################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2019-08-19 18:36:49 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [185.117.75.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.110/; sid:900621940; rev:1;) alert tcp $HOME_NET any -> [139.60.163.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.101/; sid:900621938; rev:1;) alert tcp $HOME_NET any -> [195.123.237.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.113/; sid:900621939; rev:1;) alert tcp $HOME_NET any -> [5.53.124.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.49/; sid:900621937; rev:1;) alert tcp $HOME_NET any -> [178.170.189.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.117/; sid:900621934; rev:1;) alert tcp $HOME_NET any -> [5.9.178.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.87/; sid:900621935; rev:1;) alert tcp $HOME_NET any -> [79.143.31.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.31.94/; sid:900621936; rev:1;) alert tcp $HOME_NET any -> [51.79.57.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.57.148/; sid:900621933; rev:1;) alert tcp $HOME_NET any -> [89.105.203.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.182/; sid:900621930; rev:1;) alert tcp $HOME_NET any -> [185.183.99.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.159/; sid:900621928; rev:1;) alert tcp $HOME_NET any -> [80.87.199.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.54/; sid:900621927; rev:1;) alert tcp $HOME_NET any -> [82.146.43.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.43.15/; sid:900621932; rev:1;) alert tcp $HOME_NET any -> [198.46.198.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.132/; sid:900621931; rev:1;) alert tcp $HOME_NET any -> [192.210.226.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.226.104/; sid:900621924; rev:1;) alert tcp $HOME_NET any -> [146.185.219.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.21/; sid:900621926; rev:1;) alert tcp $HOME_NET any -> [185.241.53.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.53.109/; sid:900621923; rev:1;) alert tcp $HOME_NET any -> [54.36.24.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.24.100/; sid:900621922; rev:1;) alert tcp $HOME_NET any -> [185.172.129.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.11/; sid:900621929; rev:1;) alert tcp $HOME_NET any -> [185.202.174.77] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.77/; sid:900621920; rev:1;) alert tcp $HOME_NET any -> [5.53.124.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.147/; sid:900621925; rev:1;) alert tcp $HOME_NET any -> [107.174.71.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.71.44/; sid:900621918; rev:1;) alert tcp $HOME_NET any -> [54.37.195.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.195.102/; sid:900621919; rev:1;) alert tcp $HOME_NET any -> [185.142.99.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.39/; sid:900621915; rev:1;) alert tcp $HOME_NET any -> [185.117.73.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.58/; sid:900621914; rev:1;) alert tcp $HOME_NET any -> [198.46.198.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.12/; sid:900621917; rev:1;) alert tcp $HOME_NET any -> [198.12.97.204] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.204/; sid:900621910; rev:1;) alert tcp $HOME_NET any -> [81.177.136.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.17/; sid:900621909; rev:1;) alert tcp $HOME_NET any -> [212.80.217.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.182/; sid:900621911; rev:1;) alert tcp $HOME_NET any -> [195.123.237.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.126/; sid:900621916; rev:1;) alert tcp $HOME_NET any -> [195.123.233.35] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.35/; sid:900621908; rev:1;) alert tcp $HOME_NET any -> [107.172.201.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.201.144/; sid:900621906; rev:1;) alert tcp $HOME_NET any -> [31.184.253.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.244/; sid:900621905; rev:1;) alert tcp $HOME_NET any -> [193.124.185.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.185.113/; sid:900621903; rev:1;) alert tcp $HOME_NET any -> [195.123.238.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.54/; sid:900621902; rev:1;) alert tcp $HOME_NET any -> [198.12.97.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.170/; sid:900621901; rev:1;) alert tcp $HOME_NET any -> [50.3.68.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.3.68.150/; sid:900621904; rev:1;) alert tcp $HOME_NET any -> [194.87.111.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.111.102/; sid:900621900; rev:1;) alert tcp $HOME_NET any -> [94.103.95.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.95.91/; sid:900621899; rev:1;) alert tcp $HOME_NET any -> [198.46.198.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.103/; sid:900621907; rev:1;) alert tcp $HOME_NET any -> [91.235.129.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.80/; sid:900621898; rev:1;) alert tcp $HOME_NET any -> [37.228.117.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.142/; sid:900621897; rev:1;) alert tcp $HOME_NET any -> [185.161.210.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.210.161/; sid:900621896; rev:1;) alert tcp $HOME_NET any -> [85.143.217.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.214/; sid:900621893; rev:1;) alert tcp $HOME_NET any -> [46.30.41.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.33/; sid:900621894; rev:1;) alert tcp $HOME_NET any -> [92.63.104.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.104.76/; sid:900621895; rev:1;) alert tcp $HOME_NET any -> [185.186.77.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.233/; sid:900621892; rev:1;) alert tcp $HOME_NET any -> [91.240.84.55] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.55/; sid:900621891; rev:1;) alert tcp $HOME_NET any -> [185.98.87.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.196/; sid:900621890; rev:1;) alert tcp $HOME_NET any -> [185.177.59.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.115/; sid:900621888; rev:1;) alert tcp $HOME_NET any -> [195.161.62.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.206/; sid:900621889; rev:1;) alert tcp $HOME_NET any -> [188.165.62.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.5/; sid:900621887; rev:1;) alert tcp $HOME_NET any -> [192.3.253.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.217/; sid:900621913; rev:1;) alert tcp $HOME_NET any -> [94.156.189.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.216/; sid:900621912; rev:1;) alert tcp $HOME_NET any -> [185.202.174.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.76/; sid:900621921; rev:1;) alert tcp $HOME_NET any -> [45.67.231.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.170/; sid:900621884; rev:1;) alert tcp $HOME_NET any -> [23.95.90.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.90.88/; sid:900621881; rev:1;) alert tcp $HOME_NET any -> [5.253.63.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.142/; sid:900621878; rev:1;) alert tcp $HOME_NET any -> [144.217.50.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.250/; sid:900621879; rev:1;) alert tcp $HOME_NET any -> [195.161.114.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.131/; sid:900621874; rev:1;) alert tcp $HOME_NET any -> [194.99.20.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.161/; sid:900621873; rev:1;) alert tcp $HOME_NET any -> [217.107.34.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.170/; sid:900621875; rev:1;) alert tcp $HOME_NET any -> [192.243.109.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.215/; sid:900621876; rev:1;) alert tcp $HOME_NET any -> [192.3.253.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.197/; sid:900621877; rev:1;) alert tcp $HOME_NET any -> [185.183.96.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.217/; sid:900621880; rev:1;) alert tcp $HOME_NET any -> [192.243.109.208] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.208/; sid:900621882; rev:1;) alert tcp $HOME_NET any -> [23.94.184.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.124/; sid:900621883; rev:1;) alert tcp $HOME_NET any -> [212.73.150.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.83/; sid:900621872; rev:1;) alert tcp $HOME_NET any -> [195.123.243.79] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.243.79/; sid:900621871; rev:1;) alert tcp $HOME_NET any -> [145.239.188.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.90/; sid:900621870; rev:1;) alert tcp $HOME_NET any -> [192.243.109.219] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.219/; sid:900621869; rev:1;) alert tcp $HOME_NET any -> [109.234.34.152] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.34.152/; sid:900621868; rev:1;) alert tcp $HOME_NET any -> [185.183.98.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.198/; sid:900621867; rev:1;) alert tcp $HOME_NET any -> [37.44.212.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.19/; sid:900621866; rev:1;) alert tcp $HOME_NET any -> [185.183.96.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.221/; sid:900621864; rev:1;) alert tcp $HOME_NET any -> [192.3.247.108] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.108/; sid:900621865; rev:1;) alert tcp $HOME_NET any -> [108.174.56.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.131/; sid:900621886; rev:1;) alert tcp $HOME_NET any -> [80.87.199.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.186/; sid:900621862; rev:1;) alert tcp $HOME_NET any -> [193.37.212.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.218/; sid:900621863; rev:1;) alert tcp $HOME_NET any -> [193.37.212.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.219/; sid:900621861; rev:1;) alert tcp $HOME_NET any -> [194.87.144.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.144.60/; sid:900621860; rev:1;) alert tcp $HOME_NET any -> [37.18.30.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.20/; sid:900621859; rev:1;) alert tcp $HOME_NET any -> [80.87.199.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.5/; sid:900621856; rev:1;) alert tcp $HOME_NET any -> [92.38.171.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.91/; sid:900621855; rev:1;) alert tcp $HOME_NET any -> [178.156.202.242] 2050 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.242/; sid:900621854; rev:1;) alert tcp $HOME_NET any -> [80.87.201.64] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.201.64/; sid:900621858; rev:1;) alert tcp $HOME_NET any -> [45.15.253.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.55/; sid:900621857; rev:1;) alert tcp $HOME_NET any -> [136.243.142.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.150/; sid:900621853; rev:1;) alert tcp $HOME_NET any -> [162.248.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.160/; sid:900621852; rev:1;) alert tcp $HOME_NET any -> [185.173.92.121] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.173.92.121/; sid:900621851; rev:1;) alert tcp $HOME_NET any -> [185.241.52.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.52.38/; sid:900621849; rev:1;) alert tcp $HOME_NET any -> [176.57.215.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.57.215.128/; sid:900621850; rev:1;) alert tcp $HOME_NET any -> [185.141.25.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.91/; sid:900621847; rev:1;) alert tcp $HOME_NET any -> [185.183.97.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.152/; sid:900621846; rev:1;) alert tcp $HOME_NET any -> [185.141.27.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.172/; sid:900621837; rev:1;) alert tcp $HOME_NET any -> [217.107.34.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.34/; sid:900621838; rev:1;) alert tcp $HOME_NET any -> [80.87.200.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.200.37/; sid:900621839; rev:1;) alert tcp $HOME_NET any -> [5.253.63.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.134/; sid:900621841; rev:1;) alert tcp $HOME_NET any -> [185.141.27.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.134/; sid:900621840; rev:1;) alert tcp $HOME_NET any -> [162.247.155.165] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.165/; sid:900621842; rev:1;) alert tcp $HOME_NET any -> [145.239.188.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.88/; sid:900621843; rev:1;) alert tcp $HOME_NET any -> [192.3.83.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.176/; sid:900621836; rev:1;) alert tcp $HOME_NET any -> [198.12.101.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.101.164/; sid:900621844; rev:1;) alert tcp $HOME_NET any -> [51.75.232.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.232.232/; sid:900621834; rev:1;) alert tcp $HOME_NET any -> [217.107.34.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.104/; sid:900621832; rev:1;) alert tcp $HOME_NET any -> [185.198.57.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.86/; sid:900621833; rev:1;) alert tcp $HOME_NET any -> [37.44.215.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.174/; sid:900621831; rev:1;) alert tcp $HOME_NET any -> [81.177.26.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.91/; sid:900621828; rev:1;) alert tcp $HOME_NET any -> [185.203.118.145] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.118.145/; sid:900621829; rev:1;) alert tcp $HOME_NET any -> [107.173.125.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.125.68/; sid:900621826; rev:1;) alert tcp $HOME_NET any -> [85.204.116.189] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.189/; sid:900621824; rev:1;) alert tcp $HOME_NET any -> [185.183.96.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.48/; sid:900621823; rev:1;) alert tcp $HOME_NET any -> [185.141.25.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.79/; sid:900621825; rev:1;) alert tcp $HOME_NET any -> [192.3.247.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.104/; sid:900621827; rev:1;) alert tcp $HOME_NET any -> [23.94.184.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.109/; sid:900621830; rev:1;) alert tcp $HOME_NET any -> [85.143.223.188] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.188/; sid:900621835; rev:1;) alert tcp $HOME_NET any -> [172.245.110.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.110.126/; sid:900621848; rev:1;) alert tcp $HOME_NET any -> [37.18.30.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.153/; sid:900621845; rev:1;) alert tcp $HOME_NET any -> [185.141.25.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.75/; sid:900621822; rev:1;) alert tcp $HOME_NET any -> [195.133.144.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.112/; sid:900621819; rev:1;) alert tcp $HOME_NET any -> [91.228.218.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.228.218.50/; sid:900621815; rev:1;) alert tcp $HOME_NET any -> [23.95.44.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.44.51/; sid:900621818; rev:1;) alert tcp $HOME_NET any -> [23.94.49.229] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.49.229/; sid:900621817; rev:1;) alert tcp $HOME_NET any -> [37.44.215.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.180/; sid:900621816; rev:1;) alert tcp $HOME_NET any -> [92.38.171.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.57/; sid:900621812; rev:1;) alert tcp $HOME_NET any -> [162.248.225.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.20/; sid:900621813; rev:1;) alert tcp $HOME_NET any -> [31.202.132.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.185/; sid:900621810; rev:1;) alert tcp $HOME_NET any -> [107.175.115.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.115.147/; sid:900621809; rev:1;) alert tcp $HOME_NET any -> [185.141.25.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.126/; sid:900621806; rev:1;) alert tcp $HOME_NET any -> [185.65.202.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.127/; sid:900621807; rev:1;) alert tcp $HOME_NET any -> [78.140.223.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.140.223.27/; sid:900621808; rev:1;) alert tcp $HOME_NET any -> [23.94.53.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.53.171/; sid:900621811; rev:1;) alert tcp $HOME_NET any -> [195.123.238.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.9/; sid:900621821; rev:1;) alert tcp $HOME_NET any -> [94.156.35.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.190/; sid:900621804; rev:1;) alert tcp $HOME_NET any -> [195.123.245.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.16/; sid:900621802; rev:1;) alert tcp $HOME_NET any -> [192.243.108.105] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.105/; sid:900621803; rev:1;) alert tcp $HOME_NET any -> [23.94.137.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.229/; sid:900621801; rev:1;) alert tcp $HOME_NET any -> [192.3.61.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.61.236/; sid:900621800; rev:1;) alert tcp $HOME_NET any -> [85.204.116.192] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.192/; sid:900621799; rev:1;) alert tcp $HOME_NET any -> [178.157.82.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.60/; sid:900621798; rev:1;) alert tcp $HOME_NET any -> [185.61.148.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.203/; sid:900621796; rev:1;) alert tcp $HOME_NET any -> [178.157.82.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.177/; sid:900621793; rev:1;) alert tcp $HOME_NET any -> [23.94.137.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.10/; sid:900621791; rev:1;) alert tcp $HOME_NET any -> [185.98.87.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.113/; sid:900621781; rev:1;) alert tcp $HOME_NET any -> [80.87.199.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.224/; sid:900621773; rev:1;) alert tcp $HOME_NET any -> [194.32.77.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.77.81/; sid:900621774; rev:1;) alert tcp $HOME_NET any -> [185.135.81.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.95/; sid:900621775; rev:1;) alert tcp $HOME_NET any -> [45.15.253.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.61/; sid:900621778; rev:1;) alert tcp $HOME_NET any -> [5.196.195.6] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.195.6/; sid:900621779; rev:1;) alert tcp $HOME_NET any -> [37.44.212.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.120/; sid:900621782; rev:1;) alert tcp $HOME_NET any -> [92.119.114.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.119.114.186/; sid:900621783; rev:1;) alert tcp $HOME_NET any -> [185.206.145.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.145.100/; sid:900621784; rev:1;) alert tcp $HOME_NET any -> [192.243.103.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.103.153/; sid:900621787; rev:1;) alert tcp $HOME_NET any -> [185.61.148.65] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.65/; sid:900621780; rev:1;) alert tcp $HOME_NET any -> [85.143.218.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.104/; sid:900621776; rev:1;) alert tcp $HOME_NET any -> [51.254.69.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.233/; sid:900621777; rev:1;) alert tcp $HOME_NET any -> [192.3.83.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.168/; sid:900621797; rev:1;) alert tcp $HOME_NET any -> [185.206.146.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.178/; sid:900621762; rev:1;) alert tcp $HOME_NET any -> [185.65.202.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.102/; sid:900621771; rev:1;) alert tcp $HOME_NET any -> [185.141.25.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.116/; sid:900621788; rev:1;) alert tcp $HOME_NET any -> [185.205.210.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.205.210.58/; sid:900621792; rev:1;) alert tcp $HOME_NET any -> [193.37.212.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.249/; sid:900621768; rev:1;) alert tcp $HOME_NET any -> [185.186.77.248] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.248/; sid:900621767; rev:1;) alert tcp $HOME_NET any -> [82.118.22.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.22.87/; sid:900621764; rev:1;) alert tcp $HOME_NET any -> [45.8.229.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.113/; sid:900621763; rev:1;) alert tcp $HOME_NET any -> [107.173.140.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.140.104/; sid:900621795; rev:1;) alert tcp $HOME_NET any -> [193.37.213.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.213.39/; sid:900621794; rev:1;) alert tcp $HOME_NET any -> [192.243.108.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.102/; sid:900621772; rev:1;) alert tcp $HOME_NET any -> [85.204.116.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.151/; sid:900621761; rev:1;) alert tcp $HOME_NET any -> [31.202.132.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.95/; sid:900621789; rev:1;) alert tcp $HOME_NET any -> [108.174.56.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.159/; sid:900621790; rev:1;) alert tcp $HOME_NET any -> [185.183.97.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.141/; sid:900621766; rev:1;) alert tcp $HOME_NET any -> [107.173.34.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.34.151/; sid:900621786; rev:1;) alert tcp $HOME_NET any -> [107.172.248.98] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.98/; sid:900621785; rev:1;) alert tcp $HOME_NET any -> [23.94.96.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.96.203/; sid:900621765; rev:1;) alert tcp $HOME_NET any -> [192.210.132.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.132.15/; sid:900621760; rev:1;) alert tcp $HOME_NET any -> [195.123.213.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.36/; sid:900621769; rev:1;) alert tcp $HOME_NET any -> [185.246.67.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.198/; sid:900621770; rev:1;) alert tcp $HOME_NET any -> [77.244.219.49] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.49/; sid:900621742; rev:1;) alert tcp $HOME_NET any -> [185.251.39.73] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.73/; sid:900621758; rev:1;) alert tcp $HOME_NET any -> [192.243.102.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.102.102/; sid:900621759; rev:1;) alert tcp $HOME_NET any -> [45.12.215.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.12.215.57/; sid:900621745; rev:1;) alert tcp $HOME_NET any -> [185.198.57.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.110/; sid:900621747; rev:1;) alert tcp $HOME_NET any -> [5.253.63.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.112/; sid:900621746; rev:1;) alert tcp $HOME_NET any -> [185.246.67.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.63/; sid:900621736; rev:1;) alert tcp $HOME_NET any -> [103.75.118.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.230/; sid:900621738; rev:1;) alert tcp $HOME_NET any -> [185.180.197.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.197.38/; sid:900621737; rev:1;) alert tcp $HOME_NET any -> [178.170.189.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.45/; sid:900621735; rev:1;) alert tcp $HOME_NET any -> [37.44.212.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.173/; sid:900621733; rev:1;) alert tcp $HOME_NET any -> [185.90.61.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.80/; sid:900621730; rev:1;) alert tcp $HOME_NET any -> [2.59.40.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.59.40.240/; sid:900621731; rev:1;) alert tcp $HOME_NET any -> [185.86.149.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.110/; sid:900621728; rev:1;) alert tcp $HOME_NET any -> [107.173.42.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.42.177/; sid:900621729; rev:1;) alert tcp $HOME_NET any -> [185.61.149.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.162/; sid:900621727; rev:1;) alert tcp $HOME_NET any -> [192.243.108.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.230/; sid:900621726; rev:1;) alert tcp $HOME_NET any -> [185.202.174.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.72/; sid:900621722; rev:1;) alert tcp $HOME_NET any -> [194.67.217.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.67.217.125/; sid:900621718; rev:1;) alert tcp $HOME_NET any -> [82.118.21.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.133/; sid:900621719; rev:1;) alert tcp $HOME_NET any -> [144.217.12.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.12.34/; sid:900621724; rev:1;) alert tcp $HOME_NET any -> [146.185.219.56] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.56/; sid:900621716; rev:1;) alert tcp $HOME_NET any -> [46.30.41.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.155/; sid:900621717; rev:1;) alert tcp $HOME_NET any -> [185.244.149.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.74/; sid:900621720; rev:1;) alert tcp $HOME_NET any -> [193.37.212.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.106/; sid:900621721; rev:1;) alert tcp $HOME_NET any -> [107.172.143.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.241/; sid:900621723; rev:1;) alert tcp $HOME_NET any -> [185.251.38.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.238/; sid:900621725; rev:1;) alert tcp $HOME_NET any -> [195.123.246.69] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.69/; sid:900621749; rev:1;) alert tcp $HOME_NET any -> [172.245.19.134] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.19.134/; sid:900621714; rev:1;) alert tcp $HOME_NET any -> [185.117.75.101] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.101/; sid:900621743; rev:1;) alert tcp $HOME_NET any -> [139.60.163.40] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.40/; sid:900621739; rev:1;) alert tcp $HOME_NET any -> [93.189.47.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.47.93/; sid:900621750; rev:1;) alert tcp $HOME_NET any -> [149.202.225.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.164/; sid:900621713; rev:1;) alert tcp $HOME_NET any -> [81.177.136.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.36/; sid:900621734; rev:1;) alert tcp $HOME_NET any -> [192.227.232.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.26/; sid:900621732; rev:1;) alert tcp $HOME_NET any -> [82.118.21.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.139/; sid:900621715; rev:1;) alert tcp $HOME_NET any -> [23.94.93.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.104/; sid:900621748; rev:1;) alert tcp $HOME_NET any -> [146.185.219.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.69/; sid:900621751; rev:1;) alert tcp $HOME_NET any -> [178.156.202.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.69/; sid:900621752; rev:1;) alert tcp $HOME_NET any -> [192.144.7.42] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.144.7.42/; sid:900621753; rev:1;) alert tcp $HOME_NET any -> [178.156.202.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.151/; sid:900621712; rev:1;) alert tcp $HOME_NET any -> [137.74.211.228] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.211.228/; sid:900621710; rev:1;) alert tcp $HOME_NET any -> [89.32.41.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.164/; sid:900621707; rev:1;) alert tcp $HOME_NET any -> [85.204.116.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.131/; sid:900621706; rev:1;) alert tcp $HOME_NET any -> [104.194.215.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.118/; sid:900621705; rev:1;) alert tcp $HOME_NET any -> [45.67.228.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.231/; sid:900621701; rev:1;) alert tcp $HOME_NET any -> [85.143.223.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.89/; sid:900621698; rev:1;) alert tcp $HOME_NET any -> [94.156.189.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.197/; sid:900621699; rev:1;) alert tcp $HOME_NET any -> [5.253.63.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.119/; sid:900621700; rev:1;) alert tcp $HOME_NET any -> [45.15.253.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.27/; sid:900621696; rev:1;) alert tcp $HOME_NET any -> [85.204.116.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.132/; sid:900621695; rev:1;) alert tcp $HOME_NET any -> [195.123.226.124] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.226.124/; sid:900621693; rev:1;) alert tcp $HOME_NET any -> [136.243.142.131] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.131/; sid:900621692; rev:1;) alert tcp $HOME_NET any -> [31.202.132.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.159/; sid:900621694; rev:1;) alert tcp $HOME_NET any -> [93.189.44.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.235/; sid:900621690; rev:1;) alert tcp $HOME_NET any -> [139.60.163.39] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.39/; sid:900621709; rev:1;) alert tcp $HOME_NET any -> [185.224.132.65] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.132.65/; sid:900621708; rev:1;) alert tcp $HOME_NET any -> [107.172.141.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.141.10/; sid:900621688; rev:1;) alert tcp $HOME_NET any -> [168.235.102.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.102.16/; sid:900621711; rev:1;) alert tcp $HOME_NET any -> [104.194.215.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.161/; sid:900621691; rev:1;) alert tcp $HOME_NET any -> [192.243.101.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.101.211/; sid:900621702; rev:1;) alert tcp $HOME_NET any -> [23.94.93.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.106/; sid:900621704; rev:1;) alert tcp $HOME_NET any -> [85.204.116.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.138/; sid:900621703; rev:1;) alert tcp $HOME_NET any -> [185.43.6.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.250/; sid:900621697; rev:1;) alert tcp $HOME_NET any -> [81.177.140.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.140.60/; sid:900621689; rev:1;) alert tcp $HOME_NET any -> [217.107.34.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.77/; sid:900621683; rev:1;) alert tcp $HOME_NET any -> [195.123.246.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.2/; sid:900621678; rev:1;) alert tcp $HOME_NET any -> [195.123.238.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.188/; sid:900621675; rev:1;) alert tcp $HOME_NET any -> [195.133.196.102] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.196.102/; sid:900621668; rev:1;) alert tcp $HOME_NET any -> [89.105.203.180] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.180/; sid:900621665; rev:1;) alert tcp $HOME_NET any -> [23.94.137.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.223/; sid:900621662; rev:1;) alert tcp $HOME_NET any -> [194.36.191.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.21/; sid:900621660; rev:1;) alert tcp $HOME_NET any -> [195.123.246.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.41/; sid:900621664; rev:1;) alert tcp $HOME_NET any -> [80.87.193.47] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.193.47/; sid:900621661; rev:1;) alert tcp $HOME_NET any -> [104.194.215.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.57/; sid:900621663; rev:1;) alert tcp $HOME_NET any -> [107.175.62.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.62.231/; sid:900621658; rev:1;) alert tcp $HOME_NET any -> [185.141.25.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.101/; sid:900621670; rev:1;) alert tcp $HOME_NET any -> [192.99.255.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.255.37/; sid:900621754; rev:1;) alert tcp $HOME_NET any -> [185.183.97.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.133/; sid:900621755; rev:1;) alert tcp $HOME_NET any -> [185.252.144.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.213/; sid:900621659; rev:1;) alert tcp $HOME_NET any -> [168.235.81.