HOME_NET any -> [36.76.137.201] 260 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.76.137.201/; sid:901051043; rev:1;) alert tcp $HOME_NET any -> [84.137.194.41] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.137.194.41/; sid:901051042; rev:1;) alert tcp $HOME_NET any -> [114.208.57.244] 47115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.208.57.244/; sid:901051040; rev:1;) alert tcp $HOME_NET any -> [32.36.84.139] 6795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.84.139/; sid:901051039; rev:1;) alert tcp $HOME_NET any -> [195.16.196.131] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.16.196.131/; sid:901051037; rev:1;) alert tcp $HOME_NET any -> [4.36.68.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.137/; sid:901051035; rev:1;) alert tcp $HOME_NET any -> [139.16.236.131] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.236.131/; sid:901051033; rev:1;) alert tcp $HOME_NET any -> [91.8.196.131] 24414 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.8.196.131/; sid:901051032; rev:1;) alert tcp $HOME_NET any -> [76.56.193.146] 1828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.56.193.146/; sid:901051031; rev:1;) alert tcp $HOME_NET any -> [151.15.166.243] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.15.166.243/; sid:901051030; rev:1;) alert tcp $HOME_NET any -> [237.57.71.32] 56969 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/237.57.71.32/; sid:901051029; rev:1;) alert tcp $HOME_NET any -> [117.255.75.58] 35819 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.75.58/; sid:901051028; rev:1;) alert tcp $HOME_NET any -> [67.66.208.137] 1081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.66.208.137/; sid:901051027; rev:1;) alert tcp $HOME_NET any -> [211.1.1.80] 60237 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.1.1.80/; sid:901051026; rev:1;) alert tcp $HOME_NET any -> [68.139.4.36] 6180 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.139.4.36/; sid:901050993; rev:1;) alert tcp $HOME_NET any -> [68.137.32.36] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.137.32.36/; sid:901050992; rev:1;) alert tcp $HOME_NET any -> [76.137.73.209] 3108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.137.73.209/; sid:901050991; rev:1;) alert tcp $HOME_NET any -> [28.36.84.139] 21641 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.36.84.139/; sid:901051034; rev:1;) alert tcp $HOME_NET any -> [144.195.192.148] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.192.148/; sid:901050988; rev:1;) alert tcp $HOME_NET any -> [72.139.0.139] 34292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.139.0.139/; sid:901050987; rev:1;) alert tcp $HOME_NET any -> [144.0.4.194] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.0.4.194/; sid:901050986; rev:1;) alert tcp $HOME_NET any -> [8.36.84.139] 4747 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.139/; sid:901050985; rev:1;) alert tcp $HOME_NET any -> [144.195.0.139] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.0.139/; sid:901050984; rev:1;) alert tcp $HOME_NET any -> [144.144.195.244] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.244/; sid:901050983; rev:1;) alert tcp $HOME_NET any -> [16.137.18.139] 1218 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.137.18.139/; sid:901050981; rev:1;) alert tcp $HOME_NET any -> [4.36.68.139] 139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.139/; sid:901050982; rev:1;) alert tcp $HOME_NET any -> [24.196.131.216] 50011 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.131.216/; sid:901050979; rev:1;) alert tcp $HOME_NET any -> [133.255.255.235] 29888 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.255.255.235/; sid:901050978; rev:1;) alert tcp $HOME_NET any -> [137.216.1.4] 9220 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.216.1.4/; sid:901050977; rev:1;) alert tcp $HOME_NET any -> [190.15.8.36] 35273 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.8.36/; sid:901050976; rev:1;) alert tcp $HOME_NET any -> [144.195.91.24] 49705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.91.24/; sid:901050975; rev:1;) alert tcp $HOME_NET any -> [83.139.26.139] 14836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.139.26.139/; sid:901050974; rev:1;) alert tcp $HOME_NET any -> [36.36.76.138] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.76.138/; sid:901050973; rev:1;) alert tcp $HOME_NET any -> [24.236.131.83] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.131.83/; sid:901050972; rev:1;) alert tcp $HOME_NET any -> [20.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.36.68.139/; sid:901050971; rev:1;) alert tcp $HOME_NET any -> [139.24.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.24.36.68/; sid:901050968; rev:1;) alert tcp $HOME_NET any -> [94.198.139.246] 35679 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.198.139.246/; sid:901050851; rev:1;) alert tcp $HOME_NET any -> [180.235.218.117] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.235.218.117/; sid:901050782; rev:1;) alert tcp $HOME_NET any -> [131.194.117.192] 749 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.194.117.192/; sid:901050781; rev:1;) alert tcp $HOME_NET any -> [25.232.36.4] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/25.232.36.4/; sid:901050780; rev:1;) alert tcp $HOME_NET any -> [139.4.36.68] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.4.36.68/; sid:901050779; rev:1;) alert tcp $HOME_NET any -> [15.8.36.124] 1207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.8.36.124/; sid:901050778; rev:1;) alert