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.81.133/; sid:900621673; rev:1;) alert tcp $HOME_NET any -> [185.141.26.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.26.80/; sid:900621657; rev:1;) alert tcp $HOME_NET any -> [193.124.176.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.176.170/; sid:900621671; rev:1;) alert tcp $HOME_NET any -> [195.123.212.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.212.230/; sid:900621676; rev:1;) alert tcp $HOME_NET any -> [195.123.233.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.162/; sid:900621677; rev:1;) alert tcp $HOME_NET any -> [185.62.103.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.103.137/; sid:900621680; rev:1;) alert tcp $HOME_NET any -> [107.173.141.227] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.141.227/; sid:900621682; rev:1;) alert tcp $HOME_NET any -> [195.133.144.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.87/; sid:900621679; rev:1;) alert tcp $HOME_NET any -> [91.240.84.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.110/; sid:900621672; rev:1;) alert tcp $HOME_NET any -> [93.95.97.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.68/; sid:900621669; rev:1;) alert tcp $HOME_NET any -> [51.83.52.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.52.180/; sid:900621686; rev:1;) alert tcp $HOME_NET any -> [162.244.32.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.226/; sid:900621687; rev:1;) alert tcp $HOME_NET any -> [192.227.204.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.204.230/; sid:900621667; rev:1;) alert tcp $HOME_NET any -> [92.38.171.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.12/; sid:900621666; rev:1;) alert tcp $HOME_NET any -> [92.38.171.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.20/; sid:900621674; rev:1;) alert tcp $HOME_NET any -> [212.80.216.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.202/; sid:900621684; rev:1;) alert tcp $HOME_NET any -> [185.172.129.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.150/; sid:900621685; rev:1;) alert tcp $HOME_NET any -> [162.244.32.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.130/; sid:900621744; rev:1;) alert tcp $HOME_NET any -> [212.109.223.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.12/; sid:900621741; rev:1;) alert tcp $HOME_NET any -> [194.36.191.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.23/; sid:900621740; rev:1;) alert tcp $HOME_NET any -> [82.202.194.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.182/; sid:900621653; rev:1;) alert tcp $HOME_NET any -> [95.181.198.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.173/; sid:900621651; rev:1;) alert tcp $HOME_NET any -> [23.94.137.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.179/; sid:900621650; rev:1;) alert tcp $HOME_NET any -> [195.123.238.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.152/; sid:900621649; rev:1;) alert tcp $HOME_NET any -> [213.226.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.75/; sid:900621652; rev:1;) alert tcp $HOME_NET any -> [185.242.84.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.84.174/; sid:900621648; rev:1;) alert tcp $HOME_NET any -> [94.103.94.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.103/; sid:900621654; rev:1;) alert tcp $HOME_NET any -> [185.244.149.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.216/; sid:900621655; rev:1;) alert tcp $HOME_NET any -> [206.217.143.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.217.143.91/; sid:900621645; rev:1;) alert tcp $HOME_NET any -> [23.94.184.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.45/; sid:900621647; rev:1;) alert tcp $HOME_NET any -> [107.191.109.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.191.109.143/; sid:900621646; rev:1;) alert tcp $HOME_NET any -> [89.32.41.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.127/; sid:900621644; rev:1;) alert tcp $HOME_NET any -> [66.70.218.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.38/; sid:900621643; rev:1;) alert tcp $HOME_NET any -> [82.118.21.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.91/; sid:900621642; rev:1;) alert tcp $HOME_NET any -> [151.80.88.253] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.88.253/; sid:900621630; rev:1;) alert tcp $HOME_NET any -> [185.180.198.148] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.148/; sid:900621621; rev:1;) alert tcp $HOME_NET any -> [195.161.62.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.25/; sid:900621631; rev:1;) alert tcp $HOME_NET any -> [195.161.114.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.191/; sid:900621628; rev:1;) alert tcp $HOME_NET any -> [185.246.64.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.64.77/; sid:900621622; rev:1;) alert tcp $HOME_NET any -> [162.247.155.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.131/; sid:900621623; rev:1;) alert tcp $HOME_NET any -> [198.46.190.37] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.190.37/; sid:900621624; rev:1;) alert tcp $HOME_NET any -> [91.240.85.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.141/; sid:900621626; rev:1;) alert tcp $HOME_NET any -> [45.67.228.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.192/; sid:900621625; rev:1;) alert tcp $HOME_NET any -> [93.189.42.220] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.220/; sid:900621627; rev:1;) alert tcp $HOME_NET any -> [37.44.215.169] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.169/; sid:900621632; rev:1;) alert tcp $HOME_NET any -> [149.202.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.160/; sid:900621633; rev:1;) alert tcp $HOME_NET any -> [107.175.69.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.69.34/; sid:900621614; rev:1;) alert tcp $HOME_NET any -> [188.246.227.208] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.246.227.208/; sid:900621610; rev:1;) alert tcp $HOME_NET any -> [23.95.242.213] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.242.213/; sid:900621608; rev:1;) alert tcp $HOME_NET any -> [78.155.206.85] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.85/; sid:900621605; rev:1;) alert tcp $HOME_NET any -> [195.123.227.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.227.224/; sid:900621599; rev:1;) alert tcp $HOME_NET any -> [37.18.30.99] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.99/; sid:900621600; rev:1;) alert tcp $HOME_NET any -> [164.132.216.41] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.41/; sid:900621601; rev:1;) alert tcp $HOME_NET any -> [198.12.71.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.138/; sid:900621597; rev:1;) alert tcp $HOME_NET any -> [37.18.30.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.55/; sid:900621603; rev:1;) alert tcp $HOME_NET any -> [185.61.148.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.207/; sid:900621606; rev:1;) alert tcp $HOME_NET any -> [185.90.61.7] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.7/; sid:900621607; rev:1;) alert tcp $HOME_NET any -> [37.44.212.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.182/; sid:900621611; rev:1;) alert tcp $HOME_NET any -> [185.172.129.109] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.109/; sid:900621596; rev:1;) alert tcp $HOME_NET any -> [37.44.215.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.106/; sid:900621609; rev:1;) alert tcp $HOME_NET any -> [191.101.251.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.146/; sid:900621615; rev:1;) alert tcp $HOME_NET any -> [198.12.71.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.171/; sid:900621595; rev:1;) alert tcp $HOME_NET any -> [5.196.247.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.247.4/; sid:900621598; rev:1;) alert tcp $HOME_NET any -> [37.44.215.156] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.156/; sid:900621616; rev:1;) alert tcp $HOME_NET any -> [5.253.63.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.106/; sid:900621629; rev:1;) alert tcp $HOME_NET any -> [91.235.129.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.166/; sid:900621602; rev:1;) alert tcp $HOME_NET any -> [89.32.41.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.126/; sid:900621637; rev:1;) alert tcp $HOME_NET any -> [91.235.129.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.119/; sid:900621620; rev:1;) alert tcp $HOME_NET any -> [185.252.144.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.55/; sid:900621619; rev:1;) alert tcp $HOME_NET any -> [91.240.85.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.19/; sid:900621613; rev:1;) alert tcp $HOME_NET any -> [23.95.9.156] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.156/; sid:900621635; rev:1;) alert tcp $HOME_NET any -> [185.43.6.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.87/; sid:900621617; rev:1;) alert tcp $HOME_NET any -> [78.155.207.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.191/; sid:900621640; rev:1;) alert tcp $HOME_NET any -> [146.185.219.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.45/; sid:900621618; rev:1;) alert tcp $HOME_NET any -> [23.95.9.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.122/; sid:900621641; rev:1;) alert tcp $HOME_NET any -> [193.37.212.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.81/; sid:900621757; rev:1;) alert tcp $HOME_NET any -> [172.245.241.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.241.25/; sid:900621656; rev:1;) alert tcp $HOME_NET any -> [107.172.2.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.2.128/; sid:900621634; rev:1;) alert tcp $HOME_NET any -> [45.15.253.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.25/; sid:900621638; rev:1;) alert tcp $HOME_NET any -> [185.86.151.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.23/; sid:900621591; rev:1;) alert tcp $HOME_NET any -> [192.243.108.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.137/; sid:900621612; rev:1;) alert tcp $HOME_NET any -> [94.140.125.143] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.125.143/; sid:900621590; rev:1;) alert tcp $HOME_NET any -> [195.123.213.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.186/; sid:900621756; rev:1;) alert tcp $HOME_NET any -> [85.119.150.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.119.150.159/; sid:900621639; rev:1;) alert tcp $HOME_NET any -> [89.32.41.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.122/; sid:900621636; rev:1;) alert tcp $HOME_NET any -> [37.44.215.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.107/; sid:900621592; rev:1;) alert tcp $HOME_NET any -> [185.82.200.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.200.7/; sid:900621594; rev:1;) alert tcp $HOME_NET any -> [37.44.212.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.86/; sid:900621589; rev:1;) alert tcp $HOME_NET any -> [185.86.151.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.115/; sid:900621587; rev:1;) alert tcp $HOME_NET any -> [37.44.212.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.196/; sid:900621588; rev:1;) alert tcp $HOME_NET any -> [37.44.212.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.203/; sid:900621586; rev:1;) alert tcp $HOME_NET any -> [31.184.255.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.255.100/; sid:900621580; rev:1;) alert tcp $HOME_NET any -> [85.204.116.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.41/; sid:900621585; rev:1;) alert tcp $HOME_NET any -> [139.60.163.38] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.38/; sid:900621579; rev:1;) alert tcp $HOME_NET any -> [195.123.233.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.99/; sid:900621581; rev:1;) alert tcp $HOME_NET any -> [185.172.129.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.147/; sid:900621584; rev:1;) alert tcp $HOME_NET any -> [164.132.216.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.63/; sid:900621577; rev:1;) alert tcp $HOME_NET any -> [191.101.251.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.141/; sid:900621583; rev:1;) alert tcp $HOME_NET any -> [185.117.73.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.76/; sid:900621576; rev:1;) alert tcp $HOME_NET any -> [185.135.81.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.147/; sid:900621582; rev:1;) alert tcp $HOME_NET any -> [85.204.116.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.45/; sid:900621575; rev:1;) alert tcp $HOME_NET any -> [85.204.116.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.94/; sid:900621573; rev:1;) alert tcp $HOME_NET any -> [51.75.58.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.58.173/; sid:900621567; rev:1;) alert tcp $HOME_NET any -> [107.181.175.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.69/; sid:900621569; rev:1;) alert tcp $HOME_NET any -> [85.204.116.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.95/; sid:900621574; rev:1;) alert tcp $HOME_NET any -> [194.87.103.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.103.190/; sid:900621572; rev:1;) alert tcp $HOME_NET any -> [185.244.219.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.219.46/; sid:900621570; rev:1;) alert tcp $HOME_NET any -> [185.66.14.248] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.14.248/; sid:900621566; rev:1;) alert tcp $HOME_NET any -> [185.66.15.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.15.10/; sid:900621565; rev:1;) alert tcp $HOME_NET any -> [195.123.246.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.177/; sid:900621564; rev:1;) alert tcp $HOME_NET any -> [176.119.158.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.158.184/; sid:900621563; rev:1;) alert tcp $HOME_NET any -> [109.234.35.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.35.127/; sid:900621562; rev:1;) alert tcp $HOME_NET any -> [213.226.68.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.117/; sid:900621560; rev:1;) alert tcp $HOME_NET any -> [195.123.237.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.186/; sid:900621561; rev:1;) alert tcp $HOME_NET any -> [185.175.156.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.175.156.13/; sid:900621578; rev:1;) alert tcp $HOME_NET any -> [91.235.129.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.167/; sid:900621558; rev:1;) alert tcp $HOME_NET any -> [5.188.168.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.61/; sid:900621557; rev:1;) alert tcp $HOME_NET any -> [185.224.134.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.134.124/; sid:900621556; rev:1;) alert tcp $HOME_NET any -> [185.251.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.244/; sid:900621555; rev:1;) alert tcp $HOME_NET any -> [82.202.221.160] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.221.160/; sid:900621554; rev:1;) alert tcp $HOME_NET any -> [85.143.219.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.53/; sid:900621553; rev:1;) alert tcp $HOME_NET any -> [107.181.175.44] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.44/; sid:900621551; rev:1;) alert tcp $HOME_NET any -> [142.44.157.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.157.144/; sid:900621549; rev:1;) alert tcp $HOME_NET any -> [5.189.224.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.224.172/; sid:900621550; rev:1;) alert tcp $HOME_NET any -> [37.18.30.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.179/; sid:900621546; rev:1;) alert tcp $HOME_NET any -> [195.123.240.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.126/; sid:900621548; rev:1;) alert tcp $HOME_NET any -> [146.185.219.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.31/; sid:900621547; rev:1;) alert tcp $HOME_NET any -> [212.22.77.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.77.5/; sid:900621559; rev:1;) alert tcp $HOME_NET any -> [5.188.41.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.41.101/; sid:900621552; rev:1;) alert tcp $HOME_NET any -> [95.181.179.96] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.179.96/; sid:900621539; rev:1;) alert tcp $HOME_NET any -> [195.123.240.148] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.148/; sid:900621540; rev:1;) alert tcp $HOME_NET any -> [93.95.97.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.209/; sid:900621544; rev:1;) alert tcp $HOME_NET any -> [91.240.84.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.166/; sid:900621545; rev:1;) alert tcp $HOME_NET any -> [188.68.210.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.210.159/; sid:900621542; rev:1;) alert tcp $HOME_NET any -> [213.226.71.157] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.71.157/; sid:900621541; rev:1;) alert tcp $HOME_NET any -> [95.46.8.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.46.8.206/; sid:900621543; rev:1;) alert tcp $HOME_NET any -> [45.8.229.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.101/; sid:900621538; rev:1;) alert tcp $HOME_NET any -> [162.244.32.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.139/; sid:900621537; rev:1;) alert tcp $HOME_NET any -> [78.155.206.28] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.28/; sid:900621535; rev:1;) alert tcp $HOME_NET any -> [66.70.218.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.60/; sid:900621536; rev:1;) alert tcp $HOME_NET any -> [185.86.151.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.123/; sid:900621534; rev:1;) alert tcp $HOME_NET any -> [37.44.215.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.80/; sid:900621533; rev:1;) alert tcp $HOME_NET any -> [144.217.50.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.240/; sid:900621530; rev:1;) alert tcp $HOME_NET any -> [185.255.79.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.167/; sid:900621529; rev:1;) alert tcp $HOME_NET any -> [144.217.50.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.241/; sid:900621528; rev:1;) alert tcp $HOME_NET any -> [85.204.116.215] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.215/; sid:900621526; rev:1;) alert tcp $HOME_NET any -> [144.217.50.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.243/; sid:900621527; rev:1;) alert tcp $HOME_NET any -> [107.173.104.136] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.136/; sid:900621532; rev:1;) alert tcp $HOME_NET any -> [195.123.246.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.67/; sid:900621531; rev:1;) alert tcp $HOME_NET any -> [107.173.57.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.251/; sid:900621525; rev:1;) alert tcp $HOME_NET any -> [37.18.30.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.80/; sid:900621520; rev:1;) alert tcp $HOME_NET any -> [54.38.127.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.26/; sid:900621519; rev:1;) alert tcp $HOME_NET any -> [5.188.168.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.36/; sid:900621518; rev:1;) alert tcp $HOME_NET any -> [85.143.217.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.57/; sid:900621517; rev:1;) alert tcp $HOME_NET any -> [185.61.148.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.53/; sid:900621521; rev:1;) alert tcp $HOME_NET any -> [85.204.116.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.217/; sid:900621522; rev:1;) alert tcp $HOME_NET any -> [164.132.216.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.50/; sid:900621512; rev:1;) alert tcp $HOME_NET any -> [94.250.254.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.247/; sid:900621513; rev:1;) alert tcp $HOME_NET any -> [109.94.110.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.94.110.137/; sid:900621514; rev:1;) alert tcp $HOME_NET any -> [194.36.189.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.243/; sid:900621516; rev:1;) alert tcp $HOME_NET any -> [46.105.33.163] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.33.163/; sid:900621515; rev:1;) alert tcp $HOME_NET any -> [185.161.211.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.211.185/; sid:900621524; rev:1;) alert tcp $HOME_NET any -> [79.137.119.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.119.212/; sid:900621523; rev:1;) alert tcp $HOME_NET any -> [37.230.116.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.116.113/; sid:900621511; rev:1;) alert tcp $HOME_NET any -> [82.202.194.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.179/; sid:900621510; rev:1;) alert tcp $HOME_NET any -> [85.204.116.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.172/; sid:900621508; rev:1;) alert tcp $HOME_NET any -> [94.140.116.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.116.225/; sid:900621509; rev:1;) alert tcp $HOME_NET any -> [109.234.37.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.37.139/; sid:900621506; rev:1;) alert tcp $HOME_NET any -> [54.38.127.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.27/; sid:900621507; rev:1;) alert tcp $HOME_NET any -> [185.255.79.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.58/; sid:900621505; rev:1;) alert tcp $HOME_NET any -> [85.204.116.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.101/; sid:900621503; rev:1;) alert tcp $HOME_NET any -> [91.235.129.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.88/; sid:900621504; rev:1;) alert tcp $HOME_NET any -> [5.188.168.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.29/; sid:900621502; rev:1;) alert tcp $HOME_NET any -> [176.113.80.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.103/; sid:900621500; rev:1;) alert tcp $HOME_NET any -> [195.123.245.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.101/; sid:900621499; rev:1;) alert tcp $HOME_NET any -> [217.107.34.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.29/; sid:900621495; rev:1;) alert tcp $HOME_NET any -> [188.68.209.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.209.25/; sid:900621496; rev:1;) alert tcp $HOME_NET any -> [82.118.21.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.226/; sid:900621498; rev:1;) alert tcp $HOME_NET any -> [82.118.21.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.209/; sid:900621497; rev:1;) alert tcp $HOME_NET any -> [85.204.116.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.170/; sid:900621501; rev:1;) alert tcp $HOME_NET any -> [79.141.166.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.141.166.54/; sid:900621494; rev:1;) alert tcp $HOME_NET any -> [185.251.38.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.22/; sid:900621493; rev:1;) alert tcp $HOME_NET any -> [85.143.222.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.222.236/; sid:900621492; rev:1;) alert tcp $HOME_NET any -> [92.38.135.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.83/; sid:900621489; rev:1;) alert tcp $HOME_NET any -> [37.44.215.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.190/; sid:900621488; rev:1;) alert tcp $HOME_NET any -> [195.161.62.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.90/; sid:900621487; rev:1;) alert tcp $HOME_NET any -> [77.244.219.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.57/; sid:900621485; rev:1;) alert tcp $HOME_NET any -> [179.43.147.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.43.147.84/; sid:900621484; rev:1;) alert tcp $HOME_NET any -> [51.77.2.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.2.193/; sid:900621483; rev:1;) alert tcp $HOME_NET any -> [93.170.123.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.170.123.234/; sid:900621481; rev:1;) alert tcp $HOME_NET any -> [37.44.215.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.191/; sid:900621486; rev:1;) alert tcp $HOME_NET any -> [198.8.91.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.37/; sid:900621482; rev:1;) alert tcp $HOME_NET any -> [185.142.99.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.19/; sid:900621471; rev:1;) alert tcp $HOME_NET any -> [193.37.214.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.214.153/; sid:900621472; rev:1;) alert tcp $HOME_NET any -> [185.206.146.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.54/; sid:900621470; rev:1;) alert tcp $HOME_NET any -> [104.193.252.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.212/; sid:900621469; rev:1;) alert tcp $HOME_NET any -> [185.172.129.120] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.120/; sid:900621476; rev:1;) alert tcp $HOME_NET any -> [46.21.248.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.248.45/; sid:900621477; rev:1;) alert tcp $HOME_NET any -> [164.132.216.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.54/; sid:900621473; rev:1;) alert tcp $HOME_NET any -> [185.180.198.239] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.239/; sid:900621474; rev:1;) alert tcp $HOME_NET any -> [185.180.198.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.181/; sid:900621475; rev:1;) alert tcp $HOME_NET any -> [139.60.163.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.51/; sid:900621468; rev:1;) alert tcp $HOME_NET any -> [185.117.72.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.72.140/; sid:900621478; rev:1;) alert tcp $HOME_NET any -> [37.44.212.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.99/; sid:900621479; rev:1;) alert tcp $HOME_NET any -> [185.203.117.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.117.225/; sid:900621466; rev:1;) alert tcp $HOME_NET any -> [176.113.80.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.14/; sid:900621464; rev:1;) alert tcp $HOME_NET any -> [91.92.128.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.128.178/; sid:900621465; rev:1;) alert tcp $HOME_NET any -> [37.44.215.42] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.42/; sid:900621467; rev:1;) alert tcp $HOME_NET any -> [194.36.189.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.217/; sid:900621458; rev:1;) alert tcp $HOME_NET any -> [37.44.215.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.41/; sid:900621459; rev:1;) alert tcp $HOME_NET any -> [192.3.247.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.133/; sid:900621462; rev:1;) alert tcp $HOME_NET any -> [185.251.38.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.129/; sid:900621463; rev:1;) alert tcp $HOME_NET any -> [92.38.135.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.109/; sid:900621457; rev:1;) alert tcp $HOME_NET any -> [37.44.215.255] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.255/; sid:900621456; rev:1;) alert tcp $HOME_NET any -> [94.156.35.32] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.32/; sid:900621461; rev:1;) alert tcp $HOME_NET any -> [51.254.160.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.160.193/; sid:900621568; rev:1;) alert tcp $HOME_NET any -> [107.173.57.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.182/; sid:900621460; rev:1;) alert tcp $HOME_NET any -> [192.3.83.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.173/; sid:900621452; rev:1;) alert tcp $HOME_NET any -> [46.30.41.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.241/; sid:900621451; rev:1;) alert tcp $HOME_NET any -> [149.202.225.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.162/; sid:900621454; rev:1;) alert tcp $HOME_NET any -> [185.244.149.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.92/; sid:900621453; rev:1;) alert tcp $HOME_NET any -> [107.173.57.163] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.163/; sid:900621450; rev:1;) alert tcp $HOME_NET any -> [185.255.79.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.22/; sid:900621449; rev:1;) alert tcp $HOME_NET any -> [104.216.111.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.216.111.236/; sid:900621448; rev:1;) alert tcp $HOME_NET any -> [107.181.175.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.93/; sid:900621447; rev:1;) alert tcp $HOME_NET any -> [89.223.94.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.94.15/; sid:900621446; rev:1;) alert tcp $HOME_NET any -> [46.161.54.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.54.232/; sid:900621441; rev:1;) alert tcp $HOME_NET any -> [94.23.172.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.172.196/; sid:900621440; rev:1;) alert tcp $HOME_NET any -> [195.123.245.135] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.135/; sid:900621443; rev:1;) alert tcp $HOME_NET any -> [5.188.108.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.14/; sid:900621439; rev:1;) alert tcp $HOME_NET any -> [46.161.39.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.39.207/; sid:900621442; rev:1;) alert tcp $HOME_NET any -> [176.31.213.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.213.238/; sid:900621444; rev:1;) alert tcp $HOME_NET any -> [95.213.203.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.203.181/; sid:900621445; rev:1;) alert tcp $HOME_NET any -> [185.244.149.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.206/; sid:900621434; rev:1;) alert tcp $HOME_NET any -> [94.23.174.183] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.174.183/; sid:900621435; rev:1;) alert tcp $HOME_NET any -> [185.61.149.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.38/; sid:900621436; rev:1;) alert tcp $HOME_NET any -> [94.103.94.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.154/; sid:900621430; rev:1;) alert tcp $HOME_NET any -> [176.223.133.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.133.178/; sid:900621429; rev:1;) alert tcp $HOME_NET any -> [213.32.46.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.46.142/; sid:900621426; rev:1;) alert tcp $HOME_NET any -> [185.117.119.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.86/; sid:900621427; rev:1;) alert tcp $HOME_NET any -> [78.155.206.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.190/; sid:900621433; rev:1;) alert tcp $HOME_NET any -> [176.53.21.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.53.21.234/; sid:900621432; rev:1;) alert tcp $HOME_NET any -> [188.68.208.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.208.165/; sid:900621428; rev:1;) alert tcp $HOME_NET any -> [81.177.136.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.5/; sid:900621422; rev:1;) alert tcp $HOME_NET any -> [194.99.20.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.44/; sid:900621406; rev:1;) alert tcp $HOME_NET any -> [23.95.132.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.132.246/; sid:900621405; rev:1;) alert tcp $HOME_NET any -> [87.106.136.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.136.232/; sid:900991688; rev:1;) alert tcp $HOME_NET any -> [186.81.160.22] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.81.160.22/; sid:900991686; rev:1;) alert tcp $HOME_NET any -> [60.48.253.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.48.253.12/; sid:900991678; rev:1;) alert tcp $HOME_NET any -> [104.236.99.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.99.225/; sid:900991663; rev:1;) alert tcp $HOME_NET any -> [201.97.95.50] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.95.50/; sid:900991662; rev:1;) alert tcp $HOME_NET any -> [5.67.205.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.67.205.99/; sid:900991659; rev:1;) alert tcp $HOME_NET any -> [76.86.20.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.20.103/; sid:900991658; rev:1;) alert tcp $HOME_NET any -> [194.87.102.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.102.92/; sid:900621401; rev:1;) alert tcp $HOME_NET any -> [190.246.166.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.246.166.217/; sid:900990311; rev:1;) alert tcp $HOME_NET any -> [181.141.87.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.141.87.122/; sid:900990304; rev:1;) alert tcp $HOME_NET any -> [201.212.24.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.24.6/; sid:900990301; rev:1;) alert tcp $HOME_NET any -> [181.198.67.178] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.67.178/; sid:900990295; rev:1;) alert tcp $HOME_NET any -> [46.21.105.59] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.105.59/; sid:900990294; rev:1;) alert tcp $HOME_NET any -> [70.44.163.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.44.163.160/; sid:900990288; rev:1;) alert tcp $HOME_NET any -> [181.15.180.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.180.140/; sid:900990287; rev:1;) alert tcp $HOME_NET any -> [80.86.92.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.92.114/; sid:900990283; rev:1;) alert tcp $HOME_NET any -> [159.65.241.220] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.241.220/; sid:900990282; rev:1;) alert tcp $HOME_NET any -> [174.96.5.251] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.5.251/; sid:900990168; rev:1;) alert tcp $HOME_NET any -> [178.63.50.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.63.50.54/; sid:900990155; rev:1;) alert tcp $HOME_NET any -> [104.131.11.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.11.150/; sid:900990154; rev:1;) alert tcp $HOME_NET any -> [164.132.138.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.136/; sid:900621395; rev:1;) alert tcp $HOME_NET any -> [185.202.174.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.13/; sid:900621396; rev:1;) alert tcp $HOME_NET any -> [164.132.138.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.142/; sid:900621437; rev:1;) alert tcp $HOME_NET any -> [85.143.223.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.209/; sid:900621408; rev:1;) alert tcp $HOME_NET any -> [185.61.148.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.198/; sid:900621407; rev:1;) alert tcp $HOME_NET any -> [185.244.131.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.131.186/; sid:900621414; rev:1;) alert tcp $HOME_NET any -> [212.80.216.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.235/; sid:900621392; rev:1;) alert tcp $HOME_NET any -> [5.39.119.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.119.173/; sid:900621390; rev:1;) alert tcp $HOME_NET any -> [185.147.14.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.147.14.233/; sid:900621388; rev:1;) alert tcp $HOME_NET any -> [46.249.204.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.204.99/; sid:900987193; rev:1;) alert tcp $HOME_NET any -> [79.143.182.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.182.254/; sid:900987191; rev:1;) alert tcp $HOME_NET any -> [62.75.141.51] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.141.51/; sid:900987184; rev:1;) alert tcp $HOME_NET any -> [62.192.227.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.192.227.125/; sid:900987182; rev:1;) alert tcp $HOME_NET any -> [82.71.157.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.71.157.57/; sid:900987181; rev:1;) alert tcp $HOME_NET any -> [87.246.58.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.246.58.59/; sid:900987180; rev:1;) alert tcp $HOME_NET any -> [190.252.229.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.229.53/; sid:900987179; rev:1;) alert tcp $HOME_NET any -> [71.43.69.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.69.2/; sid:900987178; rev:1;) alert tcp $HOME_NET any -> [94.103.94.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.87/; sid:900621382; rev:1;) alert tcp $HOME_NET any -> [82.118.21.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.35/; sid:900621381; rev:1;) alert tcp $HOME_NET any -> [105.228.3.127] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.3.127/; sid:900987142; rev:1;) alert tcp $HOME_NET any -> [23.95.95.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.95.18/; sid:900987114; rev:1;) alert tcp $HOME_NET any -> [5.188.108.30] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.30/; sid:900621380; rev:1;) alert tcp $HOME_NET any -> [185.252.144.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.25/; sid:900621383; rev:1;) alert tcp $HOME_NET any -> [164.132.216.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.57/; sid:900621377; rev:1;) alert tcp $HOME_NET any -> [78.155.199.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.199.57/; sid:900621384; rev:1;) alert tcp $HOME_NET any -> [37.18.30.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.51/; sid:900621389; rev:1;) alert tcp $HOME_NET any -> [185.61.149.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.169/; sid:900621375; rev:1;) alert tcp $HOME_NET any -> [134.209.14.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.14.155/; sid:900986923; rev:1;) alert tcp $HOME_NET any -> [74.207.227.96] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.227.96/; sid:900986922; rev:1;) alert tcp $HOME_NET any -> [107.173.104.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.139/; sid:900621369; rev:1;) alert tcp $HOME_NET any -> [94.103.94.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.49/; sid:900621366; rev:1;) alert tcp $HOME_NET any -> [162.244.32.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.212/; sid:900621367; rev:1;) alert tcp $HOME_NET any -> [195.123.237.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.9/; sid:900621368; rev:1;) alert tcp $HOME_NET any -> [37.220.0.62] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.0.62/; sid:900621365; rev:1;) alert tcp $HOME_NET any -> [37.44.215.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.151/; sid:900621364; rev:1;) alert tcp $HOME_NET any -> [152.89.245.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.245.196/; sid:900621371; rev:1;) alert tcp $HOME_NET any -> [37.44.215.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.207/; sid:900621372; rev:1;) alert tcp $HOME_NET any -> [89.223.91.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.91.12/; sid:900621393; rev:1;) alert tcp $HOME_NET any -> [185.251.39.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.162/; sid:900621418; rev:1;) alert tcp $HOME_NET any -> [5.206.225.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.206.225.10/; sid:900621419; rev:1;) alert tcp $HOME_NET any -> [92.38.135.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.212/; sid:900621370; rev:1;) alert tcp $HOME_NET any -> [185.86.149.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.40/; sid:900621376; rev:1;) alert tcp $HOME_NET any -> [107.181.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.122/; sid:900621391; rev:1;) alert tcp $HOME_NET any -> [89.223.30.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.30.84/; sid:900621363; rev:1;) alert tcp $HOME_NET any -> [81.177.136.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.16/; sid:900621425; rev:1;) alert tcp $HOME_NET any -> [181.31.49.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.49.178/; sid:900986018; rev:1;) alert tcp $HOME_NET any -> [200.80.198.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.80.198.34/; sid:900986004; rev:1;) alert tcp $HOME_NET any -> [181.211.130.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.130.109/; sid:900985998; rev:1;) alert tcp $HOME_NET any -> [186.71.75.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.75.2/; sid:900985997; rev:1;) alert tcp $HOME_NET any -> [86.155.233.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.155.233.74/; sid:900985996; rev:1;) alert tcp $HOME_NET any -> [81.143.213.156] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.213.156/; sid:900985995; rev:1;) alert tcp $HOME_NET any -> [80.0.106.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.0.106.83/; sid:900985994; rev:1;) alert tcp $HOME_NET any -> [37.44.215.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.133/; sid:900621362; rev:1;) alert tcp $HOME_NET any -> [181.175.142.212] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.142.212/; sid:900985925; rev:1;) alert tcp $HOME_NET any -> [45.55.201.204] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.201.204/; sid:900985904; rev:1;) alert tcp $HOME_NET any -> [104.236.206.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.206.44/; sid:900985903; rev:1;) alert tcp $HOME_NET any -> [159.192.229.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.192.229.157/; sid:900985901; rev:1;) alert tcp $HOME_NET any -> [189.154.42.168] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.42.168/; sid:900985899; rev:1;) alert tcp $HOME_NET any -> [69.251.12.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.251.12.43/; sid:900985898; rev:1;) alert tcp $HOME_NET any -> [194.32.79.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.79.218/; sid:900621361; rev:1;) alert tcp $HOME_NET any -> [92.38.135.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.205/; sid:900621413; rev:1;) alert tcp $HOME_NET any -> [195.54.163.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.163.5/; sid:900621359; rev:1;) alert tcp $HOME_NET any -> [95.213.191.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.191.109/; sid:900621357; rev:1;) alert tcp $HOME_NET any -> [89.134.144.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.134.144.41/; sid:900982921; rev:1;) alert tcp $HOME_NET any -> [187.190.237.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.237.104/; sid:900982919; rev:1;) alert tcp $HOME_NET any -> [190.123.35.82] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.123.35.82/; sid:900982916; rev:1;) alert tcp $HOME_NET any -> [216.154.222.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.154.222.52/; sid:900982895; rev:1;) alert tcp $HOME_NET any -> [81.213.182.115] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.182.115/; sid:900982894; rev:1;) alert tcp $HOME_NET any -> [217.113.27.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.113.27.158/; sid:900982893; rev:1;) alert tcp $HOME_NET any -> [134.101.222.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.101.222.153/; sid:900982892; rev:1;) alert tcp $HOME_NET any -> [219.74.237.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.74.237.49/; sid:900982891; rev:1;) alert tcp $HOME_NET any -> [181.164.227.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.227.212/; sid:900982890; rev:1;) alert tcp $HOME_NET any -> [174.136.14.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.136.14.100/; sid:900982735; rev:1;) alert tcp $HOME_NET any -> [103.251.176.34] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.176.34/; sid:900982733; rev:1;) alert tcp $HOME_NET any -> [186.50.124.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.50.124.246/; sid:900982732; rev:1;) alert tcp $HOME_NET any -> [73.189.66.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.189.66.63/; sid:900982730; rev:1;) alert tcp $HOME_NET any -> [37.228.119.247] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.119.247/; sid:900621358; rev:1;) alert tcp $HOME_NET any -> [5.188.108.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.22/; sid:900621356; rev:1;) alert tcp $HOME_NET any -> [187.178.9.19] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.9.19/; sid:900980582; rev:1;) alert tcp $HOME_NET any -> [45.73.124.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.124.235/; sid:900980578; rev:1;) alert tcp $HOME_NET any -> [163.18.23.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.18.23.242/; sid:900980573; rev:1;) alert tcp $HOME_NET any -> [31.179.135.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.179.135.186/; sid:900980556; rev:1;) alert tcp $HOME_NET any -> [189.143.52.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.143.52.49/; sid:900980555; rev:1;) alert tcp $HOME_NET any -> [71.244.60.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.60.230/; sid:900980432; rev:1;) alert tcp $HOME_NET any -> [138.68.13.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.13.161/; sid:900980431; rev:1;) alert tcp $HOME_NET any -> [207.44.45.27] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.44.45.27/; sid:900980430; rev:1;) alert tcp $HOME_NET any -> [90.57.69.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.57.69.215/; sid:900980426; rev:1;) alert tcp $HOME_NET any -> [51.38.101.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.101.194/; sid:900621490; rev:1;) alert tcp $HOME_NET any -> [81.183.213.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.183.213.36/; sid:900979336; rev:1;) alert tcp $HOME_NET any -> [181.15.243.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.243.22/; sid:900979333; rev:1;) alert tcp $HOME_NET any -> [181.143.101.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.101.18/; sid:900979331; rev:1;) alert tcp $HOME_NET any -> [185.129.93.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.93.140/; sid:900979330; rev:1;) alert tcp $HOME_NET any -> [205.186.154.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.186.154.130/; sid:900979322; rev:1;) alert tcp $HOME_NET any -> [190.13.211.174] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.211.174/; sid:900979310; rev:1;) alert tcp $HOME_NET any -> [217.92.171.167] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.92.171.167/; sid:900979309; rev:1;) alert tcp $HOME_NET any -> [191.97.116.232] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.97.116.232/; sid:900979308; rev:1;) alert tcp $HOME_NET any -> [187.242.204.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.242.204.142/; sid:900979307; rev:1;) alert tcp $HOME_NET any -> [186.121.223.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.223.131/; sid:900979306; rev:1;) alert tcp $HOME_NET any -> [190.72.136.214] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.136.214/; sid:900979256; rev:1;) alert tcp $HOME_NET any -> [41.184.246.205] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.246.205/; sid:900979246; rev:1;) alert tcp $HOME_NET any -> [94.59.49.76] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.49.76/; sid:900979245; rev:1;) alert tcp $HOME_NET any -> [105.247.109.117] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.109.117/; sid:900979244; rev:1;) alert tcp $HOME_NET any -> [134.196.53.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.196.53.52/; sid:900979243; rev:1;) alert tcp $HOME_NET any -> [195.123.240.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.58/; sid:900621360; rev:1;) alert tcp $HOME_NET any -> [201.238.152.20] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.152.20/; sid:900977257; rev:1;) alert tcp $HOME_NET any -> [201.199.89.223] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.89.223/; sid:900977251; rev:1;) alert tcp $HOME_NET any -> [46.100.165.6] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.100.165.6/; sid:900977243; rev:1;) alert tcp $HOME_NET any -> [169.239.182.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.239.182.217/; sid:900977242; rev:1;) alert tcp $HOME_NET any -> [88.198.62.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.198.62.227/; sid:900977232; rev:1;) alert tcp $HOME_NET any -> [186.31.189.232] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.31.189.232/; sid:900977229; rev:1;) alert tcp $HOME_NET any -> [86.97.246.229] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.229/; sid:900977228; rev:1;) alert tcp $HOME_NET any -> [183.82.100.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.100.135/; sid:900974788; rev:1;) alert tcp $HOME_NET any -> [182.176.132.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.132.213/; sid:900974787; rev:1;) alert tcp $HOME_NET any -> [211.252.7.11] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.252.7.11/; sid:900974780; rev:1;) alert tcp $HOME_NET any -> [186.56.192.241] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.56.192.241/; sid:900974768; rev:1;) alert tcp $HOME_NET any -> [187.192.147.246] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.147.246/; sid:900974766; rev:1;) alert tcp $HOME_NET any -> [81.3.6.78] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.3.6.78/; sid:900972555; rev:1;) alert tcp $HOME_NET any -> [37.59.1.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.1.74/; sid:900972547; rev:1;) alert tcp $HOME_NET any -> [200.59.189.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.59.189.217/; sid:900972542; rev:1;) alert tcp $HOME_NET any -> [83.110.195.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.195.120/; sid:900972535; rev:1;) alert tcp $HOME_NET any -> [38.143.223.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.143.223.215/; sid:900972529; rev:1;) alert tcp $HOME_NET any -> [181.39.134.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.134.122/; sid:900972528; rev:1;) alert tcp $HOME_NET any -> [186.150.97.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.97.69/; sid:900972527; rev:1;) alert tcp $HOME_NET any -> [181.110.239.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.110.239.26/; sid:900972526; rev:1;) alert tcp $HOME_NET any -> [201.217.67.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.217.67.3/; sid:900972525; rev:1;) alert tcp $HOME_NET any -> [136.243.177.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.177.26/; sid:900972512; rev:1;) alert tcp $HOME_NET any -> [62.75.146.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.146.221/; sid:900972500; rev:1;) alert tcp $HOME_NET any -> [206.212.248.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.212.248.178/; sid:900972499; rev:1;) alert tcp $HOME_NET any -> [222.214.218.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.136/; sid:900972498; rev:1;) alert tcp $HOME_NET any -> [66.84.11.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.84.11.168/; sid:900972497; rev:1;) alert tcp $HOME_NET any -> [190.53.135.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.135.159/; sid:900972496; rev:1;) alert tcp $HOME_NET any -> [177.246.193.139] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.246.193.139/; sid:900972495; rev:1;) alert tcp $HOME_NET any -> [201.97.131.88] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.131.88/; sid:900972494; rev:1;) alert tcp $HOME_NET any -> [88.21.212.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.21.212.13/; sid:900972493; rev:1;) alert tcp $HOME_NET any -> [68.52.43.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.52.43.253/; sid:900972492; rev:1;) alert tcp $HOME_NET any -> [181.16.127.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.127.226/; sid:900972490; rev:1;) alert tcp $HOME_NET any -> [148.244.114.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.244.114.49/; sid:900971615; rev:1;) alert tcp $HOME_NET any -> [94.14.58.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.14.58.32/; sid:900970717; rev:1;) alert tcp $HOME_NET any -> [91.83.93.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.124/; sid:900970548; rev:1;) alert tcp $HOME_NET any -> [105.224.171.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.171.102/; sid:900970545; rev:1;) alert tcp $HOME_NET any -> [203.25.159.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.25.159.3/; sid:900970540; rev:1;) alert tcp $HOME_NET any -> [190.180.52.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.52.146/; sid:900970537; rev:1;) alert tcp $HOME_NET any -> [200.127.0.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.0.8/; sid:900970531; rev:1;) alert tcp $HOME_NET any -> [218.161.88.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.161.88.253/; sid:900970525; rev:1;) alert tcp $HOME_NET any -> [78.155.207.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.144/; sid:900621420; rev:1;) alert tcp $HOME_NET any -> [177.242.202.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.202.30/; sid:900967421; rev:1;) alert tcp $HOME_NET any -> [181.63.2.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.2.226/; sid:900967420; rev:1;) alert tcp $HOME_NET any -> [183.82.110.170] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.110.170/; sid:900967412; rev:1;) alert tcp $HOME_NET any -> [87.106.23.241] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.23.241/; sid:900967396; rev:1;) alert tcp $HOME_NET any -> [188.138.91.26] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.138.91.26/; sid:900967395; rev:1;) alert tcp $HOME_NET any -> [186.113.19.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.171/; sid:900967394; rev:1;) alert tcp $HOME_NET any -> [194.87.93.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.93.18/; sid:900621355; rev:1;) alert tcp $HOME_NET any -> [164.132.138.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.141/; sid:900621354; rev:1;) alert tcp $HOME_NET any -> [201.231.44.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.44.78/; sid:900961016; rev:1;) alert tcp $HOME_NET any -> [103.255.150.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.150.84/; sid:900961014; rev:1;) alert tcp $HOME_NET any -> [159.65.22.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.22.223/; sid:900961005; rev:1;) alert tcp $HOME_NET any -> [24.139.205.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.205.186/; sid:900961004; rev:1;) alert tcp $HOME_NET any -> [189.183.234.170] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.234.170/; sid:900961002; rev:1;) alert tcp $HOME_NET any -> [189.213.208.168] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.208.168/; sid:900960040; rev:1;) alert tcp $HOME_NET any -> [201.203.99.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.203.99.129/; sid:900960037; rev:1;) alert tcp $HOME_NET any -> [85.132.96.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.132.96.242/; sid:900960026; rev:1;) alert tcp $HOME_NET any -> [217.199.175.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.216/; sid:900960024; rev:1;) alert tcp $HOME_NET any -> [111.67.12.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.67.12.221/; sid:900960015; rev:1;) alert tcp $HOME_NET any -> [216.98.148.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.136/; sid:900960014; rev:1;) alert tcp $HOME_NET any -> [185.198.57.70] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.70/; sid:900621805; rev:1;) alert tcp $HOME_NET any -> [181.199.151.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.199.151.19/; sid:900952616; rev:1;) alert tcp $HOME_NET any -> [200.45.57.96] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.45.57.96/; sid:900952599; rev:1;) alert tcp $HOME_NET any -> [159.69.211.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.211.211/; sid:900952591; rev:1;) alert tcp $HOME_NET any -> [190.85.206.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.206.228/; sid:900952590; rev:1;) alert tcp $HOME_NET any -> [115.132.227.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.132.227.247/; sid:900952589; rev:1;) alert tcp $HOME_NET any -> [222.104.222.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.104.222.145/; sid:900952588; rev:1;) alert tcp $HOME_NET any -> [189.196.140.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.196.140.187/; sid:900952587; rev:1;) alert tcp $HOME_NET any -> [200.58.171.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.171.51/; sid:900952586; rev:1;) alert tcp $HOME_NET any -> [84.241.10.111] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.10.111/; sid:900952489; rev:1;) alert tcp $HOME_NET any -> [119.155.153.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.155.153.14/; sid:900952470; rev:1;) alert tcp $HOME_NET any -> [217.199.175.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.217/; sid:900952463; rev:1;) alert tcp $HOME_NET any -> [178.152.78.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.78.149/; sid:900952462; rev:1;) alert tcp $HOME_NET any -> [189.134.78.42] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.78.42/; sid:900952461; rev:1;) alert tcp $HOME_NET any -> [75.177.169.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.169.225/; sid:900952459; rev:1;) alert tcp $HOME_NET any -> [37.211.38.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.38.50/; sid:900952458; rev:1;) alert tcp $HOME_NET any -> [192.227.232.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.63/; sid:900621353; rev:1;) alert tcp $HOME_NET any -> [185.243.115.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.243.115.149/; sid:900621394; rev:1;) alert tcp $HOME_NET any -> [164.132.138.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.134/; sid:900621352; rev:1;) alert tcp $HOME_NET any -> [78.188.7.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.7.213/; sid:900949762; rev:1;) alert tcp $HOME_NET any -> [178.79.161.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.161.166/; sid:900949752; rev:1;) alert tcp $HOME_NET any -> [176.63.173.71] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.173.71/; sid:900949748; rev:1;) alert tcp $HOME_NET any -> [182.188.47.206] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.47.206/; sid:900949745; rev:1;) alert tcp $HOME_NET any -> [186.85.38.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.38.31/; sid:900949744; rev:1;) alert tcp $HOME_NET any -> [69.45.19.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.252/; sid:900949739; rev:1;) alert tcp $HOME_NET any -> [117.196.47.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.47.110/; sid:900949734; rev:1;) alert tcp $HOME_NET any -> [185.183.97.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.173/; sid:900621480; rev:1;) alert tcp $HOME_NET any -> [122.254.81.113] 52087 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.254.81.113/; sid:900942602; rev:1;) alert tcp $HOME_NET any -> [199.159.9.41] 7465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.159.9.41/; sid:900942601; rev:1;) alert tcp $HOME_NET any -> [176.132.140.130] 21521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.132.140.130/; sid:900942600; rev:1;) alert tcp $HOME_NET any -> [110.254.84.1] 16951 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.84.1/; sid:900942599; rev:1;) alert tcp $HOME_NET any -> [199.191.27.152] 11625 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.191.27.152/; sid:900942598; rev:1;) alert tcp $HOME_NET any -> [6.6.6.160] 21585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.160/; sid:900942597; rev:1;) alert tcp $HOME_NET any -> [73.253.115.255] 24900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.253.115.255/; sid:900942596; rev:1;) alert tcp $HOME_NET any -> [88.144.142.65] 31175 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.144.142.65/; sid:900942595; rev:1;) alert tcp $HOME_NET any -> [132.139.215.46] 37272 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.215.46/; sid:900942594; rev:1;) alert tcp $HOME_NET any -> [113.188.147.255] 55724 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.188.147.255/; sid:900942593; rev:1;) alert tcp $HOME_NET any -> [190.138.205.232] 59847 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.205.232/; sid:900942592; rev:1;) alert tcp $HOME_NET any -> [141.19.67.78] 32900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.19.67.78/; sid:900942590; rev:1;) alert tcp $HOME_NET any -> [132.139.251.235] 16776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.251.235/; sid:900942591; rev:1;) alert tcp $HOME_NET any -> [216.57.199.78] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.57.199.78/; sid:900942589; rev:1;) alert tcp $HOME_NET any -> [84.241.120.132] 53758 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.120.132/; sid:900942588; rev:1;) alert tcp $HOME_NET any -> [124.3.255.251] 50297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.3.255.251/; sid:900942587; rev:1;) alert tcp $HOME_NET any -> [75.175.99.254] 50985 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.175.99.254/; sid:900942586; rev:1;) alert tcp $HOME_NET any -> [139.168.2.220] 28804 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.168.2.220/; sid:900942585; rev:1;) alert tcp $HOME_NET any -> [232.105.199.80] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.105.199.80/; sid:900942584; rev:1;) alert tcp $HOME_NET any -> [85.129.104.132] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.129.104.132/; sid:900942583; rev:1;) alert tcp $HOME_NET any -> [167.147.255.251] 46725 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.147.255.251/; sid:900942582; rev:1;) alert tcp $HOME_NET any -> [199.158.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.231.254/; sid:900942581; rev:1;) alert tcp $HOME_NET any -> [6.96.132.140] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.96.132.140/; sid:900942580; rev:1;) alert tcp $HOME_NET any -> [115.255.251.247] 36191 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.255.251.247/; sid:900942579; rev:1;) alert tcp $HOME_NET any -> [120.234.254.85] 6779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.234.254.85/; sid:900942578; rev:1;) alert tcp $HOME_NET any -> [6.6.6.15] 65533 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.15/; sid:900940184; rev:1;) alert tcp $HOME_NET any -> [211.122.254.81] 37579 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.122.254.81/; sid:900940183; rev:1;) alert tcp $HOME_NET any -> [234.251.164.38] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.251.164.38/; sid:900940182; rev:1;) alert tcp $HOME_NET any -> [141.199.159.10] 64798 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.159.10/; sid:900940181; rev:1;) alert tcp $HOME_NET any -> [181.176.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.132.139/; sid:900940180; rev:1;) alert tcp $HOME_NET any -> [183.255.253.38] 59489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.255.253.38/; sid:900940179; rev:1;) alert tcp $HOME_NET any -> [147.110.254.83] 321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.110.254.83/; sid:900940178; rev:1;) alert tcp $HOME_NET any -> [155.240.194.79] 33932 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.240.194.79/; sid:900940177; rev:1;) alert tcp $HOME_NET any -> [205.199.191.28] 64814 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.199.191.28/; sid:900940176; rev:1;) alert tcp $HOME_NET any -> [215.255.253.54] 18942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.255.253.54/; sid:900940175; rev:1;) alert tcp $HOME_NET any -> [42.65.254.83] 22672 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.65.254.83/; sid:900940174; rev:1;) alert tcp $HOME_NET any -> [6.6.6.243] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.243/; sid:900940173; rev:1;) alert tcp $HOME_NET any -> [62.254.83.85] 60828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.83.85/; sid:900940172; rev:1;) alert tcp $HOME_NET any -> [161.67.218.27] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.67.218.27/; sid:900938292; rev:1;) alert tcp $HOME_NET any -> [132.137.245.151] 62960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.245.151/; sid:900938291; rev:1;) alert tcp $HOME_NET any -> [113.20.167.255] 52470 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.20.167.255/; sid:900938290; rev:1;) alert tcp $HOME_NET any -> [76.212.20.19] 36295 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.212.20.19/; sid:900938289; rev:1;) alert tcp $HOME_NET any -> [80.181.224.132] 1790 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.181.224.132/; sid:900938288; rev:1;) alert tcp $HOME_NET any -> [162.215.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.215.255.252/; sid:900938287; rev:1;) alert tcp $HOME_NET any -> [47.6.