tcp $HOME_NET any -> [8.36.124.137] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.124.137/; sid:901050777; rev:1;) alert tcp $HOME_NET any -> [131.80.20.141] 511 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.80.20.141/; sid:901050776; rev:1;) alert tcp $HOME_NET any -> [139.0.0.13] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.0.13/; sid:901050775; rev:1;) alert tcp $HOME_NET any -> [137.4.36.116] 9244 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.116/; sid:901050774; rev:1;) alert tcp $HOME_NET any -> [133.252.72.139] 32457 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.252.72.139/; sid:901050773; rev:1;) alert tcp $HOME_NET any -> [59.23.52.141] 63600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.52.141/; sid:901050772; rev:1;) alert tcp $HOME_NET any -> [209.41.31.255] 53049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.41.31.255/; sid:901050771; rev:1;) alert tcp $HOME_NET any -> [80.139.3.139] 47604 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.139.3.139/; sid:901050770; rev:1;) alert tcp $HOME_NET any -> [93.95.94.91] 36291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.94.91/; sid:901050769; rev:1;) alert tcp $HOME_NET any -> [137.13.117.255] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.13.117.255/; sid:901050768; rev:1;) alert tcp $HOME_NET any -> [139.52.36.124] 9324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.124/; sid:901050767; rev:1;) alert tcp $HOME_NET any -> [139.28.236.131] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.236.131/; sid:901050766; rev:1;) alert tcp $HOME_NET any -> [144.144.144.255] 3049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.144.255/; sid:901050764; rev:1;) alert tcp $HOME_NET any -> [235.10.137.102] 51160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.10.137.102/; sid:901050763; rev:1;) alert tcp $HOME_NET any -> [150.235.199.137] 35686 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.235.199.137/; sid:901050762; rev:1;) alert tcp $HOME_NET any -> [94.91.28.196] 23903 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.91.28.196/; sid:901050761; rev:1;) alert tcp $HOME_NET any -> [139.255.255.217] 50947 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.217/; sid:901050760; rev:1;) alert tcp $HOME_NET any -> [137.4.36.108] 9236 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.108/; sid:901050759; rev:1;) alert tcp $HOME_NET any -> [137.49.116.1] 9340 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.49.116.1/; sid:901050758; rev:1;) alert tcp $HOME_NET any -> [141.106.44.141] 18452 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.106.44.141/; sid:901050757; rev:1;) alert tcp $HOME_NET any -> [139.16.139.52] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.139.52/; sid:901050756; rev:1;) alert tcp $HOME_NET any -> [36.116.137.23] 35076 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.116.137.23/; sid:901050755; rev:1;) alert tcp $HOME_NET any -> [131.6.119.248] 64632 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.6.119.248/; sid:901050754; rev:1;) alert tcp $HOME_NET any -> [141.244.72.139] 3892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.244.72.139/; sid:901050753; rev:1;) alert tcp $HOME_NET any -> [121.119.253.57] 61225 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.119.253.57/; sid:901050752; rev:1;) alert tcp $HOME_NET any -> [139.52.36.76] 35601 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.76/; sid:901050751; rev:1;) alert tcp $HOME_NET any -> [36.68.183.15] 35080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.183.15/; sid:901050750; rev:1;) alert tcp $HOME_NET any -> [32.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.68.139/; sid:901050749; rev:1;) alert tcp $HOME_NET any -> [8.36.84.137] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.137/; sid:901050748; rev:1;) alert tcp $HOME_NET any -> [12.36.84.137] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.84.137/; sid:901050747; rev:1;) alert tcp $HOME_NET any -> [139.36.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.36.36.68/; sid:901050746; rev:1;) alert tcp $HOME_NET any -> [144.144.195.93] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.93/; sid:901050745; rev:1;) alert tcp $HOME_NET any -> [196.131.216.137] 23324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.216.137/; sid:901050744; rev:1;) alert tcp $HOME_NET any -> [187.217.114.244] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.217.114.244/; sid:901050743; rev:1;) alert tcp $HOME_NET any -> [131.7.139.67] 710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.7.139.67/; sid:901050742; rev:1;) alert tcp $HOME_NET any -> [52.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.36.68.139/; sid:901050741; rev:1;) alert tcp $HOME_NET any -> [48.4.183.15] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/48.4.183.15/; sid:901050740; rev:1;) alert tcp $HOME_NET any -> [133.60.36.108] 29933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.60.36.108/; sid:901050739; rev:1;) alert tcp $HOME_NET any -> [139.48.36.124] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.48.36.124/; sid:901050738; rev:1;) alert tcp $HOME_NET any -> [83.86.87.85] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.86.87.85/; sid:901050737; rev:1;) alert tcp $HOME_NET any -> [91.24.196.131] 37059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.24.196.131/; sid:901050736; rev:1;) alert tcp $HOME_NET any -> [4.36.92.