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.116.254/; sid:900938286; rev:1;) alert tcp $HOME_NET any -> [138.57.185.83] 55428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.57.185.83/; sid:900938285; rev:1;) alert tcp $HOME_NET any -> [119.205.199.49] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.205.199.49/; sid:900938284; rev:1;) alert tcp $HOME_NET any -> [80.213.208.132] 5374 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.213.208.132/; sid:900938283; rev:1;) alert tcp $HOME_NET any -> [174.247.255.252] 1018 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.247.255.252/; sid:900938282; rev:1;) alert tcp $HOME_NET any -> [132.176.70.254] 51179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.176.70.254/; sid:900938281; rev:1;) alert tcp $HOME_NET any -> [137.106.154.40] 51332 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.106.154.40/; sid:900938280; rev:1;) alert tcp $HOME_NET any -> [136.13.199.172] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.13.199.172/; sid:900938279; rev:1;) alert tcp $HOME_NET any -> [81.245.192.132] 62718 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.245.192.132/; sid:900938278; rev:1;) alert tcp $HOME_NET any -> [61.247.255.253] 64151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.247.255.253/; sid:900938277; rev:1;) alert tcp $HOME_NET any -> [61.199.146.203] 1551 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.199.146.203/; sid:900938276; rev:1;) alert tcp $HOME_NET any -> [197.184.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.184.132.138/; sid:900938275; rev:1;) alert tcp $HOME_NET any -> [141.226.254.83] 40714 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.226.254.83/; sid:900938274; rev:1;) alert tcp $HOME_NET any -> [54.60.232.97] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.60.232.97/; sid:900938273; rev:1;) alert tcp $HOME_NET any -> [141.199.1.65] 64806 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.1.65/; sid:900938272; rev:1;) alert tcp $HOME_NET any -> [117.168.132.140] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.168.132.140/; sid:900938271; rev:1;) alert tcp $HOME_NET any -> [231.255.253.46] 49743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/231.255.253.46/; sid:900938270; rev:1;) alert tcp $HOME_NET any -> [28.248.254.83] 48924 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.248.254.83/; sid:900938269; rev:1;) alert tcp $HOME_NET any -> [37.152.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.132.139/; sid:900938268; rev:1;) alert tcp $HOME_NET any -> [46.84.207.55] 1779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.207.55/; sid:900938267; rev:1;) alert tcp $HOME_NET any -> [199.208.237.156] 16141 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.237.156/; sid:900938266; rev:1;) alert tcp $HOME_NET any -> [32.132.134.171] 19958 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.132.134.171/; sid:900938265; rev:1;) alert tcp $HOME_NET any -> [101.72.3.183] 35179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.72.3.183/; sid:900938264; rev:1;) alert tcp $HOME_NET any -> [199.126.218.69] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.126.218.69/; sid:900938263; rev:1;) alert tcp $HOME_NET any -> [16.132.136.171] 20950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.132.136.171/; sid:900938262; rev:1;) alert tcp $HOME_NET any -> [47.254.81.246] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.254.81.246/; sid:900938261; rev:1;) alert tcp $HOME_NET any -> [6.6.6.39] 35321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.39/; sid:900938260; rev:1;) alert tcp $HOME_NET any -> [215.251.55.255] 27371 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.251.55.255/; sid:900938259; rev:1;) alert tcp $HOME_NET any -> [238.118.184.234] 64967 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/238.118.184.234/; sid:900938258; rev:1;) alert tcp $HOME_NET any -> [132.137.55.206] 17912 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.55.206/; sid:900938257; rev:1;) alert tcp $HOME_NET any -> [20.54.247.255] 62871 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.54.247.255/; sid:900938256; rev:1;) alert tcp $HOME_NET any -> [108.127.219.199] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.127.219.199/; sid:900938255; rev:1;) alert tcp $HOME_NET any -> [132.136.204.246] 62952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.204.246/; sid:900938254; rev:1;) alert tcp $HOME_NET any -> [6.6.6.254] 5139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.254/; sid:900938253; rev:1;) alert tcp $HOME_NET any -> [136.152.64.198] 57476 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.152.64.198/; sid:900938252; rev:1;) alert tcp $HOME_NET any -> [111.189.199.98] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.189.199.98/; sid:900938251; rev:1;) alert tcp $HOME_NET any -> [80.229.216.132] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.229.216.132/; sid:900938250; rev:1;) alert tcp $HOME_NET any -> [42.247.255.252] 47443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.247.255.252/; sid:900938249; rev:1;) alert tcp $HOME_NET any -> [99.59.20.254] 50993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.59.20.254/; sid:900938248; rev:1;) alert tcp $HOME_NET any -> [136.229.3.250] 53380 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.229.3.250/; sid:900938247; rev:1;) alert tcp $HOME_NET any -> [128.13.199.235] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.13.199.235/; sid:900938246; rev:1;) alert tcp $HOME_NET any -> [81.53.200.132] 18174 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.53.200.132/; sid:900938245; rev:1;) alert tcp $HOME_NET any -> [16.71.255.252] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.71.255.252/; sid:900938244; rev:1;) alert tcp $HOME_NET any -> [56.202.244.254] 51116 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.202.244.254/; sid:900938243; rev:1;) alert tcp $HOME_NET any -> [138.1.250.151] 49284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.1.250.151/; sid:900938242; rev:1;) alert tcp $HOME_NET any -> [83.110.155.238] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.155.238/; sid:900937236; rev:1;) alert tcp $HOME_NET any -> [86.99.35.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.35.122/; sid:900937233; rev:1;) alert tcp $HOME_NET any -> [213.14.166.152] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.166.152/; sid:900937220; rev:1;) alert tcp $HOME_NET any -> [77.111.149.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.111.149.55/; sid:900937208; rev:1;) alert tcp $HOME_NET any -> [191.92.69.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.69.115/; sid:900937207; rev:1;) alert tcp $HOME_NET any -> [159.0.130.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.0.130.149/; sid:900937206; rev:1;) alert tcp $HOME_NET any -> [72.3.91.255] 1893 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.3.91.255/; sid:900935467; rev:1;) alert tcp $HOME_NET any -> [126.218.169.249] 57799 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.218.169.249/; sid:900935466; rev:1;) alert tcp $HOME_NET any -> [186.73.43.255] 5415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.73.43.255/; sid:900935464; rev:1;) alert tcp $HOME_NET any -> [132.136.71.115] 23056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.71.115/; sid:900935465; rev:1;) alert tcp $HOME_NET any -> [139.111.65.14] 25031 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.111.65.14/; sid:900935463; rev:1;) alert tcp $HOME_NET any -> [132.138.6.235] 23040 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.138.6.235/; sid:900935462; rev:1;) alert tcp $HOME_NET any -> [6.187.255.252] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.187.255.252/; sid:900935461; rev:1;) alert tcp $HOME_NET any -> [118.84.234.254] 51182 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.84.234.254/; sid:900935460; rev:1;) alert tcp $HOME_NET any -> [137.187.206.112] 63620 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.187.206.112/; sid:900935459; rev:1;) alert tcp $HOME_NET any -> [84.161.199.161] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.161.199.161/; sid:900935458; rev:1;) alert tcp $HOME_NET any -> [81.249.240.132] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.249.240.132/; sid:900935457; rev:1;) alert tcp $HOME_NET any -> [55.27.255.252] 38676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.27.255.252/; sid:900935456; rev:1;) alert tcp $HOME_NET any -> [126.87.199.254] 51052 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.87.199.254/; sid:900935455; rev:1;) alert tcp $HOME_NET any -> [138.32.246.113] 59524 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.32.246.113/; sid:900935454; rev:1;) alert tcp $HOME_NET any -> [102.225.199.76] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.225.199.76/; sid:900935453; rev:1;) alert tcp $HOME_NET any -> [82.89.224.132] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.89.224.132/; sid:900935452; rev:1;) alert tcp $HOME_NET any -> [164.91.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.91.255.252/; sid:900935451; rev:1;) alert tcp $HOME_NET any -> [47.234.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.234.116.254/; sid:900935450; rev:1;) alert tcp $HOME_NET any -> [9.216.132.136] 1618 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.216.132.136/; sid:900935449; rev:1;) alert tcp $HOME_NET any -> [27.255.252.119] 21292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.255.252.119/; sid:900935448; rev:1;) alert tcp $HOME_NET any -> [215.20.254.82] 12643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.20.254.82/; sid:900935447; rev:1;) alert tcp $HOME_NET any -> [137.3.250.176] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.3.250.176/; sid:900935446; rev:1;) alert tcp $HOME_NET any -> [113.199.235.134] 64639 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.235.134/; sid:900935445; rev:1;) alert tcp $HOME_NET any -> [217.200.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.200.132.138/; sid:900935444; rev:1;) alert tcp $HOME_NET any -> [171.255.252.135] 10254 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.255.252.135/; sid:900935443; rev:1;) alert tcp $HOME_NET any -> [38.244.254.81] 44089 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.244.254.81/; sid:900935442; rev:1;) alert tcp $HOME_NET any -> [221.250.151.61] 33929 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.250.151.61/; sid:900935441; rev:1;) alert tcp $HOME_NET any -> [161.199.146.204] 64783 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.199.146.204/; sid:900935440; rev:1;) alert tcp $HOME_NET any -> [41.184.132.139] 65106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.132.139/; sid:900935439; rev:1;) alert tcp $HOME_NET any -> [199.61.142.8] 12785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.61.142.8/; sid:900934216; rev:1;) alert tcp $HOME_NET any -> [57.216.107.255] 5971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.216.107.255/; sid:900934215; rev:1;) alert tcp $HOME_NET any -> [60.115.138.250] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.115.138.250/; sid:900934214; rev:1;) alert tcp $HOME_NET any -> [133.20.87.101] 6680 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.87.101/; sid:900934213; rev:1;) alert tcp $HOME_NET any -> [180.30.11.255] 6003 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.30.11.255/; sid:900934212; rev:1;) alert tcp $HOME_NET any -> [9.31.148.47] 16839 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.31.148.47/; sid:900934211; rev:1;) alert tcp $HOME_NET any -> [133.20.69.39] 18952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.69.39/; sid:900934210; rev:1;) alert tcp $HOME_NET any -> [215.133.5.5] 55019 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.133.5.5/; sid:900934209; rev:1;) alert tcp $HOME_NET any -> [210.177.199.239] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.177.199.239/; sid:900934208; rev:1;) alert tcp $HOME_NET any -> [199.121.248.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.121.248.133/; sid:900934207; rev:1;) alert tcp $HOME_NET any -> [31.139.255.252] 52849 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.139.255.252/; sid:900934206; rev:1;) alert tcp $HOME_NET any -> [189.102.27.254] 51104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.102.27.254/; sid:900934205; rev:1;) alert tcp $HOME_NET any -> [40.133.19.84] 52106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.133.19.84/; sid:900931459; rev:1;) alert tcp $HOME_NET any -> [175.107.200.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.200.27/; sid:900931041; rev:1;) alert tcp $HOME_NET any -> [103.201.150.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.201.150.209/; sid:900931028; rev:1;) alert tcp $HOME_NET any -> [190.171.230.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.230.41/; sid:900931027; rev:1;) alert tcp $HOME_NET any -> [103.213.212.42] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.213.212.42/; sid:900931025; rev:1;) alert tcp $HOME_NET any -> [185.94.252.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.249/; sid:900931022; rev:1;) alert tcp $HOME_NET any -> [185.94.252.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.27/; sid:900931021; rev:1;) alert tcp $HOME_NET any -> [177.225.175.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.175.199/; sid:900931020; rev:1;) alert tcp $HOME_NET any -> [181.142.29.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.142.29.90/; sid:900931019; rev:1;) alert tcp $HOME_NET any -> [24.150.44.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.150.44.53/; sid:900931018; rev:1;) alert tcp $HOME_NET any -> [5.5.5.186] 36360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.186/; sid:900930533; rev:1;) alert tcp $HOME_NET any -> [133.19.23.83] 18976 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.19.23.83/; sid:900930532; rev:1;) alert tcp $HOME_NET any -> [71.118.11.255] 22373 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.118.11.255/; sid:900930531; rev:1;) alert tcp $HOME_NET any -> [126.95.121.249] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.95.121.249/; sid:900930530; rev:1;) alert tcp $HOME_NET any -> [133.21.23.115] 59920 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.23.115/; sid:900930529; rev:1;) alert tcp $HOME_NET any -> [186.212.123.255] 17703 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.212.123.255/; sid:900929218; rev:1;) alert tcp $HOME_NET any -> [139.234.17.14] 29127 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.234.17.14/; sid:900929217; rev:1;) alert tcp $HOME_NET any -> [133.20.214.235] 35328 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.214.235/; sid:900929216; rev:1;) alert tcp $HOME_NET any -> [5.139.255.252] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.139.255.252/; sid:900929215; rev:1;) alert tcp $HOME_NET any -> [1.4.234.254] 51183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.4.234.254/; sid:900929214; rev:1;) alert tcp $HOME_NET any -> [15.139.206.113] 63621 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.139.206.113/; sid:900929213; rev:1;) alert tcp $HOME_NET any -> [202.177.199.160] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.177.199.160/; sid:900929212; rev:1;) alert tcp $HOME_NET any -> [199.73.240.133] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.73.240.133/; sid:900929211; rev:1;) alert tcp $HOME_NET any -> [192.75.255.252] 38675 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.75.255.252/; sid:900929210; rev:1;) alert tcp $HOME_NET any -> [15.48.246.112] 59525 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.48.246.112/; sid:900929209; rev:1;) alert tcp $HOME_NET any -> [199.9.224.133] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.9.224.133/; sid:900929208; rev:1;) alert tcp $HOME_NET any -> [28.235.255.252] 16583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.235.255.252/; sid:900929207; rev:1;) alert tcp $HOME_NET any -> [137.200.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.200.133.15/; sid:900929191; rev:1;) alert tcp $HOME_NET any -> [123.255.253.17] 10122 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.255.253.17/; sid:900929190; rev:1;) alert tcp $HOME_NET any -> [54.244.254.199] 43968 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.244.254.199/; sid:900929189; rev:1;) alert tcp $HOME_NET any -> [141.250.150.195] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.250.150.195/; sid:900929188; rev:1;) alert tcp $HOME_NET any -> [121.184.133.22] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.184.133.22/; sid:900929187; rev:1;) alert tcp $HOME_NET any -> [139.255.5.5] 41906 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.5.5/; sid:900929186; rev:1;) alert tcp $HOME_NET any -> [199.158.143.1] 41713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.143.1/; sid:900929185; rev:1;) alert tcp $HOME_NET any -> [176.133.22.138] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.22.138/; sid:900929184; rev:1;) alert tcp $HOME_NET any -> [110.254.206.9] 47151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.206.9/; sid:900929183; rev:1;) alert tcp $HOME_NET any -> [199.190.165.144] 45937 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.190.165.144/; sid:900929182; rev:1;) alert tcp $HOME_NET any -> [160.133.22.73] 52809 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.133.22.73/; sid:900929181; rev:1;) alert tcp $HOME_NET any -> [65.254.206.153] 2454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.254.206.153/; sid:900929180; rev:1;) alert tcp $HOME_NET any -> [46.84.73.139] 5583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.73.139/; sid:900929179; rev:1;) alert tcp $HOME_NET any -> [199.208.115.48] 50353 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.115.48/; sid:900929178; rev:1;) alert tcp $HOME_NET any -> [5.5.5.144] 52585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.144/; sid:900929177; rev:1;) alert tcp $HOME_NET any -> [114.70.139.255] 53676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.70.139.255/; sid:900929176; rev:1;) alert tcp $HOME_NET any -> [145.200.123.255] 58347 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.200.123.255/; sid:900928986; rev:1;) alert tcp $HOME_NET any -> [234.234.219.80] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.234.219.80/; sid:900928985; rev:1;) alert tcp $HOME_NET any -> [133.23.27.67] 35200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.23.27.67/; sid:900928984; rev:1;) alert tcp $HOME_NET any -> [122.6.11.255] 61892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.6.11.255/; sid:900928983; rev:1;) alert tcp $HOME_NET any -> [41.213.119.99] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.213.119.99/; sid:900928982; rev:1;) alert tcp $HOME_NET any -> [133.21.160.2] 18800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.160.2/; sid:900928981; rev:1;) alert tcp $HOME_NET any -> [28.69.207.254] 51025 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.69.207.254/; sid:900928980; rev:1;) alert tcp $HOME_NET any -> [22.146.182.134] 26757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.146.182.134/; sid:900928979; rev:1;) alert tcp $HOME_NET any -> [105.177.199.244] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.177.199.244/; sid:900928978; rev:1;) alert tcp $HOME_NET any -> [207.137.96.133] 59390 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.96.133/; sid:900928977; rev:1;) alert tcp $HOME_NET any -> [229.107.255.251] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.107.255.251/; sid:900928976; rev:1;) alert tcp $HOME_NET any -> [1.160.234.254] 50971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.160.234.254/; sid:900928975; rev:1;) alert tcp $HOME_NET any -> [23.147.214.94] 22661 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.147.214.94/; sid:900928974; rev:1;) alert tcp $HOME_NET any -> [121.241.199.74] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.241.199.74/; sid:900928973; rev:1;) alert tcp $HOME_NET any -> [207.105.80.133] 13310 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.105.80.133/; sid:900928972; rev:1;) alert tcp $HOME_NET any -> [189.139.255.251] 34600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.139.255.251/; sid:900928971; rev:1;) alert tcp $HOME_NET any -> [36.18.165.254] 51161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.18.165.254/; sid:900928970; rev:1;) alert tcp $HOME_NET any -> [109.187.254.204] 2354 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.187.254.204/; sid:900928968; rev:1;) alert tcp $HOME_NET any -> [5.5.5.20] 18565 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.20/; sid:900928969; rev:1;) alert tcp $HOME_NET any -> [165.218.138.154] 34068 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.218.138.154/; sid:900928967; rev:1;) alert tcp $HOME_NET any -> [113.199.6.41] 64781 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.6.41/; sid:900928966; rev:1;) alert tcp $HOME_NET any -> [121.56.133.21] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.56.133.21/; sid:900928965; rev:1;) alert tcp $HOME_NET any -> [139.255.253.37] 58805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.37/; sid:900928964; rev:1;) alert tcp $HOME_NET any -> [218.20.254.207] 33415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.20.254.207/; sid:900928963; rev:1;) alert tcp $HOME_NET any -> [15.73.151.19] 61573 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.73.151.19/; sid:900928736; rev:1;) alert tcp $HOME_NET any -> [227.1.199.108] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/227.1.199.108/; sid:900928735; rev:1;) alert tcp $HOME_NET any -> [199.137.232.133] 51198 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.137.232.133/; sid:900928734; rev:1;) alert tcp $HOME_NET any -> [139.27.255.252] 63088 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.27.255.252/; sid:900928733; rev:1;) alert tcp $HOME_NET any -> [77.168.19.254] 51020 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.168.19.254/; sid:900928732; rev:1;) alert tcp $HOME_NET any -> [15.36.64.199] 57477 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.36.64.199/; sid:900928731; rev:1;) alert tcp $HOME_NET any -> [234.49.199.97] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.49.199.97/; sid:900928730; rev:1;) alert tcp $HOME_NET any -> [5.5.5.199] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.199/; sid:900928729; rev:1;) alert tcp $HOME_NET any -> [229.185.82.181] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.185.82.181/; sid:900928728; rev:1;) alert tcp $HOME_NET any -> [137.192.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.192.133.15/; sid:900928721; rev:1;) alert tcp $HOME_NET any -> [75.255.252.137] 38595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.252.137/; sid:900928720; rev:1;) alert tcp $HOME_NET any -> [111.122.254.199] 37461 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.122.254.199/; sid:900928719; rev:1;) alert tcp $HOME_NET any -> [86.251.163.178] 34070 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.251.163.178/; sid:900928718; rev:1;) alert tcp $HOME_NET any -> [5.252.162.241] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.162.241/; sid:900928717; rev:1;) alert tcp $HOME_NET any -> [226.254.206.9] 36609 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/226.254.206.9/; sid:900928716; rev:1;) alert tcp $HOME_NET any -> [60.232.216.11] 5770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.232.216.11/; sid:900928715; rev:1;) alert tcp $HOME_NET any -> [199.0.184.47] 39745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.184.47/; sid:900928714; rev:1;) alert tcp $HOME_NET any -> [168.133.21.39] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.133.21.39/; sid:900928713; rev:1;) alert tcp $HOME_NET any -> [199.89.9.150] 43889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.89.9.150/; sid:900928711; rev:1;) alert tcp $HOME_NET any -> [152.133.21.207] 52889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.133.21.207/; sid:900928710; rev:1;) alert tcp $HOME_NET any -> [62.254.205.105] 29488 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.205.105/; sid:900928709; rev:1;) alert tcp $HOME_NET any -> [133.22.209.172] 1424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.209.172/; sid:900928708; rev:1;) alert tcp $HOME_NET any -> [191.16.213.232] 49607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.16.213.232/; sid:900928400; rev:1;) alert tcp $HOME_NET any -> [133.21.227.235] 18824 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.227.235/; sid:900928399; rev:1;) alert tcp $HOME_NET any -> [78.87.11.255] 6979 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.11.255/; sid:900928398; rev:1;) alert tcp $HOME_NET any -> [133.22.241.196] 63864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.241.196/; sid:900928396; rev:1;) alert tcp $HOME_NET any -> [79.38.82.209] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.38.82.209/; sid:900928397; rev:1;) alert tcp $HOME_NET any -> [220.204.75.255] 40962 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.204.75.255/; sid:900928395; rev:1;) alert tcp $HOME_NET any -> [28.155.255.251] 46726 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.155.255.251/; sid:900928392; rev:1;) alert tcp $HOME_NET any -> [81.166.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.166.231.254/; sid:900928391; rev:1;) alert tcp $HOME_NET any -> [22.178.180.141] 24709 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.178.180.141/; sid:900928390; rev:1;) alert tcp $HOME_NET any -> [129.177.199.27] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.177.199.27/; sid:900928389; rev:1;) alert tcp $HOME_NET any -> [207.89.88.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.89.88.133/; sid:900928388; rev:1;) alert tcp $HOME_NET any -> [138.75.255.251] 54878 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.75.255.251/; sid:900928387; rev:1;) alert tcp $HOME_NET any -> [125.1.199.217] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.1.199.217/; sid:900928385; rev:1;) alert tcp $HOME_NET any -> [20.105.135.40] 20613 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.105.135.40/; sid:900928386; rev:1;) alert tcp $HOME_NET any -> [204.9.72.133] 42494 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.9.72.133/; sid:900928384; rev:1;) alert tcp $HOME_NET any -> [133.196.58.95] 1300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.196.58.95/; sid:900928383; rev:1;) alert tcp $HOME_NET any -> [49.199.9.50] 64405 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.199.9.50/; sid:900928382; rev:1;) alert tcp $HOME_NET any -> [9.64.133.20] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.64.133.20/; sid:900928381; rev:1;) alert tcp $HOME_NET any -> [75.255.253.13] 35482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.13/; sid:900928380; rev:1;) alert tcp $HOME_NET any -> [49.24.229.181] 34069 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.24.229.181/; sid:900928378; rev:1;) alert tcp $HOME_NET any -> [28.101.254.204] 1577 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.101.254.204/; sid:900928379; rev:1;) alert tcp $HOME_NET any -> [113.199.130.135] 64805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.130.135/; sid:900928377; rev:1;) alert tcp $HOME_NET any -> [137.48.133.23] 65231 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.48.133.23/; sid:900928376; rev:1;) alert tcp $HOME_NET any -> [139.255.253.30] 56562 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.30/; sid:900928375; rev:1;) alert tcp $HOME_NET any -> [234.141.254.207] 35815 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.141.254.207/; sid:900928374; rev:1;) alert tcp $HOME_NET any -> [5.129.199.81] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.129.199.81/; sid:900928275; rev:1;) alert tcp $HOME_NET any -> [207.137.104.133] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.104.133/; sid:900928274; rev:1;) alert tcp $HOME_NET any -> [68.73.131.107] 5705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.73.131.107/; sid:900928273; rev:1;) alert tcp $HOME_NET any -> [113.199.49.220] 64770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.49.220/; sid:900928202; rev:1;) alert tcp $HOME_NET any -> [105.208.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.208.133.15/; sid:900928201; rev:1;) alert tcp $HOME_NET any -> [139.255.252.250] 64297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.252.250/; sid:900928200; rev:1;) alert tcp $HOME_NET any -> [12.70.254.199] 60411 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.70.254.199/; sid:900928199; rev:1;) alert tcp $HOME_NET any -> [86.154.39.138] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.154.39.138/; sid:900928198; rev:1;) alert tcp $HOME_NET any -> [177.199.171.192] 64785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.199.171.192/; sid:900928197; rev:1;) alert tcp $HOME_NET any -> [168.122.116.254] 51041 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.122.116.254/; sid:900928068; rev:1;) alert tcp $HOME_NET any -> [89.216.133.15] 1479 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.133.15/; sid:900928067; rev:1;) alert tcp $HOME_NET any -> [75.255.253.2] 21173 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.2/; sid:900928066; rev:1;) alert tcp $HOME_NET any -> [135.20.254.199] 12764 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.20.254.199/; sid:900928065; rev:1;) alert tcp $HOME_NET any -> [89.3.251.41] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.3.251.41/; sid:900928064; rev:1;) alert tcp $HOME_NET any -> [129.199.235.251] 64762 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.199.235.251/; sid:900928063; rev:1;) alert tcp $HOME_NET any -> [50.101.180.172] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.180.172/; sid:900927995; rev:1;) alert tcp $HOME_NET any -> [119.93.243.2] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.93.243.2/; sid:900927991; rev:1;) alert tcp $HOME_NET any -> [177.230.108.144] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.108.144/; sid:900927985; rev:1;) alert tcp $HOME_NET any -> [212.22.215.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.215.140/; sid:900927980; rev:1;) alert tcp $HOME_NET any -> [195.99.230.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.99.230.208/; sid:900927982; rev:1;) alert tcp $HOME_NET any -> [45.249.156.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.249.156.10/; sid:900927974; rev:1;) alert tcp $HOME_NET any -> [144.202.9.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.9.18/; sid:900927971; rev:1;) alert tcp $HOME_NET any -> [149.255.56.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.56.242/; sid:900927970; rev:1;) alert tcp $HOME_NET any -> [190.112.228.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.112.228.47/; sid:900927969; rev:1;) alert tcp $HOME_NET any -> [68.229.130.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.229.130.39/; sid:900927967; rev:1;) alert tcp $HOME_NET any -> [164.132.138.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.130/; sid:900621571; rev:1;) alert tcp $HOME_NET any -> [54.38.127.31] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.31/; sid:900621455; rev:1;) alert tcp $HOME_NET any -> [45.118.216.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.216.70/; sid:900913254; rev:1;) alert tcp $HOME_NET any -> [77.82.85.35] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.82.85.35/; sid:900913249; rev:1;) alert tcp $HOME_NET any -> [197.91.152.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.91.152.93/; sid:900913248; rev:1;) alert tcp $HOME_NET any -> [152.168.82.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.82.167/; sid:900913247; rev:1;) alert tcp $HOME_NET any -> [78.149.210.116] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.149.210.116/; sid:900913246; rev:1;) alert tcp $HOME_NET any -> [91.205.215.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.66/; sid:900913244; rev:1;) alert tcp $HOME_NET any -> [109.154.221.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.154.221.151/; sid:900913238; rev:1;) alert tcp $HOME_NET any -> [125.62.120.125] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.62.120.125/; sid:900913231; rev:1;) alert tcp $HOME_NET any -> [2.50.52.255] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.52.255/; sid:900913224; rev:1;) alert tcp $HOME_NET any -> [177.231.157.189] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.157.189/; sid:900913217; rev:1;) alert tcp $HOME_NET any -> [189.166.20.113] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.20.113/; sid:900913216; rev:1;) alert tcp $HOME_NET any -> [103.11.83.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.83.52/; sid:900913215; rev:1;) alert tcp $HOME_NET any -> [212.80.216.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.126/; sid:900621814; rev:1;) alert tcp $HOME_NET any -> [200.107.105.16] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.107.105.16/; sid:900907004; rev:1;) alert tcp $HOME_NET any -> [196.6.112.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.6.112.70/; sid:900906992; rev:1;) alert tcp $HOME_NET any -> [213.172.88.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.172.88.13/; sid:900906990; rev:1;) alert tcp $HOME_NET any -> [66.228.45.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.45.129/; sid:900906978; rev:1;) alert tcp $HOME_NET any -> [179.62.249.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.249.189/; sid:900906977; rev:1;) alert tcp $HOME_NET any -> [181.30.126.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.126.66/; sid:900906976; rev:1;) alert tcp $HOME_NET any -> [181.37.126.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.37.126.2/; sid:900906975; rev:1;) alert tcp $HOME_NET any -> [124.253.18.48] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.253.18.48/; sid:900906897; rev:1;) alert tcp $HOME_NET any -> [31.14.240.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.14.240.162/; sid:900906892; rev:1;) alert tcp $HOME_NET any -> [31.163.99.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.163.99.231/; sid:900906886; rev:1;) alert tcp $HOME_NET any -> [201.248.5.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.5.197/; sid:900906881; rev:1;) alert tcp $HOME_NET any -> [165.255.52.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.52.192/; sid:900906880; rev:1;) alert tcp $HOME_NET any -> [82.0.19.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.0.19.40/; sid:900906879; rev:1;) alert tcp $HOME_NET any -> [105.227.156.151] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.156.151/; sid:900895454; rev:1;) alert tcp $HOME_NET any -> [88.238.251.233] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.238.251.233/; sid:900895430; rev:1;) alert tcp $HOME_NET any -> [216.98.148.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.156/; sid:900895427; rev:1;) alert tcp $HOME_NET any -> [202.133.72.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.133.72.136/; sid:900895426; rev:1;) alert tcp $HOME_NET any -> [94.11.25.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.11.25.255/; sid:900895425; rev:1;) alert tcp $HOME_NET any -> [117.193.28.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.193.28.115/; sid:900895424; rev:1;) alert tcp $HOME_NET any -> [181.29.186.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.186.65/; sid:900891454; rev:1;) alert tcp $HOME_NET any -> [200.90.201.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.201.77/; sid:900891444; rev:1;) alert tcp $HOME_NET any -> [77.44.16.54] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.16.54/; sid:900891443; rev:1;) alert tcp $HOME_NET any -> [107.159.94.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.159.94.183/; sid:900891439; rev:1;) alert tcp $HOME_NET any -> [187.137.162.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.162.145/; sid:900891426; rev:1;) alert tcp $HOME_NET any -> [88.215.2.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.215.2.29/; sid:900891425; rev:1;) alert tcp $HOME_NET any -> [187.188.166.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.166.192/; sid:900891424; rev:1;) alert tcp $HOME_NET any -> [189.213.62.223] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.62.223/; sid:900891359; rev:1;) alert tcp $HOME_NET any -> [105.184.150.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.150.227/; sid:900891356; rev:1;) alert tcp $HOME_NET any -> [190.186.203.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.203.55/; sid:900891346; rev:1;) alert tcp $HOME_NET any -> [49.248.84.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.84.88/; sid:900891330; rev:1;) alert tcp $HOME_NET any -> [83.110.148.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.148.19/; sid:900891329; rev:1;) alert tcp $HOME_NET any -> [189.154.67.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.67.254/; sid:900891328; rev:1;) alert tcp $HOME_NET any -> [190.147.116.32] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.116.32/; sid:900889692; rev:1;) alert tcp $HOME_NET any -> [88.97.26.73] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.97.26.73/; sid:900889687; rev:1;) alert tcp $HOME_NET any -> [190.192.113.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.192.113.159/; sid:900889685; rev:1;) alert tcp $HOME_NET any -> [189.225.119.52] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.119.52/; sid:900889684; rev:1;) alert tcp $HOME_NET any -> [201.218.115.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.218.115.202/; sid:900889682; rev:1;) alert tcp $HOME_NET any -> [189.205.185.71] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.185.71/; sid:900889674; rev:1;) alert tcp $HOME_NET any -> [200.28.131.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.28.131.215/; sid:900889666; rev:1;) alert tcp $HOME_NET any -> [190.85.100.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.100.102/; sid:900889665; rev:1;) alert tcp $HOME_NET any -> [190.104.67.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.67.90/; sid:900889664; rev:1;) alert tcp $HOME_NET any -> [203.194.46.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.194.46.115/; sid:900887352; rev:1;) alert tcp $HOME_NET any -> [178.87.73.140] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.87.73.140/; sid:900887346; rev:1;) alert tcp $HOME_NET any -> [190.147.53.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.53.122/; sid:900887345; rev:1;) alert tcp $HOME_NET any -> [189.208.59.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.59.61/; sid:900887340; rev:1;) alert tcp $HOME_NET any -> [59.96.96.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.96.96.73/; sid:900887331; rev:1;) alert tcp $HOME_NET any -> [78.169.89.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.169.89.21/; sid:900887330; rev:1;) alert tcp $HOME_NET any -> [86.98.94.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.94.57/; sid:900887329; rev:1;) alert tcp $HOME_NET any -> [180.180.141.175] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.180.141.175/; sid:900886880; rev:1;) alert tcp $HOME_NET any -> [83.110.207.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.207.126/; sid:900886874; rev:1;) alert tcp $HOME_NET any -> [89.218.55.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.218.55.146/; sid:900886872; rev:1;) alert tcp $HOME_NET any -> [180.150.87.75] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.150.87.75/; sid:900886861; rev:1;) alert tcp $HOME_NET any -> [124.120.240.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.120.240.114/; sid:900886858; rev:1;) alert tcp $HOME_NET any -> [114.134.90.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.134.90.17/; sid:900886857; rev:1;) alert tcp $HOME_NET any -> [69.45.19.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.145/; sid:900886853; rev:1;) alert tcp $HOME_NET any -> [94.130.35.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.130.35.140/; sid:900886852; rev:1;) alert tcp $HOME_NET any -> [78.100.187.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.187.118/; sid:900886851; rev:1;) alert tcp $HOME_NET any -> [77.56.253.112] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.56.253.112/; sid:900886850; rev:1;) alert tcp $HOME_NET any -> [73.31.185.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.31.185.166/; sid:900886849; rev:1;) alert tcp $HOME_NET any -> [200.82.142.66] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.142.66/; sid:900884478; rev:1;) alert tcp $HOME_NET any -> [86.151.202.16] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.202.16/; sid:900884476; rev:1;) alert tcp $HOME_NET any -> [186.77.56.180] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.77.56.180/; sid:900884475; rev:1;) alert tcp $HOME_NET any -> [201.238.175.6] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.175.6/; sid:900884472; rev:1;) alert tcp $HOME_NET any -> [60.50.212.17] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.50.212.17/; sid:900884469; rev:1;) alert tcp $HOME_NET any -> [187.144.221.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.221.205/; sid:900884465; rev:1;) alert tcp $HOME_NET any -> [105.228.33.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.33.125/; sid:900884459; rev:1;) alert tcp $HOME_NET any -> [189.131.189.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.189.158/; sid:900884450; rev:1;) alert tcp $HOME_NET any -> [88.250.109.70] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.109.70/; sid:900884451; rev:1;) alert tcp $HOME_NET any -> [190.173.155.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.173.155.124/; sid:900884449; rev:1;) alert tcp $HOME_NET any -> [191.98.76.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.76.73/; sid:900884415; rev:1;) alert tcp $HOME_NET any -> [197.89.110.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.110.52/; sid:900884414; rev:1;) alert tcp $HOME_NET any -> [193.239.235.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.150/; sid:900884412; rev:1;) alert tcp $HOME_NET any -> [110.36.100.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.100.190/; sid:900884406; rev:1;) alert tcp $HOME_NET any -> [187.137.61.181] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.61.181/; sid:900884401; rev:1;) alert tcp $HOME_NET any -> [61.2.18.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.18.93/; sid:900884399; rev:1;) alert tcp $HOME_NET any -> [41.58.131.24] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.58.131.24/; sid:900884398; rev:1;) alert tcp $HOME_NET any -> [94.66.125.191] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.66.125.191/; sid:900884395; rev:1;) alert tcp $HOME_NET any -> [122.164.27.233] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.164.27.233/; sid:900884394; rev:1;) alert tcp $HOME_NET any -> [119.15.153.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.15.153.237/; sid:900884392; rev:1;) alert tcp $HOME_NET any -> [105.226.64.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.64.153/; sid:900884387; rev:1;) alert tcp $HOME_NET any -> [115.84.147.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.84.147.62/; sid:900884386; rev:1;) alert tcp $HOME_NET any -> [189.223.228.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.228.181/; sid:900884385; rev:1;) alert tcp $HOME_NET any -> [142.113.61.10] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.113.61.10/; sid:900879773; rev:1;) alert tcp $HOME_NET any -> [118.174.139.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.139.50/; sid:900879772; rev:1;) alert tcp $HOME_NET any -> [24.219.3.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.155/; sid:900879769; rev:1;) alert tcp $HOME_NET any -> [181.29.101.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.101.13/; sid:900879765; rev:1;) alert tcp $HOME_NET any -> [181.31.67.191] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.67.191/; sid:900879762; rev:1;) alert tcp $HOME_NET any -> [115.74.214.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.74.214.134/; sid:900879758; rev:1;) alert tcp $HOME_NET any -> [45.33.35.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.35.103/; sid:900879749; rev:1;) alert tcp $HOME_NET any -> [65.49.60.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.49.60.163/; sid:900879748; rev:1;) alert tcp $HOME_NET any -> [190.51.0.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.0.48/; sid:900879747; rev:1;) alert tcp $HOME_NET any -> [186.146.115.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.115.151/; sid:900879746; rev:1;) alert tcp $HOME_NET any -> [186.176.19.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.19.109/; sid:900879745; rev:1;) alert tcp $HOME_NET any -> [96.64.191.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.191.13/; sid:900879648; rev:1;) alert tcp $HOME_NET any -> [190.186.70.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.70.146/; sid:900879645; rev:1;) alert tcp $HOME_NET any -> [217.165.84.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.98/; sid:900879641; rev:1;) alert tcp $HOME_NET any -> [50.250.136.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.250.136.225/; sid:900879639; rev:1;) alert tcp $HOME_NET any -> [187.234.36.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.234.36.129/; sid:900879628; rev:1;) alert tcp $HOME_NET any -> [177.242.214.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.214.30/; sid:900879196; rev:1;) alert tcp $HOME_NET any -> [89.211.224.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.224.216/; sid:900879194; rev:1;) alert tcp $HOME_NET any -> [202.148.56.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.148.56.210/; sid:900879192; rev:1;) alert tcp $HOME_NET any -> [59.95.35.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.95.35.76/; sid:900879187; rev:1;) alert tcp $HOME_NET any -> [105.184.109.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.109.189/; sid:900879185; rev:1;) alert tcp $HOME_NET any -> [136.243.117.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.117.85/; sid:900879173; rev:1;) alert tcp $HOME_NET any -> [45.79.72.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.72.132/; sid:900879172; rev:1;) alert tcp $HOME_NET any -> [88.156.97.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.156.97.210/; sid:900879171; rev:1;) alert tcp $HOME_NET any -> [188.221.112.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.221.112.91/; sid:900879170; rev:1;) alert tcp $HOME_NET any -> [109.158.205.99] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.158.205.99/; sid:900879169; rev:1;) alert tcp $HOME_NET any -> [204.184.25.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.150/; sid:900877114; rev:1;) alert tcp $HOME_NET any -> [80.82.62.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.62.9/; sid:900877105; rev:1;) alert tcp $HOME_NET any -> [59.91.30.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.30.53/; sid:900877093; rev:1;) alert tcp $HOME_NET any -> [189.148.145.183] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.148.145.183/; sid:900877092; rev:1;) alert tcp $HOME_NET any -> [201.97.91.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.91.217/; sid:900877091; rev:1;) alert tcp $HOME_NET any -> [41.71.19.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.71.19.150/; sid:900877090; rev:1;) alert tcp $HOME_NET any -> [197.88.12.80] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.12.80/; sid:900872863; rev:1;) alert tcp $HOME_NET any -> [201.138.11.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.138.11.223/; sid:900872859; rev:1;) alert tcp $HOME_NET any -> [187.228.144.250] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.144.250/; sid:900872857; rev:1;) alert tcp $HOME_NET any -> [189.186.208.24] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.208.24/; sid:900872854; rev:1;) alert tcp $HOME_NET any -> [85.104.184.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.184.242/; sid:900872851; rev:1;) alert tcp $HOME_NET any -> [217.165.84.16] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.16/; sid:900872844; rev:1;) alert tcp $HOME_NET any -> [190.230.219.95] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.219.95/; sid:900872838; rev:1;) alert tcp $HOME_NET any -> [61.2.56.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.56.167/; sid:900872837; rev:1;) alert tcp $HOME_NET any -> [105.225.191.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.191.133/; sid:900872836; rev:1;) alert tcp $HOME_NET any -> [88.254.240.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.254.240.194/; sid:900872835; rev:1;) alert tcp $HOME_NET any -> [179.8.124.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.124.11/; sid:900872834; rev:1;) alert tcp $HOME_NET any -> [187.153.103.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.103.175/; sid:900870009; rev:1;) alert tcp $HOME_NET any -> [181.170.93.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.93.38/; sid:900869991; rev:1;) alert tcp $HOME_NET any -> [186.139.160.193] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.160.193/; sid:900869990; rev:1;) alert tcp $HOME_NET any -> [67.206.210.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.206.210.18/; sid:900869988; rev:1;) alert tcp $HOME_NET any -> [190.96.118.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.53/; sid:900869986; rev:1;) alert tcp $HOME_NET any -> [60.49.36.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.49.36.149/; sid:900869016; rev:1;) alert tcp $HOME_NET any -> [174.106.108.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.108.31/; sid:900869015; rev:1;) alert tcp $HOME_NET any -> [27.130.153.101] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.130.153.101/; sid:900869013; rev:1;) alert tcp $HOME_NET any -> [181.92.117.141] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.92.117.141/; sid:900869007; rev:1;) alert tcp $HOME_NET any -> [189.190.169.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.169.221/; sid:900868998; rev:1;) alert tcp $HOME_NET any -> [200.126.225.56] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.225.56/; sid:900868997; rev:1;) alert tcp $HOME_NET any -> [189.159.103.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.103.149/; sid:900868996; rev:1;) alert tcp $HOME_NET any -> [83.110.216.26] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.216.26/; sid:900868995; rev:1;) alert tcp $HOME_NET any -> [192.186.96.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.125/; sid:900868994; rev:1;) alert tcp $HOME_NET any -> [110.169.107.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.169.107.239/; sid:900868992; rev:1;) alert tcp $HOME_NET any -> [197.248.67.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.248.67.226/; sid:900868991; rev:1;) alert tcp $HOME_NET any -> [67.241.81.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.241.81.253/; sid:900868983; rev:1;) alert tcp $HOME_NET any -> [68.191.37.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.191.37.107/; sid:900868981; rev:1;) alert tcp $HOME_NET any -> [62.75.143.100] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.143.100/; sid:900868974; rev:1;) alert tcp $HOME_NET any -> [187.189.210.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.210.143/; sid:900868967; rev:1;) alert tcp $HOME_NET any -> [201.165.102.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.165.102.49/; sid:900868966; rev:1;) alert tcp $HOME_NET any -> [104.2.2.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.2.2.153/; sid:900868965; rev:1;) alert tcp $HOME_NET any -> [190.0.32.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.32.206/; sid:900868964; rev:1;) alert tcp $HOME_NET any -> [190.117.82.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.82.103/; sid:900868963; rev:1;) alert tcp $HOME_NET any -> [89.188.124.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.188.124.145/; sid:900868962; rev:1;) alert tcp $HOME_NET any -> [179.14.2.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.14.2.75/; sid:900868961; rev:1;) alert tcp $HOME_NET any -> [189.154.84.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.84.161/; sid:900868958; rev:1;) alert tcp $HOME_NET any -> [187.198.57.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.57.250/; sid:900868955; rev:1;) alert tcp $HOME_NET any -> [187.214.110.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.214.110.33/; sid:900868953; rev:1;) alert tcp $HOME_NET any -> [190.161.186.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.186.116/; sid:900868952; rev:1;) alert tcp $HOME_NET any -> [103.12.132.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.132.98/; sid:900868951; rev:1;) alert tcp $HOME_NET any -> [187.135.43.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.43.126/; sid:900868943; rev:1;) alert tcp $HOME_NET any -> [190.16.121.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.121.202/; sid:900868940; rev:1;) alert tcp $HOME_NET any -> [190.219.231.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.231.69/; sid:900868934; rev:1;) alert tcp $HOME_NET any -> [201.249.117.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.249.117.123/; sid:900868933; rev:1;) alert tcp $HOME_NET any -> [181.31.182.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.182.138/; sid:900868932; rev:1;) alert tcp $HOME_NET any -> [208.180.217.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.217.173/; sid:900868931; rev:1;) alert tcp $HOME_NET any -> [71.78.158.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.158.190/; sid:900868930; rev:1;) alert tcp $HOME_NET any -> [91.235.129.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.212/; sid:900621681; rev:1;) alert tcp $HOME_NET any -> [207.255.210.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.210.196/; sid:900864679; rev:1;) alert tcp $HOME_NET any -> [173.3.29.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.3.29.123/; sid:900864677; rev:1;) alert tcp $HOME_NET any -> [58.9.168.7] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.9.168.7/; sid:900864675; rev:1;) alert tcp $HOME_NET any -> [106.51.237.174] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.237.174/; sid:900861979; rev:1;) alert tcp $HOME_NET any -> [190.128.26.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.26.2/; sid:900861970; rev:1;) alert tcp $HOME_NET any -> [189.150.218.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.218.69/; sid:900861958; rev:1;) alert tcp $HOME_NET any -> [190.18.153.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.153.249/; sid:900861957; rev:1;) alert tcp $HOME_NET any -> [41.227.243.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.243.107/; sid:900861956; rev:1;) alert tcp $HOME_NET any -> [125.99.106.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.106.225/; sid:900861955; rev:1;) alert tcp $HOME_NET any -> [95.42.189.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.42.189.34/; sid:900861954; rev:1;) alert tcp $HOME_NET any -> [185.142.99.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.46/; sid:900621491; rev:1;) alert tcp $HOME_NET any -> [92.154.101.154] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.101.154/; sid:900852374; rev:1;) alert tcp $HOME_NET any -> [114.79.191.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.191.12/; sid:900852365; rev:1;) alert tcp $HOME_NET any -> [183.82.1.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.1.142/; sid:900852358; rev:1;) alert tcp $HOME_NET any -> [73.217.113.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.217.113.111/; sid:900852357; rev:1;) alert tcp $HOME_NET any -> [66.115.90.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.90.48/; sid:900852356; rev:1;) alert tcp $HOME_NET any -> [24.63.218.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.63.218.229/; sid:900852355; rev:1;) alert tcp $HOME_NET any -> [37.209.252.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.209.252.121/; sid:900852354; rev:1;) alert tcp $HOME_NET any -> [184.95.192.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.95.192.237/; sid:900852338; rev:1;) alert tcp $HOME_NET any -> [181.44.231.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.231.127/; sid:900852334; rev:1;) alert tcp $HOME_NET any -> [176.58.93.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.58.93.123/; sid:900852329; rev:1;) alert tcp $HOME_NET any -> [43.229.62.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.62.186/; sid:900852328; rev:1;) alert tcp $HOME_NET any -> [136.49.87.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.49.87.106/; sid:900852327; rev:1;) alert tcp $HOME_NET any -> [190.18.219.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.219.56/; sid:900852326; rev:1;) alert tcp $HOME_NET any -> [181.118.101.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.101.22/; sid:900852325; rev:1;) alert tcp $HOME_NET any -> [190.104.229.114] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.229.114/; sid:900852324; rev:1;) alert tcp $HOME_NET any -> [154.120.228.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.228.126/; sid:900852323; rev:1;) alert tcp $HOME_NET any -> [184.160.113.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.160.113.4/; sid:900852322; rev:1;) alert tcp $HOME_NET any -> [81.134.59.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.59.36/; sid:900850146; rev:1;) alert tcp $HOME_NET any -> [182.176.184.81] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.184.81/; sid:900850138; rev:1;) alert tcp $HOME_NET any -> [211.63.71.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.71.72/; sid:900849376; rev:1;) alert tcp $HOME_NET any -> [185.191.177.79] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.191.177.79/; sid:900849375; rev:1;) alert tcp $HOME_NET any -> [83.110.80.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.80.67/; sid:900849372; rev:1;) alert tcp $HOME_NET any -> [212.31.106.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.31.106.90/; sid:900849371; rev:1;) alert tcp $HOME_NET any -> [91.92.191.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.191.134/; sid:900849369; rev:1;) alert tcp $HOME_NET any -> [95.128.43.213] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.128.43.213/; sid:900849366; rev:1;) alert tcp $HOME_NET any -> [81.22.137.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.22.137.186/; sid:900849365; rev:1;) alert tcp $HOME_NET any -> [201.146.85.239] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.85.239/; sid:900849360; rev:1;) alert tcp $HOME_NET any -> [203.210.237.200] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.210.237.200/; sid:900849358; rev:1;) alert tcp $HOME_NET any -> [174.93.130.148] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.93.130.148/; sid:900849351; rev:1;) alert tcp $HOME_NET any -> [175.100.138.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.100.138.82/; sid:900849350; rev:1;) alert tcp $HOME_NET any -> [2.50.4.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.159/; sid:900849349; rev:1;) alert tcp $HOME_NET any -> [94.250.55.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.55.138/; sid:900849348; rev:1;) alert tcp $HOME_NET any -> [171.101.196.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.196.138/; sid:900849347; rev:1;) alert tcp $HOME_NET any -> [189.155.72.127] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.72.127/; sid:900848607; rev:1;) alert tcp $HOME_NET any -> [86.42.246.197] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.246.197/; sid:900848599; rev:1;) alert tcp $HOME_NET any -> [181.39.51.243] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.243/; sid:900848597; rev:1;) alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900848585; rev:1;) alert tcp $HOME_NET any -> [104.236.135.119] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.135.119/; sid:900848584; rev:1;) alert tcp $HOME_NET any -> [82.226.163.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.226.163.9/; sid:900848338; rev:1;) alert tcp $HOME_NET any -> [99.243.127.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.243.127.236/; sid:900848329; rev:1;) alert tcp $HOME_NET any -> [74.36.4.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.36.4.206/; sid:900848328; rev:1;) alert tcp $HOME_NET any -> [216.221.73.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.73.45/; sid:900848327; rev:1;) alert tcp $HOME_NET any -> [200.114.142.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.40/; sid:900848326; rev:1;) alert tcp $HOME_NET any -> [181.15.177.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.177.100/; sid:900848325; rev:1;) alert tcp $HOME_NET any -> [181.129.83.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.83.122/; sid:900848324; rev:1;) alert tcp $HOME_NET any -> [181.170.252.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.252.83/; sid:900848323; rev:1;) alert tcp $HOME_NET any -> [59.91.24.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.24.244/; sid:900846717; rev:1;) alert tcp $HOME_NET any -> [187.207.136.230] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.230/; sid:900846716; rev:1;) alert tcp $HOME_NET any -> [95.65.206.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.65.206.248/; sid:900846711; rev:1;) alert tcp $HOME_NET any -> [103.11.82.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.82.67/; sid:900846695; rev:1;) alert tcp $HOME_NET any -> [217.165.126.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.126.204/; sid:900846694; rev:1;) alert tcp $HOME_NET any -> [66.50.29.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.29.185/; sid:900846692; rev:1;) alert tcp $HOME_NET any -> [187.192.60.158] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.60.158/; sid:900841531; rev:1;) alert tcp $HOME_NET any -> [189.236.193.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.193.173/; sid:900841514; rev:1;) alert tcp $HOME_NET any -> [86.42.253.213] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.253.213/; sid:900841513; rev:1;) alert tcp $HOME_NET any -> [187.136.144.197] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.136.144.197/; sid:900841512; rev:1;) alert tcp $HOME_NET any -> [189.155.152.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.152.129/; sid:900841511; rev:1;) alert tcp $HOME_NET any -> [188.48.145.96] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.145.96/; sid:900841510; rev:1;) alert tcp $HOME_NET any -> [189.250.182.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.182.236/; sid:900841509; rev:1;) alert tcp $HOME_NET any -> [186.71.61.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.94/; sid:900841508; rev:1;) alert tcp $HOME_NET any -> [190.48.129.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.48.129.88/; sid:900841507; rev:1;) alert tcp $HOME_NET any -> [105.185.141.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.185.141.205/; sid:900838769; rev:1;) alert tcp $HOME_NET any -> [200.125.222.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.222.34/; sid:900838759; rev:1;) alert tcp $HOME_NET any -> [186.183.141.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.183.141.17/; sid:900838758; rev:1;) alert tcp $HOME_NET any -> [200.123.135.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.135.17/; sid:900838757; rev:1;) alert tcp $HOME_NET any -> [109.194.50.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.194.50.231/; sid:900838755; rev:1;) alert tcp $HOME_NET any -> [201.212.49.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.246/; sid:900834259; rev:1;) alert tcp $HOME_NET any -> [190.112.197.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.112.197.130/; sid:900833960; rev:1;) alert tcp $HOME_NET any -> [186.19.36.126] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.36.126/; sid:900833958; rev:1;) alert tcp $HOME_NET any -> [186.64.175.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.175.137/; sid:900833957; rev:1;) alert tcp $HOME_NET any -> [189.252.15.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.15.206/; sid:900833771; rev:1;) alert tcp $HOME_NET any -> [179.12.193.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.193.156/; sid:900833770; rev:1;) alert tcp $HOME_NET any -> [189.159.143.