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.92.137/; sid:901050734; rev:1;) alert tcp $HOME_NET any -> [40.36.68.139] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.36.68.139/; sid:901050733; rev:1;) alert tcp $HOME_NET any -> [36.36.92.139] 7305 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.92.139/; sid:901050732; rev:1;) alert tcp $HOME_NET any -> [144.144.0.0] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.0.0/; sid:901050731; rev:1;) alert tcp $HOME_NET any -> [36.68.137.8] 59656 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.137.8/; sid:901050730; rev:1;) alert tcp $HOME_NET any -> [195.28.196.131] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.28.196.131/; sid:901050729; rev:1;) alert tcp $HOME_NET any -> [232.36.4.137] 8 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.36.4.137/; sid:901050735; rev:1;) alert tcp $HOME_NET any -> [201.199.93.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.93.30/; sid:900622396; rev:1;) alert tcp $HOME_NET any -> [79.129.0.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.0.173/; sid:900622385; rev:1;) alert tcp $HOME_NET any -> [187.150.150.127] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.150.127/; sid:900622383; rev:1;) alert tcp $HOME_NET any -> [4.36.84.137] 3209 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.84.137/; sid:901050664; rev:1;) alert tcp $HOME_NET any -> [44.116.1.255] 31881 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.116.1.255/; sid:901050663; rev:1;) alert tcp $HOME_NET any -> [62.109.0.169] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.0.169/; sid:900622381; rev:1;) alert tcp $HOME_NET any -> [148.251.185.185] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.185/; sid:900622380; rev:1;) alert tcp $HOME_NET any -> [194.36.189.168] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.168/; sid:900622382; rev:1;) alert tcp $HOME_NET any -> [46.30.42.63] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.42.63/; sid:900622378; rev:1;) alert tcp $HOME_NET any -> [103.75.118.176] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.176/; sid:900622377; rev:1;) alert tcp $HOME_NET any -> [95.216.207.86] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.207.86/; sid:901050258; rev:1;) alert tcp $HOME_NET any -> [186.139.205.130] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.205.130/; sid:901050254; rev:1;) alert tcp $HOME_NET any -> [108.166.188.146] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.166.188.146/; sid:900622375; rev:1;) alert tcp $HOME_NET any -> [212.80.218.133] 447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.133/; sid:900622373; rev:1;) alert tcp $HOME_NET any -> [187.177.154.167] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.154.167/; sid:901049795; rev:1;) alert tcp $HOME_NET any -> [91.121.116.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.116.137/; sid:900622379; rev:1;) alert tcp $HOME_NET any -> [190.85.152.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.152.186/; sid:900622367; rev:1;) alert tcp $HOME_NET any -> [189.136.50.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.136.50.227/; sid:901049032; rev:1;) alert tcp $HOME_NET any -> [196.149.141.232] 65534 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.149.141.232/; sid:901049030; rev:1;) alert tcp $HOME_NET any -> [171.198.232.240] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.198.232.240/; sid:901049029; rev:1;) alert tcp $HOME_NET any -> [139.211.139.32] 61517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.211.139.32/; sid:901049028; rev:1;) alert tcp $HOME_NET any -> [100.0.64.244] 12543 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.64.244/; sid:901049027; rev:1;) alert tcp $HOME_NET any -> [51.236.69.137] 21952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.236.69.137/; sid:901049026; rev:1;) alert tcp $HOME_NET any -> [232.0.64.98] 46492 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.0.64.98/; sid:901049025; rev:1;) alert tcp $HOME_NET any -> [32.137.100.48] 104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.137.100.48/; sid:901049024; rev:1;) alert tcp $HOME_NET any -> [137.0.1.47] 61509 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.1.47/; sid:901049023; rev:1;) alert tcp $HOME_NET any -> [94.56.161.1] 64 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.56.161.1/; sid:901049022; rev:1;) alert tcp $HOME_NET any -> [56.161.1.178] 16478 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.161.1.178/; sid:901049021; rev:1;) alert tcp $HOME_NET any -> [233.0.0.2] 299 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.0.0.2/; sid:901049020; rev:1;) alert tcp $HOME_NET any -> [139.200.85.139] 64581 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.200.85.139/; sid:901049019; rev:1;) alert tcp $HOME_NET any -> [232.211.139.200] 18960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.211.139.200/; sid:901049018; rev:1;) alert tcp $HOME_NET any -> [192.132.0.0] 6773 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.132.0.0/; sid:901049017; rev:1;) alert tcp $HOME_NET any -> [69.141.80.0] 35788 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.141.80.0/; sid:901049016; rev:1;) alert tcp $HOME_NET any -> [228.69.141.37] 33768 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.69.141.37/; sid:901049015; rev:1;) alert tcp $HOME_NET any -> [1.6.59.232] 33792 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.6.59.232/; sid:901049014; rev:1;) alert tcp $HOME_NET any -> [85.141.32.137] 26360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activ