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.143.134/; sid:900833769; rev:1;) alert tcp $HOME_NET any -> [86.205.224.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.205.224.234/; sid:900833767; rev:1;) alert tcp $HOME_NET any -> [189.189.175.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.175.174/; sid:900833766; rev:1;) alert tcp $HOME_NET any -> [47.202.17.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.202.17.6/; sid:900833765; rev:1;) alert tcp $HOME_NET any -> [174.64.239.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.64.239.8/; sid:900833764; rev:1;) alert tcp $HOME_NET any -> [174.109.4.153] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.109.4.153/; sid:900833738; rev:1;) alert tcp $HOME_NET any -> [200.125.190.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.190.126/; sid:900833737; rev:1;) alert tcp $HOME_NET any -> [204.138.46.166] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.46.166/; sid:900833736; rev:1;) alert tcp $HOME_NET any -> [190.121.143.147] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.121.143.147/; sid:900833735; rev:1;) alert tcp $HOME_NET any -> [82.73.220.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.73.220.225/; sid:900833734; rev:1;) alert tcp $HOME_NET any -> [186.5.100.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.5.100.92/; sid:900833733; rev:1;) alert tcp $HOME_NET any -> [115.75.36.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.75.36.220/; sid:900833732; rev:1;) alert tcp $HOME_NET any -> [63.77.201.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.77.201.245/; sid:900833663; rev:1;) alert tcp $HOME_NET any -> [212.122.71.196] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.122.71.196/; sid:900833653; rev:1;) alert tcp $HOME_NET any -> [190.211.207.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.211.207.11/; sid:900833649; rev:1;) alert tcp $HOME_NET any -> [181.23.229.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.23.229.192/; sid:900833640; rev:1;) alert tcp $HOME_NET any -> [37.210.168.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.168.251/; sid:900833639; rev:1;) alert tcp $HOME_NET any -> [72.161.250.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.161.250.4/; sid:900833638; rev:1;) alert tcp $HOME_NET any -> [189.230.171.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.171.255/; sid:900833637; rev:1;) alert tcp $HOME_NET any -> [201.97.58.156] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.58.156/; sid:900833636; rev:1;) alert tcp $HOME_NET any -> [86.98.222.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.222.202/; sid:900833571; rev:1;) alert tcp $HOME_NET any -> [31.167.109.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.109.122/; sid:900833565; rev:1;) alert tcp $HOME_NET any -> [201.236.95.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.95.82/; sid:900833562; rev:1;) alert tcp $HOME_NET any -> [47.180.177.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.177.96/; sid:900833554; rev:1;) alert tcp $HOME_NET any -> [190.51.51.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.51.93/; sid:900833551; rev:1;) alert tcp $HOME_NET any -> [73.183.131.231] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.183.131.231/; sid:900833549; rev:1;) alert tcp $HOME_NET any -> [201.212.91.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.91.189/; sid:900833546; rev:1;) alert tcp $HOME_NET any -> [173.177.157.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.177.157.7/; sid:900833537; rev:1;) alert tcp $HOME_NET any -> [189.250.145.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.145.98/; sid:900833533; rev:1;) alert tcp $HOME_NET any -> [190.185.241.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.185.241.151/; sid:900833528; rev:1;) alert tcp $HOME_NET any -> [71.43.73.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.73.58/; sid:900833512; rev:1;) alert tcp $HOME_NET any -> [162.104.1.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.104.1.255/; sid:900833511; rev:1;) alert tcp $HOME_NET any -> [24.137.254.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.137.254.148/; sid:900833510; rev:1;) alert tcp $HOME_NET any -> [71.88.106.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.88.106.124/; sid:900833509; rev:1;) alert tcp $HOME_NET any -> [200.116.26.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.26.234/; sid:900833508; rev:1;) alert tcp $HOME_NET any -> [37.44.212.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.195/; sid:900621593; rev:1;) alert tcp $HOME_NET any -> [173.247.238.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.247.238.184/; sid:900621351; rev:1;) alert tcp $HOME_NET any -> [181.57.193.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.10/; sid:900829846; rev:1;) alert tcp $HOME_NET any -> [70.57.82.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.82.196/; sid:900829845; rev:1;) alert tcp $HOME_NET any -> [80.115.91.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.115.91.222/; sid:900829844; rev:1;) alert tcp $HOME_NET any -> [41.220.119.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.119.246/; sid:900829843; rev:1;) alert tcp $HOME_NET any -> [50.80.248.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.248.108/; sid:900829842; rev:1;) alert tcp $HOME_NET any -> [187.233.152.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.152.78/; sid:900829841; rev:1;) alert tcp $HOME_NET any -> [190.146.214.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.214.85/; sid:900829815; rev:1;) alert tcp $HOME_NET any -> [190.15.198.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.198.47/; sid:900829814; rev:1;) alert tcp $HOME_NET any -> [186.3.188.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.188.74/; sid:900829813; rev:1;) alert tcp $HOME_NET any -> [190.117.206.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.206.153/; sid:900829812; rev:1;) alert tcp $HOME_NET any -> [190.146.86.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.86.180/; sid:900829811; rev:1;) alert tcp $HOME_NET any -> [187.207.188.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.188.248/; sid:900829810; rev:1;) alert tcp $HOME_NET any -> [82.78.228.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.228.57/; sid:900829809; rev:1;) alert tcp $HOME_NET any -> [76.168.149.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.149.66/; sid:900828698; rev:1;) alert tcp $HOME_NET any -> [71.182.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.182.128.166/; sid:900828697; rev:1;) alert tcp $HOME_NET any -> [201.239.154.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.154.191/; sid:900828696; rev:1;) alert tcp $HOME_NET any -> [64.9.43.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.9.43.60/; sid:900828695; rev:1;) alert tcp $HOME_NET any -> [64.46.91.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.46.91.165/; sid:900828694; rev:1;) alert tcp $HOME_NET any -> [67.248.56.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.56.82/; sid:900828693; rev:1;) alert tcp $HOME_NET any -> [189.209.217.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.217.49/; sid:900828692; rev:1;) alert tcp $HOME_NET any -> [160.3.238.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.3.238.131/; sid:900828691; rev:1;) alert tcp $HOME_NET any -> [190.97.219.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.219.241/; sid:900828690; rev:1;) alert tcp $HOME_NET any -> [201.220.152.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.152.101/; sid:900828689; rev:1;) alert tcp $HOME_NET any -> [91.205.215.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.57/; sid:900828452; rev:1;) alert tcp $HOME_NET any -> [109.73.52.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.73.52.242/; sid:900828449; rev:1;) alert tcp $HOME_NET any -> [139.59.19.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.19.157/; sid:900828443; rev:1;) alert tcp $HOME_NET any -> [181.228.211.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.211.100/; sid:900828437; rev:1;) alert tcp $HOME_NET any -> [207.134.207.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.207.44/; sid:900828436; rev:1;) alert tcp $HOME_NET any -> [181.40.122.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.40.122.122/; sid:900828435; rev:1;) alert tcp $HOME_NET any -> [152.171.65.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.65.137/; sid:900828434; rev:1;) alert tcp $HOME_NET any -> [181.198.203.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.150/; sid:900828433; rev:1;) alert tcp $HOME_NET any -> [200.113.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.185.229/; sid:900828255; rev:1;) alert tcp $HOME_NET any -> [45.33.49.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.49.124/; sid:900828256; rev:1;) alert tcp $HOME_NET any -> [185.94.252.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.3/; sid:900828251; rev:1;) alert tcp $HOME_NET any -> [108.188.116.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.188.116.179/; sid:900828246; rev:1;) alert tcp $HOME_NET any -> [90.219.97.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.219.97.38/; sid:900828244; rev:1;) alert tcp $HOME_NET any -> [24.243.101.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.101.134/; sid:900828245; rev:1;) alert tcp $HOME_NET any -> [200.50.185.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.185.54/; sid:900828243; rev:1;) alert tcp $HOME_NET any -> [62.217.133.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.217.133.100/; sid:900828241; rev:1;) alert tcp $HOME_NET any -> [70.184.97.144] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.97.144/; sid:900825790; rev:1;) alert tcp $HOME_NET any -> [190.210.3.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.3.93/; sid:900825789; rev:1;) alert tcp $HOME_NET any -> [71.11.157.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.11.157.249/; sid:900825788; rev:1;) alert tcp $HOME_NET any -> [50.246.45.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.246.45.249/; sid:900825787; rev:1;) alert tcp $HOME_NET any -> [181.197.2.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.252/; sid:900825786; rev:1;) alert tcp $HOME_NET any -> [64.87.26.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.17/; sid:900825544; rev:1;) alert tcp $HOME_NET any -> [94.183.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.129.173/; sid:900825541; rev:1;) alert tcp $HOME_NET any -> [182.180.92.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.92.102/; sid:900825540; rev:1;) alert tcp $HOME_NET any -> [67.209.208.130] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.208.130/; sid:900825539; rev:1;) alert tcp $HOME_NET any -> [187.189.195.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.195.208/; sid:900825538; rev:1;) alert tcp $HOME_NET any -> [86.239.117.57] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.239.117.57/; sid:900825537; rev:1;) alert tcp $HOME_NET any -> [103.39.131.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.39.131.88/; sid:900825536; rev:1;) alert tcp $HOME_NET any -> [45.36.20.17] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.20.17/; sid:900825535; rev:1;) alert tcp $HOME_NET any -> [201.192.156.113] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.156.113/; sid:900823324; rev:1;) alert tcp $HOME_NET any -> [187.188.83.52] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.83.52/; sid:900823303; rev:1;) alert tcp $HOME_NET any -> [186.179.80.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.99/; sid:900823302; rev:1;) alert tcp $HOME_NET any -> [69.2.162.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.2.162.139/; sid:900823301; rev:1;) alert tcp $HOME_NET any -> [27.72.113.79] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.113.79/; sid:900823300; rev:1;) alert tcp $HOME_NET any -> [70.15.236.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.236.247/; sid:900823299; rev:1;) alert tcp $HOME_NET any -> [58.171.215.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.215.214/; sid:900823298; rev:1;) alert tcp $HOME_NET any -> [211.63.34.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.34.183/; sid:900823297; rev:1;) alert tcp $HOME_NET any -> [174.56.47.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.47.59/; sid:900823296; rev:1;) alert tcp $HOME_NET any -> [201.253.238.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.253.238.50/; sid:900823295; rev:1;) alert tcp $HOME_NET any -> [213.107.110.253] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.253/; sid:900823268; rev:1;) alert tcp $HOME_NET any -> [105.224.170.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.35/; sid:900823267; rev:1;) alert tcp $HOME_NET any -> [190.85.38.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.38.226/; sid:900823266; rev:1;) alert tcp $HOME_NET any -> [190.92.48.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.48.253/; sid:900823265; rev:1;) alert tcp $HOME_NET any -> [186.15.83.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.83.52/; sid:900823264; rev:1;) alert tcp $HOME_NET any -> [190.193.141.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.141.52/; sid:900823263; rev:1;) alert tcp $HOME_NET any -> [181.61.221.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.221.146/; sid:900813557; rev:1;) alert tcp $HOME_NET any -> [70.57.24.230] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.24.230/; sid:900813556; rev:1;) alert tcp $HOME_NET any -> [89.211.193.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.193.18/; sid:900813555; rev:1;) alert tcp $HOME_NET any -> [70.28.22.105] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.22.105/; sid:900813554; rev:1;) alert tcp $HOME_NET any -> [178.78.64.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.78.64.80/; sid:900813553; rev:1;) alert tcp $HOME_NET any -> [64.13.225.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.13.225.150/; sid:900813371; rev:1;) alert tcp $HOME_NET any -> [87.106.139.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.139.101/; sid:900813379; rev:1;) alert tcp $HOME_NET any -> [187.176.44.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.44.226/; sid:900813367; rev:1;) alert tcp $HOME_NET any -> [85.104.59.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.59.244/; sid:900813366; rev:1;) alert tcp $HOME_NET any -> [175.107.228.236] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.228.236/; sid:900813365; rev:1;) alert tcp $HOME_NET any -> [206.53.93.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.53.93.6/; sid:900813364; rev:1;) alert tcp $HOME_NET any -> [186.43.57.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.57.143/; sid:900813363; rev:1;) alert tcp $HOME_NET any -> [62.151.17.5] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.5/; sid:900813362; rev:1;) alert tcp $HOME_NET any -> [186.4.234.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.234.27/; sid:900813361; rev:1;) alert tcp $HOME_NET any -> [37.44.212.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.94/; sid:900621820; rev:1;) alert tcp $HOME_NET any -> [189.151.39.229] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.39.229/; sid:900810453; rev:1;) alert tcp $HOME_NET any -> [24.234.249.226] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.249.226/; sid:900810452; rev:1;) alert tcp $HOME_NET any -> [200.51.94.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.51.94.251/; sid:900810451; rev:1;) alert tcp $HOME_NET any -> [186.177.30.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.30.6/; sid:900810450; rev:1;) alert tcp $HOME_NET any -> [190.108.216.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.216.107/; sid:900810229; rev:1;) alert tcp $HOME_NET any -> [103.209.65.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.65.42/; sid:900810228; rev:1;) alert tcp $HOME_NET any -> [24.61.139.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.61.139.70/; sid:900810227; rev:1;) alert tcp $HOME_NET any -> [110.172.188.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.120/; sid:900810226; rev:1;) alert tcp $HOME_NET any -> [41.57.104.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.104.182/; sid:900810225; rev:1;) alert tcp $HOME_NET any -> [201.220.83.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.83.133/; sid:900806095; rev:1;) alert tcp $HOME_NET any -> [75.104.218.201] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.104.218.201/; sid:900806091; rev:1;) alert tcp $HOME_NET any -> [187.142.0.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.0.234/; sid:900806089; rev:1;) alert tcp $HOME_NET any -> [177.242.51.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.51.8/; sid:900806080; rev:1;) alert tcp $HOME_NET any -> [186.43.207.22] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.207.22/; sid:900806074; rev:1;) alert tcp $HOME_NET any -> [186.113.255.229] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.255.229/; sid:900806073; rev:1;) alert tcp $HOME_NET any -> [189.156.39.161] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.39.161/; sid:900806072; rev:1;) alert tcp $HOME_NET any -> [187.209.46.240] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.46.240/; sid:900806071; rev:1;) alert tcp $HOME_NET any -> [189.153.60.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.60.187/; sid:900806070; rev:1;) alert tcp $HOME_NET any -> [199.36.199.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.36.199.104/; sid:900806069; rev:1;) alert tcp $HOME_NET any -> [40.134.64.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.64.58/; sid:900806068; rev:1;) alert tcp $HOME_NET any -> [186.86.199.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.199.79/; sid:900806067; rev:1;) alert tcp $HOME_NET any -> [181.209.169.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.209.169.123/; sid:900806066; rev:1;) alert tcp $HOME_NET any -> [190.46.30.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.46.30.14/; sid:900806065; rev:1;) alert tcp $HOME_NET any -> [71.224.174.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.224.174.17/; sid:900805958; rev:1;) alert tcp $HOME_NET any -> [182.184.72.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.72.199/; sid:900805956; rev:1;) alert tcp $HOME_NET any -> [133.242.156.30] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.156.30/; sid:900805948; rev:1;) alert tcp $HOME_NET any -> [203.143.86.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.143.86.111/; sid:900805947; rev:1;) alert tcp $HOME_NET any -> [213.191.168.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.168.93/; sid:900805946; rev:1;) alert tcp $HOME_NET any -> [88.225.223.211] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.223.211/; sid:900805945; rev:1;) alert tcp $HOME_NET any -> [189.141.175.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.175.53/; sid:900805944; rev:1;) alert tcp $HOME_NET any -> [201.119.12.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.119.12.225/; sid:900805943; rev:1;) alert tcp $HOME_NET any -> [189.154.126.105] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.126.105/; sid:900805942; rev:1;) alert tcp $HOME_NET any -> [94.200.157.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.157.250/; sid:900805941; rev:1;) alert tcp $HOME_NET any -> [66.115.86.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.86.249/; sid:900805940; rev:1;) alert tcp $HOME_NET any -> [70.119.86.15] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.86.15/; sid:900805939; rev:1;) alert tcp $HOME_NET any -> [103.101.59.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.59.2/; sid:900805938; rev:1;) alert tcp $HOME_NET any -> [189.142.143.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.142.143.187/; sid:900805937; rev:1;) alert tcp $HOME_NET any -> [200.55.136.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.136.2/; sid:900805913; rev:1;) alert tcp $HOME_NET any -> [23.240.26.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.240.26.210/; sid:900805909; rev:1;) alert tcp $HOME_NET any -> [190.117.51.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.51.248/; sid:900805908; rev:1;) alert tcp $HOME_NET any -> [181.16.4.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.4.180/; sid:900805907; rev:1;) alert tcp $HOME_NET any -> [164.77.138.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.77.138.194/; sid:900805906; rev:1;) alert tcp $HOME_NET any -> [104.33.204.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.204.83/; sid:900805905; rev:1;) alert tcp $HOME_NET any -> [80.167.67.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.167.67.247/; sid:900804195; rev:1;) alert tcp $HOME_NET any -> [110.93.230.101] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.230.101/; sid:900804194; rev:1;) alert tcp $HOME_NET any -> [118.32.221.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.32.221.23/; sid:900803752; rev:1;) alert tcp $HOME_NET any -> [78.188.105.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.105.159/; sid:900803749; rev:1;) alert tcp $HOME_NET any -> [41.87.168.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.87.168.158/; sid:900803744; rev:1;) alert tcp $HOME_NET any -> [42.115.105.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.105.246/; sid:900803738; rev:1;) alert tcp $HOME_NET any -> [103.107.27.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.27.129/; sid:900803737; rev:1;) alert tcp $HOME_NET any -> [59.103.164.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.103.164.174/; sid:900803736; rev:1;) alert tcp $HOME_NET any -> [103.224.157.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.157.244/; sid:900803735; rev:1;) alert tcp $HOME_NET any -> [103.53.44.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.20/; sid:900803734; rev:1;) alert tcp $HOME_NET any -> [111.91.71.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.91.71.164/; sid:900803733; rev:1;) alert tcp $HOME_NET any -> [217.165.127.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.223/; sid:900803732; rev:1;) alert tcp $HOME_NET any -> [71.91.105.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.105.254/; sid:900803731; rev:1;) alert tcp $HOME_NET any -> [97.123.191.36] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.123.191.36/; sid:900803730; rev:1;) alert tcp $HOME_NET any -> [189.188.140.179] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.188.140.179/; sid:900803618; rev:1;) alert tcp $HOME_NET any -> [186.23.186.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.186.99/; sid:900803610; rev:1;) alert tcp $HOME_NET any -> [143.0.245.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.245.169/; sid:900803609; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900803608; rev:1;) alert tcp $HOME_NET any -> [190.111.215.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.2/; sid:900803607; rev:1;) alert tcp $HOME_NET any -> [201.213.72.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.72.74/; sid:900803606; rev:1;) alert tcp $HOME_NET any -> [190.188.207.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.207.72/; sid:900803605; rev:1;) alert tcp $HOME_NET any -> [201.251.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.12.153/; sid:900803604; rev:1;) alert tcp $HOME_NET any -> [201.184.224.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.224.178/; sid:900803603; rev:1;) alert tcp $HOME_NET any -> [95.44.198.249] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.44.198.249/; sid:900803602; rev:1;) alert tcp $HOME_NET any -> [74.56.155.43] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.155.43/; sid:900803601; rev:1;) alert tcp $HOME_NET any -> [190.117.202.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.202.39/; sid:900801075; rev:1;) alert tcp $HOME_NET any -> [201.233.19.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.233.19.23/; sid:900801070; rev:1;) alert tcp $HOME_NET any -> [209.217.209.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.217.209.214/; sid:900801067; rev:1;) alert tcp $HOME_NET any -> [75.149.91.249] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.149.91.249/; sid:900801063; rev:1;) alert tcp $HOME_NET any -> [181.140.37.228] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.37.228/; sid:900801057; rev:1;) alert tcp $HOME_NET any -> [201.231.209.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.209.16/; sid:900801056; rev:1;) alert tcp $HOME_NET any -> [216.8.171.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.171.214/; sid:900801055; rev:1;) alert tcp $HOME_NET any -> [117.218.17.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.17.6/; sid:900801054; rev:1;) alert tcp $HOME_NET any -> [190.47.158.127] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.158.127/; sid:900801053; rev:1;) alert tcp $HOME_NET any -> [200.116.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.70.135/; sid:900801052; rev:1;) alert tcp $HOME_NET any -> [60.254.45.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.45.78/; sid:900801051; rev:1;) alert tcp $HOME_NET any -> [96.20.94.194] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.94.194/; sid:900801050; rev:1;) alert tcp $HOME_NET any -> [181.175.60.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.60.255/; sid:900801049; rev:1;) alert tcp $HOME_NET any -> [152.168.211.207] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.211.207/; sid:900801048; rev:1;) alert tcp $HOME_NET any -> [190.131.155.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.155.107/; sid:900795350; rev:1;) alert tcp $HOME_NET any -> [87.75.117.133] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.75.117.133/; sid:900795346; rev:1;) alert tcp $HOME_NET any -> [85.164.23.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.164.23.34/; sid:900795340; rev:1;) alert tcp $HOME_NET any -> [116.58.22.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.22.75/; sid:900795334; rev:1;) alert tcp $HOME_NET any -> [200.125.28.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.28.214/; sid:900795329; rev:1;) alert tcp $HOME_NET any -> [192.250.16.124] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.250.16.124/; sid:900795328; rev:1;) alert tcp $HOME_NET any -> [98.144.73.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.73.193/; sid:900795327; rev:1;) alert tcp $HOME_NET any -> [187.163.222.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.222.244/; sid:900795326; rev:1;) alert tcp $HOME_NET any -> [190.77.126.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.77.126.30/; sid:900795325; rev:1;) alert tcp $HOME_NET any -> [74.95.133.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.95.133.5/; sid:900795324; rev:1;) alert tcp $HOME_NET any -> [2.50.177.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.177.244/; sid:900795323; rev:1;) alert tcp $HOME_NET any -> [190.219.182.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.182.18/; sid:900795322; rev:1;) alert tcp $HOME_NET any -> [186.71.61.92] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.92/; sid:900795321; rev:1;) alert tcp $HOME_NET any -> [108.58.73.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.58.73.115/; sid:900795320; rev:1;) alert tcp $HOME_NET any -> [104.220.134.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.134.222/; sid:900795095; rev:1;) alert tcp $HOME_NET any -> [104.58.17.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.58.17.163/; sid:900795093; rev:1;) alert tcp $HOME_NET any -> [173.164.202.129] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.164.202.129/; sid:900795092; rev:1;) alert tcp $HOME_NET any -> [74.195.15.29] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.195.15.29/; sid:900795091; rev:1;) alert tcp $HOME_NET any -> [71.215.247.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.215.247.43/; sid:900795090; rev:1;) alert tcp $HOME_NET any -> [108.51.109.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.109.34/; sid:900795088; rev:1;) alert tcp $HOME_NET any -> [50.192.4.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.4.161/; sid:900795086; rev:1;) alert tcp $HOME_NET any -> [206.15.68.84] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.15.68.84/; sid:900795081; rev:1;) alert tcp $HOME_NET any -> [72.91.227.119] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.91.227.119/; sid:900795079; rev:1;) alert tcp $HOME_NET any -> [181.61.253.171] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.171/; sid:900795077; rev:1;) alert tcp $HOME_NET any -> [108.183.160.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.183.160.57/; sid:900795076; rev:1;) alert tcp $HOME_NET any -> [70.100.118.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.100.118.224/; sid:900795073; rev:1;) alert tcp $HOME_NET any -> [75.109.110.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.110.102/; sid:900795072; rev:1;) alert tcp $HOME_NET any -> [24.209.31.102] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.209.31.102/; sid:900795070; rev:1;) alert tcp $HOME_NET any -> [70.91.215.57] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.91.215.57/; sid:900795071; rev:1;) alert tcp $HOME_NET any -> [104.129.188.170] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.188.170/; sid:900795069; rev:1;) alert tcp $HOME_NET any -> [67.42.71.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.42.71.66/; sid:900795068; rev:1;) alert tcp $HOME_NET any -> [70.119.159.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.159.214/; sid:900795067; rev:1;) alert tcp $HOME_NET any -> [148.103.9.108] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.9.108/; sid:900795066; rev:1;) alert tcp $HOME_NET any -> [187.188.148.16] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.148.16/; sid:900795065; rev:1;) alert tcp $HOME_NET any -> [39.61.49.128] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.49.128/; sid:900795064; rev:1;) alert tcp $HOME_NET any -> [76.73.184.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.73.184.103/; sid:900792660; rev:1;) alert tcp $HOME_NET any -> [70.168.116.204] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.116.204/; sid:900792658; rev:1;) alert tcp $HOME_NET any -> [96.64.59.185] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.59.185/; sid:900792655; rev:1;) alert tcp $HOME_NET any -> [66.57.47.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.47.2/; sid:900792652; rev:1;) alert tcp $HOME_NET any -> [96.56.206.155] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.206.155/; sid:900792653; rev:1;) alert tcp $HOME_NET any -> [88.249.85.118] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.85.118/; sid:900792651; rev:1;) alert tcp $HOME_NET any -> [47.50.17.78] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.17.78/; sid:900792650; rev:1;) alert tcp $HOME_NET any -> [72.132.106.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.132.106.183/; sid:900792649; rev:1;) alert tcp $HOME_NET any -> [73.185.67.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.185.67.141/; sid:900792648; rev:1;) alert tcp $HOME_NET any -> [70.118.9.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.9.166/; sid:900792646; rev:1;) alert tcp $HOME_NET any -> [71.175.108.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.175.108.209/; sid:900792644; rev:1;) alert tcp $HOME_NET any -> [189.236.80.172] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.80.172/; sid:900792641; rev:1;) alert tcp $HOME_NET any -> [192.186.96.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.124/; sid:900792640; rev:1;) alert tcp $HOME_NET any -> [66.115.89.239] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.89.239/; sid:900792639; rev:1;) alert tcp $HOME_NET any -> [189.166.121.19] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.121.19/; sid:900792638; rev:1;) alert tcp $HOME_NET any -> [67.238.131.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.238.131.194/; sid:900792637; rev:1;) alert tcp $HOME_NET any -> [24.232.118.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.118.175/; sid:900792636; rev:1;) alert tcp $HOME_NET any -> [190.47.64.245] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.64.245/; sid:900792635; rev:1;) alert tcp $HOME_NET any -> [24.189.222.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.189.222.181/; sid:900792634; rev:1;) alert tcp $HOME_NET any -> [71.78.24.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.24.146/; sid:900792633; rev:1;) alert tcp $HOME_NET any -> [216.119.181.170] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.119.181.170/; sid:900792632; rev:1;) alert tcp $HOME_NET any -> [70.45.30.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.30.28/; sid:900792183; rev:1;) alert tcp $HOME_NET any -> [132.248.18.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.18.45/; sid:900792182; rev:1;) alert tcp $HOME_NET any -> [70.24.147.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.203/; sid:900792181; rev:1;) alert tcp $HOME_NET any -> [190.110.239.130] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.239.130/; sid:900792177; rev:1;) alert tcp $HOME_NET any -> [68.149.151.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.149.151.102/; sid:900792176; rev:1;) alert tcp $HOME_NET any -> [216.81.19.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.81.19.67/; sid:900792173; rev:1;) alert tcp $HOME_NET any -> [181.39.66.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.66.29/; sid:900792171; rev:1;) alert tcp $HOME_NET any -> [101.187.168.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.168.2/; sid:900792170; rev:1;) alert tcp $HOME_NET any -> [84.45.230.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.45.230.228/; sid:900792169; rev:1;) alert tcp $HOME_NET any -> [181.164.241.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.241.251/; sid:900792168; rev:1;) alert tcp $HOME_NET any -> [187.208.214.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.214.53/; sid:900792167; rev:1;) alert tcp $HOME_NET any -> [187.232.31.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.31.68/; sid:900792166; rev:1;) alert tcp $HOME_NET any -> [187.153.217.39] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.217.39/; sid:900792165; rev:1;) alert tcp $HOME_NET any -> [189.236.96.21] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.96.21/; sid:900792161; rev:1;) alert tcp $HOME_NET any -> [105.227.228.7] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.228.7/; sid:900792160; rev:1;) alert tcp $HOME_NET any -> [187.209.66.50] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.66.50/; sid:900792159; rev:1;) alert tcp $HOME_NET any -> [181.30.61.163] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900792158; rev:1;) alert tcp $HOME_NET any -> [190.47.153.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.153.46/; sid:900792157; rev:1;) alert tcp $HOME_NET any -> [187.146.243.126] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.243.126/; sid:900792156; rev:1;) alert tcp $HOME_NET any -> [189.135.82.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.82.225/; sid:900792155; rev:1;) alert tcp $HOME_NET any -> [197.232.52.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.52.70/; sid:900792154; rev:1;) alert tcp $HOME_NET any -> [190.159.143.96] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.159.143.96/; sid:900792153; rev:1;) alert tcp $HOME_NET any -> [201.142.199.76] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.199.76/; sid:900792152; rev:1;) alert tcp $HOME_NET any -> [173.76.44.152] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.76.44.152/; sid:900790999; rev:1;) alert tcp $HOME_NET any -> [181.143.53.227] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.53.227/; sid:900790998; rev:1;) alert tcp $HOME_NET any -> [24.11.67.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.11.67.222/; sid:900790997; rev:1;) alert tcp $HOME_NET any -> [74.80.16.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.80.16.10/; sid:900790996; rev:1;) alert tcp $HOME_NET any -> [73.124.73.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.124.73.90/; sid:900790995; rev:1;) alert tcp $HOME_NET any -> [172.114.175.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.175.156/; sid:900790994; rev:1;) alert tcp $HOME_NET any -> [154.72.75.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.72.75.82/; sid:900790988; rev:1;) alert tcp $HOME_NET any -> [189.234.165.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.165.149/; sid:900790987; rev:1;) alert tcp $HOME_NET any -> [98.157.215.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.215.153/; sid:900790985; rev:1;) alert tcp $HOME_NET any -> [181.119.30.27] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.27/; sid:900790983; rev:1;) alert tcp $HOME_NET any -> [216.49.114.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.49.114.172/; sid:900790981; rev:1;) alert tcp $HOME_NET any -> [69.136.227.134] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.136.227.134/; sid:900790980; rev:1;) alert tcp $HOME_NET any -> [190.215.53.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.215.53.85/; sid:900790977; rev:1;) alert tcp $HOME_NET any -> [71.240.202.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.240.202.13/; sid:900790976; rev:1;) alert tcp $HOME_NET any -> [186.179.243.7] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.243.7/; sid:900790975; rev:1;) alert tcp $HOME_NET any -> [5.107.161.71] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.161.71/; sid:900790974; rev:1;) alert tcp $HOME_NET any -> [50.224.156.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.224.156.190/; sid:900790973; rev:1;) alert tcp $HOME_NET any -> [5.107.250.192] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.250.192/; sid:900790972; rev:1;) alert tcp $HOME_NET any -> [187.233.136.39] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.136.39/; sid:900790971; rev:1;) alert tcp $HOME_NET any -> [175.101.79.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.79.120/; sid:900790970; rev:1;) alert tcp $HOME_NET any -> [70.164.196.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.196.211/; sid:900790969; rev:1;) alert tcp $HOME_NET any -> [71.91.161.118] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.161.118/; sid:900790968; rev:1;) alert tcp $HOME_NET any -> [182.76.6.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.76.6.2/; sid:900790070; rev:1;) alert tcp $HOME_NET any -> [46.197.87.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.197.87.227/; sid:900790065; rev:1;) alert tcp $HOME_NET any -> [181.39.51.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.242/; sid:900790061; rev:1;) alert tcp $HOME_NET any -> [78.189.143.75] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.143.75/; sid:900790053; rev:1;) alert tcp $HOME_NET any -> [213.119.28.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.119.28.126/; sid:900790052; rev:1;) alert tcp $HOME_NET any -> [190.220.33.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.33.82/; sid:900790049; rev:1;) alert tcp $HOME_NET any -> [51.77.108.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.108.93/; sid:900790047; rev:1;) alert tcp $HOME_NET any -> [50.45.208.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.45.208.50/; sid:900790045; rev:1;) alert tcp $HOME_NET any -> [173.21.26.90] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.26.90/; sid:900790044; rev:1;) alert tcp $HOME_NET any -> [201.239.126.253] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.126.253/; sid:900789846; rev:1;) alert tcp $HOME_NET any -> [117.218.253.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.253.157/; sid:900789845; rev:1;) alert tcp $HOME_NET any -> [47.157.230.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.230.41/; sid:900789841; rev:1;) alert tcp $HOME_NET any -> [66.228.228.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.228.211/; sid:900789835; rev:1;) alert tcp $HOME_NET any -> [208.189.3.60] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.189.3.60/; sid:900789832; rev:1;) alert tcp $HOME_NET any -> [70.30.252.174] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.30.252.174/; sid:900789831; rev:1;) alert tcp $HOME_NET any -> [117.4.245.5] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.245.5/; sid:900789828; rev:1;) alert tcp $HOME_NET any -> [201.156.42.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.156.42.238/; sid:900789826; rev:1;) alert tcp $HOME_NET any -> [189.154.100.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.100.228/; sid:900789820; rev:1;) alert tcp $HOME_NET any -> [97.121.198.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.121.198.2/; sid:900789819; rev:1;) alert tcp $HOME_NET any -> [190.248.133.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.248.133.18/; sid:900789818; rev:1;) alert tcp $HOME_NET any -> [190.144.66.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.66.30/; sid:900789814; rev:1;) alert tcp $HOME_NET any -> [189.208.239.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.239.98/; sid:900789808; rev:1;) alert tcp $HOME_NET any -> [186.138.205.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.205.189/; sid:900789793; rev:1;) alert tcp $HOME_NET any -> [173.248.147.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.248.147.186/; sid:900789792; rev:1;) alert tcp $HOME_NET any -> [184.161.177.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.161.177.223/; sid:900789791; rev:1;) alert tcp $HOME_NET any -> [105.225.179.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.179.102/; sid:900789790; rev:1;) alert tcp $HOME_NET any -> [186.96.198.72] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.198.72/; sid:900789789; rev:1;) alert tcp $HOME_NET any -> [70.28.3.120] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.3.120/; sid:900789788; rev:1;) alert tcp $HOME_NET any -> [201.220.140.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.140.190/; sid:900789787; rev:1;) alert tcp $HOME_NET any -> [190.171.105.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.105.158/; sid:900789786; rev:1;) alert tcp $HOME_NET any -> [187.201.31.46] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.201.31.46/; sid:900789785; rev:1;) alert tcp $HOME_NET any -> [85.105.215.241] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.215.241/; sid:900789784; rev:1;) alert tcp $HOME_NET any -> [181.164.25.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.25.28/; sid:900787002; rev:1;) alert tcp $HOME_NET any -> [200.116.200.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.200.136/; sid:900787001; rev:1;) alert tcp $HOME_NET any -> [190.186.110.202] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.110.202/; sid:900786999; rev:1;) alert tcp $HOME_NET any -> [50.195.236.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.195.236.117/; sid:900786996; rev:1;) alert tcp $HOME_NET any -> [104.200.80.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.200.80.44/; sid:900786995; rev:1;) alert tcp $HOME_NET any -> [69.170.237.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.170.237.82/; sid:900786991; rev:1;) alert tcp $HOME_NET any -> [187.146.255.151] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.255.151/; sid:900786989; rev:1;) alert tcp $HOME_NET any -> [24.194.252.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.194.252.25/; sid:900786987; rev:1;) alert tcp $HOME_NET any -> [116.58.87.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.87.8/; sid:900786981; rev:1;) alert tcp $HOME_NET any -> [181.15.224.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.224.57/; sid:900786973; rev:1;) alert tcp $HOME_NET any -> [184.101.191.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.101.191.86/; sid:900786972; rev:1;) alert tcp $HOME_NET any -> [108.190.34.69] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.34.69/; sid:900786946; rev:1;) alert tcp $HOME_NET any -> [96.234.162.118] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.162.118/; sid:900786943; rev:1;) alert tcp $HOME_NET any -> [75.97.212.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.97.212.250/; sid:900786937; rev:1;) alert tcp $HOME_NET any -> [107.13.149.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.149.212/; sid:900786933; rev:1;) alert tcp $HOME_NET any -> [47.187.38.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.38.245/; sid:900786917; rev:1;) alert tcp $HOME_NET any -> [2.96.48.32] 56056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.96.48.32/; sid:900784987; rev:1;) alert tcp $HOME_NET any -> [208.82.45.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.82.45.8/; sid:900781563; rev:1;) alert tcp $HOME_NET any -> [72.214.54.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.214.54.39/; sid:900781553; rev:1;) alert tcp $HOME_NET any -> [201.151.157.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.151.157.61/; sid:900781552; rev:1;) alert tcp $HOME_NET any -> [71.7.15.240] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.7.15.240/; sid:900781541; rev:1;) alert tcp $HOME_NET any -> [208.107.52.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.52.29/; sid:900781540; rev:1;) alert tcp $HOME_NET any -> [189.225.165.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.165.11/; sid:900781537; rev:1;) alert tcp $HOME_NET any -> [97.100.88.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.100.88.65/; sid:900781533; rev:1;) alert tcp $HOME_NET any -> [24.173.121.154] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.173.121.154/; sid:900781532; rev:1;) alert tcp $HOME_NET any -> [174.96.7.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.7.155/; sid:900781530; rev:1;) alert tcp $HOME_NET any -> [169.0.85.74] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.85.74/; sid:900781528; rev:1;) alert tcp $HOME_NET any -> [50.80.9.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.9.93/; sid:900781526; rev:1;) alert tcp $HOME_NET any -> [187.151.226.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.151.226.219/; sid:900781522; rev:1;) alert tcp $HOME_NET any -> [64.87.26.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.16/; sid:900781517; rev:1;) alert tcp $HOME_NET any -> [174.79.240.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.79.240.46/; sid:900781515; rev:1;) alert tcp $HOME_NET any -> [70.55.70.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.230/; sid:900781514; rev:1;) alert tcp $HOME_NET any -> [189.163.137.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.137.10/; sid:900781513; rev:1;) alert tcp $HOME_NET any -> [68.192.249.20] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.192.249.20/; sid:900780601; rev:1;) alert tcp $HOME_NET any -> [75.69.2.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.69.2.222/; sid:900780600; rev:1;) alert tcp $HOME_NET any -> [190.40.100.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.40.100.7/; sid:900780594; rev:1;) alert tcp $HOME_NET any -> [189.222.174.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.174.85/; sid:900780591; rev:1;) alert tcp $HOME_NET any -> [66.57.212.114] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.212.114/; sid:900780589; rev:1;) alert tcp $HOME_NET any -> [207.119.180.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.119.180.154/; sid:900780588; rev:1;) alert tcp $HOME_NET any -> [184.186.222.145] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.222.145/; sid:900780586; rev:1;) alert tcp $HOME_NET any -> [75.164.190.148] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.164.190.148/; sid:900780575; rev:1;) alert tcp $HOME_NET any -> [138.94.252.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.94.252.226/; sid:900780574; rev:1;) alert tcp $HOME_NET any -> [64.17.83.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.17.83.46/; sid:900780569; rev:1;) alert tcp $HOME_NET any -> [108.16.93.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.93.238/; sid:900780549; rev:1;) alert tcp $HOME_NET any -> [54.36.119.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.119.105/; sid:900780548; rev:1;) alert tcp $HOME_NET any -> [187.137.106.175] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.106.175/; sid:900780547; rev:1;) alert tcp $HOME_NET any -> [189.156.244.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.244.117/; sid:900780546; rev:1;) alert tcp $HOME_NET any -> [201.110.114.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.114.161/; sid:900780545; rev:1;) alert tcp $HOME_NET any -> [75.132.60.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.132.60.192/; sid:900780544; rev:1;) alert tcp $HOME_NET any -> [190.180.44.175] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.44.175/; sid:900780543; rev:1;) alert tcp $HOME_NET any -> [201.143.123.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.123.254/; sid:900780542; rev:1;) alert tcp $HOME_NET any -> [184.188.136.215] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.136.215/; sid:900780541; rev:1;) alert tcp $HOME_NET any -> [189.252.59.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.59.243/; sid:900780540; rev:1;) alert tcp $HOME_NET any -> [173.167.83.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.83.97/; sid:900780534; rev:1;) alert tcp $HOME_NET any -> [75.99.239.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.239.150/; sid:900780532; rev:1;) alert tcp $HOME_NET any -> [71.244.183.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.183.150/; sid:900780526; rev:1;) alert tcp $HOME_NET any -> [201.137.255.80] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.255.80/; sid:900780347; rev:1;) alert tcp $HOME_NET any -> [65.29.214.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.214.70/; sid:900780343; rev:1;) alert tcp $HOME_NET any -> [201.137.254.209] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.254.209/; sid:900780341; rev:1;) alert tcp $HOME_NET any -> [47.204.55.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.204.55.229/; sid:900780340; rev:1;) alert tcp $HOME_NET any -> [201.164.251.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.164.251.76/; sid:900780339; rev:1;) alert tcp $HOME_NET any -> [190.194.4.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.4.221/; sid:900780338; rev:1;) alert tcp $HOME_NET any -> [24.201.132.122] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.132.122/; sid:900780337; rev:1;) alert tcp $HOME_NET any -> [181.168.123.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.123.241/; sid:900779931; rev:1;) alert tcp $HOME_NET any -> [72.137.188.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.137.188.42/; sid:900779926; rev:1;) alert tcp $HOME_NET any -> [73.115.132.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.115.132.124/; sid:900779916; rev:1;) alert tcp $HOME_NET any -> [189.130.56.200] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.56.200/; sid:900779910; rev:1;) alert tcp $HOME_NET any -> [186.137.133.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.133.132/; sid:900779909; rev:1;) alert tcp $HOME_NET any -> [186.176.27.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.27.230/; sid:900779908; rev:1;) alert tcp $HOME_NET any -> [24.219.3.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.156/; sid:900779907; rev:1;) alert tcp $HOME_NET any -> [200.27.55.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.27.55.100/; sid:900779906; rev:1;) alert tcp $HOME_NET any -> [71.183.45.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.183.45.61/; sid:900779905; rev:1;) alert tcp $HOME_NET any -> [183.87.87.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.87.73/; sid:900779904; rev:1;) alert tcp $HOME_NET any -> [186.103.141.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.141.250/; sid:900779903; rev:1;) alert tcp $HOME_NET any -> [41.60.202.26] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.202.26/; sid:900779902; rev:1;) alert tcp $HOME_NET any -> [74.59.106.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.106.11/; sid:900779901; rev:1;) alert tcp $HOME_NET any -> [187.153.90.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.90.98/; sid:900779898; rev:1;) alert tcp $HOME_NET any -> [110.36.217.66] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.217.66/; sid:900779880; rev:1;) alert tcp $HOME_NET any -> [12.154.104.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.154.104.17/; sid:900779879; rev:1;) alert tcp $HOME_NET any -> [197.245.16.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.16.149/; sid:900779878; rev:1;) alert tcp $HOME_NET any -> [173.8.8.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.8.73/; sid:900779876; rev:1;) alert tcp $HOME_NET any -> [187.138.90.97] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.90.97/; sid:900779875; rev:1;) alert tcp $HOME_NET any -> [12.235.180.10] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.235.180.10/; sid:900779874; rev:1;) alert tcp $HOME_NET any -> [167.114.210.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.210.191/; sid:900779873; rev:1;) alert tcp $HOME_NET any -> [147.135.210.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.135.210.39/; sid:900779872; rev:1;) alert tcp $HOME_NET any -> [82.65.72.67] 21075 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.65.72.67/; sid:900779167; rev:1;) alert tcp $HOME_NET any -> [67.69.80.83] 16713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.69.80.83/; sid:900779166; rev:1;) alert tcp $HOME_NET any -> [67.166.132.100] 1293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.166.132.100/; sid:900779165; rev:1;) alert tcp $HOME_NET any -> [4.110.106.248] 27424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.248/; sid:900779164; rev:1;) alert tcp $HOME_NET any -> [4.110.106.168] 27344 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.168/; sid:900779163; rev:1;) alert tcp $HOME_NET any -> [4.110.106.88] 27264 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.88/; sid:900779162; rev:1;) alert tcp $HOME_NET any -> [4.110.106.8] 27184 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.8/; sid:900779161; rev:1;) alert tcp $HOME_NET any -> [4.110.105.184] 27104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.105.184/; sid:900779160; rev:1;) alert tcp $HOME_NET any -> [72.22.5.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.22.5.242/; sid:900776791; rev:1;) alert tcp $HOME_NET any -> [78.188.44.240] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.44.240/; sid:900776786; rev:1;) alert tcp $HOME_NET any -> [50.249.129.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.129.30/; sid:900776789; rev:1;) alert tcp $HOME_NET any -> [166.78.243.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.78.243.43/; sid:900776784; rev:1;) alert tcp $HOME_NET any -> [66.169.58.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.169.58.13/; sid:900776783; rev:1;) alert tcp $HOME_NET any -> [24.120.175.91] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.120.175.91/; sid:900776782; rev:1;) alert tcp $HOME_NET any -> [190.83.219.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.83.219.98/; sid:900776778; rev:1;) alert tcp $HOME_NET any -> [172.221.195.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.221.195.97/; sid:900776777; rev:1;) alert tcp $HOME_NET any -> [81.21.87.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.87.18/; sid:900776776; rev:1;) alert tcp $HOME_NET any -> [97.106.81.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.106.81.243/; sid:900776774; rev:1;) alert tcp $HOME_NET any -> [69.124.216.247] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.124.216.247/; sid:900776773; rev:1;) alert tcp $HOME_NET any -> [50.82.84.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.82.84.35/; sid:900776771; rev:1;) alert tcp $HOME_NET any -> [85.96.199.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.199.181/; sid:900776772; rev:1;) alert tcp $HOME_NET any -> [97.76.139.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.76.139.138/; sid:900776770; rev:1;) alert tcp $HOME_NET any -> [69.248.153.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.248.153.50/; sid:900776769; rev:1;) alert tcp $HOME_NET any -> [181.16.135.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.135.40/; sid:900776768; rev:1;) alert tcp $HOME_NET any -> [24.146.210.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.210.108/; sid:900776767; rev:1;) alert tcp $HOME_NET any -> [95.10.12.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.10.12.151/; sid:900775606; rev:1;) alert tcp $HOME_NET any -> [96.60.95.245] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.60.95.245/; sid:900775585; rev:1;) alert tcp $HOME_NET any -> [189.131.93.44] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.93.44/; sid:900775583; rev:1;) alert tcp $HOME_NET any -> [96.47.92.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.47.92.60/; sid:900775581; rev:1;) alert tcp $HOME_NET any -> [216.201.162.158] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900775580; rev:1;) alert tcp $HOME_NET any -> [67.249.245.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.249.245.159/; sid:900775579; rev:1;) alert tcp $HOME_NET any -> [98.0.245.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.245.234/; sid:900775578; rev:1;) alert tcp $HOME_NET any -> [82.14.53.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.14.53.90/; sid:900775577; rev:1;) alert tcp $HOME_NET any -> [66.216.234.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.216.234.131/; sid:900775576; rev:1;) alert tcp $HOME_NET any -> [51.77.109.38] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.109.38/; sid:900775415; rev:1;) alert tcp $HOME_NET any -> [190.34.215.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.215.74/; sid:900775413; rev:1;) alert tcp $HOME_NET any -> [78.186.71.119] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.71.119/; sid:900775411; rev:1;) alert tcp $HOME_NET any -> [75.139.212.94] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.212.94/; sid:900775410; rev:1;) alert tcp $HOME_NET any -> [187.167.66.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.66.31/; sid:900775407; rev:1;) alert tcp $HOME_NET any -> [187.243.193.143] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.193.143/; sid:900775401; rev:1;) alert tcp $HOME_NET any -> [187.153.108.92] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.108.92/; sid:900775399; rev:1;) alert tcp $HOME_NET any -> [189.249.2.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.249.2.181/; sid:900775398; rev:1;) alert tcp $HOME_NET any -> [181.164.188.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.188.27/; sid:900775396; rev:1;) alert tcp $HOME_NET any -> [187.178.89.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.89.60/; sid:900775393; rev:1;) alert tcp $HOME_NET any -> [179.62.226.22] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.226.22/; sid:900775391; rev:1;) alert tcp $HOME_NET any -> [190.55.118.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.118.192/; sid:900775390; rev:1;) alert tcp $HOME_NET any -> [187.137.46.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.46.18/; sid:900775389; rev:1;) alert tcp $HOME_NET any -> [71.174.233.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.174.233.71/; sid:900775388; rev:1;) alert tcp $HOME_NET any -> [200.110.85.138] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.110.85.138/; sid:900775387; rev:1;) alert tcp $HOME_NET any -> [64.32.70.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.32.70.194/; sid:900775386; rev:1;) alert tcp $HOME_NET any -> [187.131.137.216] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.137.216/; sid:900775385; rev:1;) alert tcp $HOME_NET any -> [174.84.250.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.84.250.37/; sid:900775384; rev:1;) alert tcp $HOME_NET any -> [190.183.39.78] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.39.78/; sid:900774805; rev:1;) alert tcp $HOME_NET any -> [118.130.116.170] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.130.116.170/; sid:900774803; rev:1;) alert tcp $HOME_NET any -> [50.93.34.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.93.34.66/; sid:900774802; rev:1;) alert tcp $HOME_NET any -> [61.76.180.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.76.180.18/; sid:900774790; rev:1;) alert tcp $HOME_NET any -> [71.42.166.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.166.139/; sid:900774788; rev:1;) alert tcp $HOME_NET any -> [174.56.183.132] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.183.132/; sid:900774787; rev:1;) alert tcp $HOME_NET any -> [182.23.3.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.3.227/; sid:900774780; rev:1;) alert tcp $HOME_NET any -> [155.186.224.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.186.224.38/; sid:900774777; rev:1;) alert tcp $HOME_NET any -> [67.254.13.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.13.154/; sid:900774776; rev:1;) alert tcp $HOME_NET any -> [115.97.108.67] 115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.97.108.67/; sid:900773687; rev:1;) alert tcp $HOME_NET any -> [173.68.169.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.169.16/; sid:900773518; rev:1;) alert tcp $HOME_NET any -> [201.137.6.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.6.108/; sid:900773502; rev:1;) alert tcp $HOME_NET any -> [186.10.76.19] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.76.19/; sid:900773501; rev:1;) alert tcp $HOME_NET any -> [201.184.67.10] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.67.10/; sid:900773500; rev:1;) alert tcp $HOME_NET any -> [187.163.204.187] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.204.187/; sid:900773499; rev:1;) alert tcp $HOME_NET any -> [210.79.77.131] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.79.77.131/; sid:900773498; rev:1;) alert tcp $HOME_NET any -> [186.42.119.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.119.26/; sid:900773497; rev:1;) alert tcp $HOME_NET any -> [100.35.190.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.190.8/; sid:900772596; rev:1;) alert tcp $HOME_NET any -> [204.197.152.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.197.152.162/; sid:900772594; rev:1;) alert tcp $HOME_NET any -> [38.27.109.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.27.109.250/; sid:900772582; rev:1;) alert tcp $HOME_NET any -> [70.123.237.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.237.77/; sid:900772576; rev:1;) alert tcp $HOME_NET any -> [173.63.66.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.66.10/; sid:900772575; rev:1;) alert tcp $HOME_NET any -> [159.118.77.61] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.118.77.61/; sid:900772574; rev:1;) alert tcp $HOME_NET any -> [86.98.45.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.45.135/; sid:900772573; rev:1;) alert tcp $HOME_NET any -> [67.20.236.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.20.236.21/; sid:900772567; rev:1;) alert tcp $HOME_NET any -> [96.37.137.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.137.42/; sid:900771318; rev:1;) alert tcp $HOME_NET any -> [40.132.40.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.132.40.83/; sid:900771316; rev:1;) alert tcp $HOME_NET any -> [97.96.130.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.96.130.176/; sid:900771315; rev:1;) alert tcp $HOME_NET any -> [24.228.124.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.228.124.151/; sid:900771314; rev:1;) alert tcp $HOME_NET any -> [79.75.233.224] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.75.233.224/; sid:900771311; rev:1;) alert tcp $HOME_NET any -> [184.54.110.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.54.110.31/; sid:900771307; rev:1;) alert tcp $HOME_NET any -> [12.195.47.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.195.47.98/; sid:900771306; rev:1;) alert tcp $HOME_NET any -> [76.94.226.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.226.173/; sid:900771302; rev:1;) alert tcp $HOME_NET any -> [181.1.124.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.1.124.16/; sid:900771301; rev:1;) alert tcp $HOME_NET any -> [98.175.156.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.156.154/; sid:900771296; rev:1;) alert tcp $HOME_NET any -> [47.224.42.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.224.42.17/; sid:900771295; rev:1;) alert tcp $HOME_NET any -> [24.155.49.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.155.49.236/; sid:900771294; rev:1;) alert tcp $HOME_NET any -> [104.228.227.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.228.227.210/; sid:900771293; rev:1;) alert tcp $HOME_NET any -> [50.245.173.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.245.173.58/; sid:900771292; rev:1;) alert tcp $HOME_NET any -> [189.236.235.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.235.73/; sid:900771291; rev:1;) alert tcp $HOME_NET any -> [76.113.130.72] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.113.130.72/; sid:900771290; rev:1;) alert tcp $HOME_NET any -> [63.227.80.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.227.80.10/; sid:900771289; rev:1;) alert tcp $HOME_NET any -> [98.31.4.186] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.31.4.186/; sid:900771288; rev:1;) alert tcp $HOME_NET any -> [70.184.86.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.86.103/; sid:900771287; rev:1;) alert tcp $HOME_NET any -> [110.105.32.115] 24950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.32.115/; sid:900771028; rev:1;) alert tcp $HOME_NET any -> [97.32.111.116] 25443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.111.116/; sid:900771027; rev:1;) alert tcp $HOME_NET any -> [32.115.101.104] 29281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.115.101.104/; sid:900770898; rev:1;) alert tcp $HOME_NET any -> [32.121.116.112] 24941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.121.116.112/; sid:900770897; rev:1;) alert tcp $HOME_NET any -> [46.116.99.101] 2570 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.116.99.101/; sid:900770896; rev:1;) alert tcp $HOME_NET any -> [104.99.116.97] 28448 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.99.116.97/; sid:900770895; rev:1;) alert tcp $HOME_NET any -> [115.110.114.117] 24864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.110.114.117/; sid:900770894; rev:1;) alert tcp $HOME_NET any -> [114.111.116.97] 29216 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.111.116.97/; sid:900770893; rev:1;) alert tcp $HOME_NET any -> [32.101.104.116] 29801 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.104.116/; sid:900770892; rev:1;) alert tcp $HOME_NET any -> [116.97.109.32] 26723 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.97.109.32/; sid:900770891; rev:1;) alert tcp $HOME_NET any -> [32.114.111.70] 24933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.114.111.70/; sid:900770890; rev:1;) alert tcp $HOME_NET any -> [110.105.114.116] 11879 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.114.116/; sid:900770889; rev:1;) alert tcp $HOME_NET any -> [32.32.32.32] 8224 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.32.32.32/; sid:900770888; rev:1;) alert tcp $HOME_NET any -> [116.32.110.105] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.32.110.105/; sid:900770887; rev:1;) alert tcp $HOME_NET any -> [99.116.97.109] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.116.97.109/; sid:900770886; rev:1;) alert tcp $HOME_NET any -> [112.112.97.108] 28265 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.112.97.108/; sid:900770885; rev:1;) alert tcp $HOME_NET any -> [196.131.2.96] 33548 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.2.96/; sid:900770756; rev:1;) alert tcp $HOME_NET any -> [80.82.81.88] 5631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.81.88/; sid:900770755; rev:1;) alert tcp $HOME_NET any -> [200.114.142.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.15/; sid:900770110; rev:1;) alert tcp $HOME_NET any -> [98.238.127.216] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.238.127.216/; sid:900770103; rev:1;) alert tcp $HOME_NET any -> [201.124.46.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.46.8/; sid:900770092; rev:1;) alert tcp $HOME_NET any -> [186.15.180.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.180.71/; sid:900770091; rev:1;) alert tcp $HOME_NET any -> [162.247.42.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.42.61/; sid:900770090; rev:1;) alert tcp $HOME_NET any -> [201.183.238.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.238.18/; sid:900770089; rev:1;) alert tcp $HOME_NET any -> [70.24.147.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.245/; sid:900770087; rev:1;) alert tcp $HOME_NET any -> [189.251.40.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.251.40.71/; sid:900770086; rev:1;) alert tcp $HOME_NET any -> [208.180.246.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.246.147/; sid:900770085; rev:1;) alert tcp $HOME_NET any -> [88.225.226.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.226.91/; sid:900770084; rev:1;) alert tcp $HOME_NET any -> [179.62.48.123] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.48.123/; sid:900770083; rev:1;) alert tcp $HOME_NET any -> [82.218.163.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.218.163.254/; sid:900769510; rev:1;) alert tcp $HOME_NET any -> [71.40.213.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.40.213.82/; sid:900769505; rev:1;) alert tcp $HOME_NET any -> [168.226.35.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.226.35.218/; sid:900769503; rev:1;) alert tcp $HOME_NET any -> [174.96.202.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.202.70/; sid:900769500; rev:1;) alert tcp $HOME_NET any -> [190.85.8.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.155/; sid:900769495; rev:1;) alert tcp $HOME_NET any -> [190.191.218.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.218.44/; sid:900769494; rev:1;) alert tcp $HOME_NET any -> [98.189.192.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.189.192.183/; sid:900769484; rev:1;) alert tcp $HOME_NET any -> [70.118.28.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.28.174/; sid:900769483; rev:1;) alert tcp $HOME_NET any -> [189.147.12.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.12.211/; sid:900769482; rev:1;) alert tcp $HOME_NET any -> [190.92.58.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.58.150/; sid:900769481; rev:1;) alert tcp $HOME_NET any -> [94.155.113.12] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.155.113.12/; sid:900769480; rev:1;) alert tcp $HOME_NET any -> [190.154.155.34] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.155.34/; sid:900769479; rev:1;) alert tcp $HOME_NET any -> [129.24.37.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.24.37.8/; sid:900769475; rev:1;) alert tcp $HOME_NET any -> [50.198.42.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.198.42.246/; sid:900769463; rev:1;) alert tcp $HOME_NET any -> [87.106.210.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.210.123/; sid:900769472; rev:1;) alert tcp $HOME_NET any -> [86.98.217.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.217.63/; sid:900769455; rev:1;) alert tcp $HOME_NET any -> [181.119.30.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.36/; sid:900769454; rev:1;) alert tcp $HOME_NET any -> [181.119.30.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.28/; sid:900769453; rev:1;) alert tcp $HOME_NET any -> [63.116.14.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.116.14.206/; sid:900769452; rev:1;) alert tcp $HOME_NET any -> [216.255.17.231] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.255.17.231/; sid:900769450; rev:1;) alert tcp $HOME_NET any -> [64.19.74.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.74.49/; sid:900769448; rev:1;) alert tcp $HOME_NET any -> [201.122.94.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.122.94.84/; sid:900768773; rev:1;) alert tcp $HOME_NET any -> [186.10.243.34] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.34/; sid:900768772; rev:1;) alert tcp $HOME_NET any -> [123.168.4.66] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.168.4.66/; sid:900768769; rev:1;) alert tcp $HOME_NET any -> [187.148.77.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.77.84/; sid:900768767; rev:1;) alert tcp $HOME_NET any -> [181.56.165.97] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.165.97/; sid:900768765; rev:1;) alert tcp $HOME_NET any -> [186.68.100.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.100.2/; sid:900768764; rev:1;) alert tcp $HOME_NET any -> [209.159.244.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.159.244.240/; sid:900768763; rev:1;) alert tcp $HOME_NET any -> [23.233.240.77] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.240.77/; sid:900768761; rev:1;) alert tcp $HOME_NET any -> [190.117.226.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.226.104/; sid:900768758; rev:1;) alert tcp $HOME_NET any -> [194.154.80.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.154.80.106/; sid:900768752; rev:1;) alert tcp $HOME_NET any -> [201.204.44.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.204.44.101/; sid:900768751; rev:1;) alert tcp $HOME_NET any -> [184.15.10.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.15.10.139/; sid:900768750; rev:1;) alert tcp $HOME_NET any -> [70.114.194.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.114.194.228/; sid:900768749; rev:1;) alert tcp $HOME_NET any -> [189.166.103.82] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.103.82/; sid:900768748; rev:1;) alert tcp $HOME_NET any -> [70.177.115.200] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.177.115.200/; sid:900768747; rev:1;) alert tcp $HOME_NET any -> [74.62.89.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.89.170/; sid:900768746; rev:1;) alert tcp $HOME_NET any -> [173.94.53.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.53.3/; sid:900768745; rev:1;) alert tcp $HOME_NET any -> [181.29.214.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.214.233/; sid:900768744; rev:1;) alert tcp $HOME_NET any -> [212.83.51.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.51.248/; sid:900768743; rev:1;) alert tcp $HOME_NET any -> [64.228.72.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.72.40/; sid:900768739; rev:1;) alert tcp $HOME_NET any -> [72.84.179.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.179.218/; sid:900768738; rev:1;) alert tcp $HOME_NET any -> [138.201.140.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.140.110/; sid:900768736; rev:1;) alert tcp $HOME_NET any -> [70.115.70.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.70.154/; sid:900768729; rev:1;) alert tcp $HOME_NET any -> [99.139.140.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.139.140.129/; sid:900768728; rev:1;) alert tcp $HOME_NET any -> [96.20.172.107] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.172.107/; sid:900768726; rev:1;) alert tcp $HOME_NET any -> [68.195.129.139] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.195.129.139/; sid:900768720; rev:1;) alert tcp $HOME_NET any -> [172.98.243.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.98.243.40/; sid:900768719; rev:1;) alert tcp $HOME_NET any -> [24.243.160.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.160.247/; sid:900768718; rev:1;) alert tcp $HOME_NET any -> [66.193.130.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.193.130.13/; sid:900768717; rev:1;) alert tcp $HOME_NET any -> [191.92.83.137] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.83.137/; sid:900768715; rev:1;) alert tcp $HOME_NET any -> [70.116.68.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.116.68.186/; sid:900768716; rev:1;) alert tcp $HOME_NET any -> [71.41.68.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.41.68.158/; sid:900768714; rev:1;) alert tcp $HOME_NET any -> [189.150.140.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.140.28/; sid:900768713; rev:1;) alert tcp $HOME_NET any -> [107.10.49.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.49.252/; sid:900768712; rev:1;) alert tcp $HOME_NET any -> [24.151.31.150] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.151.31.150/; sid:900768711; rev:1;) alert tcp $HOME_NET any -> [187.145.0.129] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.145.0.129/; sid:900768710; rev:1;) alert tcp $HOME_NET any -> [201.212.113.14] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.113.14/; sid:900768708; rev:1;) alert tcp $HOME_NET any -> [90.63.245.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.245.70/; sid:900768707; rev:1;) alert tcp $HOME_NET any -> [66.209.69.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.209.69.165/; sid:900768705; rev:1;) alert tcp $HOME_NET any -> [80.15.172.81] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.172.81/; sid:900768703; rev:1;) alert tcp $HOME_NET any -> [76.94.36.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.36.57/; sid:900768701; rev:1;) alert tcp $HOME_NET any -> [189.173.176.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.176.115/; sid:900768700; rev:1;) alert tcp $HOME_NET any -> [189.183.68.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.68.180/; sid:900768698; rev:1;) alert tcp $HOME_NET any -> [190.96.172.225] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.172.225/; sid:900768695; rev:1;) alert tcp $HOME_NET any -> [75.110.229.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.229.201/; sid:900768692; rev:1;) alert tcp $HOME_NET any -> [74.62.52.222] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.52.222/; sid:900768690; rev:1;) alert tcp $HOME_NET any -> [186.72.205.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.72.205.234/; sid:900768689; rev:1;) alert tcp $HOME_NET any -> [12.6.183.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.6.183.21/; sid:900768688; rev:1;) alert tcp $HOME_NET any -> [74.45.170.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.45.170.110/; sid:900768687; rev:1;) alert tcp $HOME_NET any -> [192.163.199.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.199.254/; sid:900768683; rev:1;) alert tcp $HOME_NET any -> [51.255.50.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.50.164/; sid:900768682; rev:1;) alert tcp $HOME_NET any -> [181.167.251.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.251.10/; sid:900768681; rev:1;) alert tcp $HOME_NET any -> [64.40.163.8] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.163.8/; sid:900768680; rev:1;) alert tcp $HOME_NET any -> [189.178.109.181] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.109.181/; sid:900768679; rev:1;) alert tcp $HOME_NET any -> [99.242.223.226] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.242.223.226/; sid:900768677; rev:1;) alert tcp $HOME_NET any -> [70.64.76.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.76.71/; sid:900768676; rev:1;) alert tcp $HOME_NET any -> [192.92.6.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.92.6.125/; sid:900768674; rev:1;) alert tcp $HOME_NET any -> [24.123.39.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.39.18/; sid:900768671; rev:1;) alert tcp $HOME_NET any -> [24.185.185.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.185.185.187/; sid:900768670; rev:1;) alert tcp $HOME_NET any -> [184.176.38.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.38.146/; sid:900768669; rev:1;) alert tcp $HOME_NET any -> [24.153.169.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.153.169.62/; sid:900768666; rev:1;) alert tcp $HOME_NET any -> [62.75.187.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.187.192/; sid:900768664; rev:1;) alert tcp $HOME_NET any -> [75.99.7.18] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.7.18/; sid:900768662; rev:1;) alert tcp $HOME_NET any -> [133.242.164.31] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.164.31/; sid:900768658; rev:1;) alert tcp $HOME_NET any -> [173.255.250.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.250.241/; sid:900768657; rev:1;) alert tcp $HOME_NET any -> [24.243.123.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.123.25/; sid:900768656; rev:1;) alert tcp $HOME_NET any -> [187.198.33.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.33.171/; sid:900768655; rev:1;) alert tcp $HOME_NET any -> [58.252.57.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.252.57.205/; sid:900768654; rev:1;) alert tcp $HOME_NET any -> [187.137.179.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.179.93/; sid:900768653; rev:1;) alert tcp $HOME_NET any -> [47.23.77.70] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.77.70/; sid:900768652; rev:1;) alert tcp $HOME_NET any -> [137.27.168.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.27.168.194/; sid:900768651; rev:1;) alert tcp $HOME_NET any -> [172.248.21.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.21.6/; sid:900768650; rev:1;) alert tcp $HOME_NET any -> [173.21.116.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.116.239/; sid:900768649; rev:1;) alert tcp $HOME_NET any -> [73.194.61.246] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.194.61.246/; sid:900768648; rev:1;) alert tcp $HOME_NET any -> [73.186.92.178] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.186.92.178/; sid:900768647; rev:1;) alert tcp $HOME_NET any -> [69.34.13.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.34.13.8/; sid:900766417; rev:1;) alert tcp $HOME_NET any -> [50.192.66.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.66.204/; sid:900766416; rev:1;) alert tcp $HOME_NET any -> [71.42.6.29] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.6.29/; sid:900766415; rev:1;) alert tcp $HOME_NET any -> [47.182.88.196] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.182.88.196/; sid:900766414; rev:1;) alert tcp $HOME_NET any -> [70.110.29.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.110.29.159/; sid:900766413; rev:1;) alert tcp $HOME_NET any -> [174.80.166.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.80.166.76/; sid:900766412; rev:1;) alert tcp $HOME_NET any -> [184.21.176.126] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.21.176.126/; sid:900766411; rev:1;) alert tcp $HOME_NET any -> [173.73.83.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.73.83.146/; sid:900766410; rev:1;) alert tcp $HOME_NET any -> [190.75.114.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.114.47/; sid:900765939; rev:1;) alert tcp $HOME_NET any -> [201.192.163.160] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.163.160/; sid:900765938; rev:1;) alert tcp $HOME_NET any -> [181.120.220.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.220.100/; sid:900765937; rev:1;) alert tcp $HOME_NET any -> [190.181.58.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.181.58.202/; sid:900765935; rev:1;) alert tcp $HOME_NET any -> [186.4.127.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.127.72/; sid:900765933; rev:1;) alert tcp $HOME_NET any -> [80.209.136.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.209.136.169/; sid:900765934; rev:1;) alert tcp $HOME_NET any -> [187.147.145.48] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.145.48/; sid:900765932; rev:1;) alert tcp $HOME_NET any -> [189.237.155.109] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.155.109/; sid:900765928; rev:1;) alert tcp $HOME_NET any -> [190.147.42.32] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.42.32/; sid:900765926; rev:1;) alert tcp $HOME_NET any -> [187.153.104.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.104.216/; sid:900765925; rev:1;) alert tcp $HOME_NET any -> [92.27.88.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.88.150/; sid:900765924; rev:1;) alert tcp $HOME_NET any -> [197.83.195.16] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.195.16/; sid:900765921; rev:1;) alert tcp $HOME_NET any -> [5.102.165.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.102.165.159/; sid:900765920; rev:1;) alert tcp $HOME_NET any -> [181.143.18.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.18.91/; sid:900765919; rev:1;) alert tcp $HOME_NET any -> [201.252.219.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.252.219.139/; sid:900765918; rev:1;) alert tcp $HOME_NET any -> [190.201.26.83] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.26.83/; sid:900765916; rev:1;) alert tcp $HOME_NET any -> [187.176.75.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.75.99/; sid:900765915; rev:1;) alert tcp $HOME_NET any -> [189.186.65.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.65.188/; sid:900765912; rev:1;) alert tcp $HOME_NET any -> [201.152.106.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.106.10/; sid:900765911; rev:1;) alert tcp $HOME_NET any -> [200.114.155.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.155.143/; sid:900765910; rev:1;) alert tcp $HOME_NET any -> [181.171.12.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.12.139/; sid:900765909; rev:1;) alert tcp $HOME_NET any -> [201.212.149.191] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.149.191/; sid:900765908; rev:1;) alert tcp $HOME_NET any -> [190.85.71.218] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.71.218/; sid:900765907; rev:1;) alert tcp $HOME_NET any -> [190.96.217.129] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.217.129/; sid:900765905; rev:1;) alert tcp $HOME_NET any -> [157.100.238.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.100.238.225/; sid:900765904; rev:1;) alert tcp $HOME_NET any -> [201.235.149.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.149.157/; sid:900765903; rev:1;) alert tcp $HOME_NET any -> [200.236.100.14] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.100.14/; sid:900765902; rev:1;) alert tcp $HOME_NET any -> [186.138.14.44] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.14.44/; sid:900765899; rev:1;) alert tcp $HOME_NET any -> [78.32.147.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.32.147.100/; sid:900765901; rev:1;) alert tcp $HOME_NET any -> [189.252.169.43] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.169.43/; sid:900765898; rev:1;) alert tcp $HOME_NET any -> [186.146.235.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.235.8/; sid:900765897; rev:1;) alert tcp $HOME_NET any -> [187.162.172.254] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.172.254/; sid:900765896; rev:1;) alert tcp $HOME_NET any -> [181.45.185.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.185.68/; sid:900765895; rev:1;) alert tcp $HOME_NET any -> [189.137.139.190] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.137.139.190/; sid:900765891; rev:1;) alert tcp $HOME_NET any -> [200.77.120.234] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.77.120.234/; sid:900765890; rev:1;) alert tcp $HOME_NET any -> [200.127.229.182] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.229.182/; sid:900765889; rev:1;) alert tcp $HOME_NET any -> [187.207.114.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.114.26/; sid:900765888; rev:1;) alert tcp $HOME_NET any -> [86.4.88.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.4.88.6/; sid:900765887; rev:1;) alert tcp $HOME_NET any -> [201.153.98.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.98.202/; sid:900765886; rev:1;) alert tcp $HOME_NET any -> [201.103.128.207] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.128.207/; sid:900765885; rev:1;) alert tcp $HOME_NET any -> [201.175.70.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.175.70.250/; sid:900765884; rev:1;) alert tcp $HOME_NET any -> [187.207.97.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.97.27/; sid:900765883; rev:1;) alert tcp $HOME_NET any -> [181.143.99.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.99.26/; sid:900765882; rev:1;) alert tcp $HOME_NET any -> [66.130.129.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.130.129.10/; sid:900765591; rev:1;) alert tcp $HOME_NET any -> [2.50.144.32] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.144.32/; sid:900765589; rev:1;) alert tcp $HOME_NET any -> [189.237.108.33] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.108.33/; sid:900765585; rev:1;) alert tcp $HOME_NET any -> [94.76.200.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.76.200.114/; sid:900765579; rev:1;) alert tcp $HOME_NET any -> [212.25.55.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.25.55.70/; sid:900765578; rev:1;) alert tcp $HOME_NET any -> [179.159.20.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.159.20.70/; sid:900765575; rev:1;) alert tcp $HOME_NET any -> [114.143.192.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.192.242/; sid:900765574; rev:1;) alert tcp $HOME_NET any -> [197.44.171.13] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.44.171.13/; sid:900765573; rev:1;) alert tcp $HOME_NET any -> [152.170.155.182] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.155.182/; sid:900765572; rev:1;) alert tcp $HOME_NET any -> [190.213.249.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.213.249.250/; sid:900765569; rev:1;) alert tcp $HOME_NET any -> [2.50.57.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.57.180/; sid:900765570; rev:1;) alert tcp $HOME_NET any -> [83.110.100.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.100.150/; sid:900765568; rev:1;) alert tcp $HOME_NET any -> [181.119.30.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.26/; sid:900765567; rev:1;) alert tcp $HOME_NET any -> [152.231.88.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.88.114/; sid:900765564; rev:1;) alert tcp $HOME_NET any -> [2.50.148.99] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.148.99/; sid:900765565; rev:1;) alert tcp $HOME_NET any -> [105.247.123.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.123.133/; sid:900765562; rev:1;) alert tcp $HOME_NET any -> [187.144.192.126] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.192.126/; sid:900765558; rev:1;) alert tcp $HOME_NET any -> [91.74.62.86] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.62.86/; sid:900765557; rev:1;) alert tcp $HOME_NET any -> [67.223.128.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.223.128.207/; sid:900765552; rev:1;) alert tcp $HOME_NET any -> [189.141.224.222] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.224.222/; sid:900765551; rev:1;) alert tcp $HOME_NET any -> [2.50.28.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.28.190/; sid:900765550; rev:1;) alert tcp $HOME_NET any -> [111.93.37.6] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.93.37.6/; sid:900765547; rev:1;) alert tcp $HOME_NET any -> [187.152.81.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.152.81.36/; sid:900765546; rev:1;) alert tcp $HOME_NET any -> [189.232.16.132] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.232.16.132/; sid:900765545; rev:1;) alert tcp $HOME_NET any -> [153.121.36.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.121.36.202/; sid:900765543; rev:1;) alert tcp $HOME_NET any -> [148.101.130.84] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.101.130.84/; sid:900765542; rev:1;) alert tcp $HOME_NET any -> [181.129.16.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.16.82/; sid:900765541; rev:1;) alert tcp $HOME_NET any -> [189.234.6.229] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.6.229/; sid:900765540; rev:1;) alert tcp $HOME_NET any -> [85.105.145.205] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.145.205/; sid:900765539; rev:1;) alert tcp $HOME_NET any -> [201.137.4.91] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.4.91/; sid:900765538; rev:1;) alert tcp $HOME_NET any -> [189.190.83.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.83.34/; sid:900765537; rev:1;) alert tcp $HOME_NET any -> [187.240.45.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.240.45.54/; sid:900765536; rev:1;) alert tcp $HOME_NET any -> [201.183.239.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.239.117/; sid:900765535; rev:1;) alert tcp $HOME_NET any -> [187.207.136.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.122/; sid:900765534; rev:1;) alert tcp $HOME_NET any -> [191.98.77.181] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.77.181/; sid:900765533; rev:1;) alert tcp $HOME_NET any -> [192.3.179.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.179.203/; sid:900621885; rev:1;) alert tcp $HOME_NET any -> [189.131.147.21] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.147.21/; sid:900763840; rev:1;) alert tcp $HOME_NET any -> [181.129.44.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.44.226/; sid:900763829; rev:1;) alert tcp $HOME_NET any -> [201.103.250.229] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.250.229/; sid:900763825; rev:1;) alert tcp $HOME_NET any -> [187.207.31.55] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.31.55/; sid:900763822; rev:1;) alert tcp $HOME_NET any -> [187.202.255.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.202.255.212/; sid:900763809; rev:1;) alert tcp $HOME_NET any -> [187.135.41.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.41.161/; sid:900763799; rev:1;) alert tcp $HOME_NET any -> [190.84.42.113] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.42.113/; sid:900763798; rev:1;) alert tcp $HOME_NET any -> [201.153.129.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.129.173/; sid:900763797; rev:1;) alert tcp $HOME_NET any -> [185.53.134.131] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.134.131/; sid:900763796; rev:1;) alert tcp $HOME_NET any -> [2.50.178.247] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.178.247/; sid:900763795; rev:1;) alert tcp $HOME_NET any -> [37.98.114.178] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.98.114.178/; sid:900763794; rev:1;) alert tcp $HOME_NET any -> [189.228.229.106] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.229.106/; sid:900763793; rev:1;) alert tcp $HOME_NET any -> [187.132.35.20] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.132.35.20/; sid:900763792; rev:1;) alert tcp $HOME_NET any -> [200.239.37.237] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.239.37.237/; sid:900763791; rev:1;) alert tcp $HOME_NET any -> [189.170.20.198] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.170.20.198/; sid:900763790; rev:1;) alert tcp $HOME_NET any -> [181.49.96.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.96.250/; sid:900763734; rev:1;) alert tcp $HOME_NET any -> [190.25.54.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.54.18/; sid:900763733; rev:1;) alert tcp $HOME_NET any -> [148.240.70.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.70.74/; sid:900763732; rev:1;) alert tcp $HOME_NET any -> [138.122.96.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.96.100/; sid:900763730; rev:1;) alert tcp $HOME_NET any -> [189.205.123.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.123.101/; sid:900763729; rev:1;) alert tcp $HOME_NET any -> [181.49.236.174] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.236.174/; sid:900763728; rev:1;) alert tcp $HOME_NET any -> [190.160.8.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.160.8.4/; sid:900763725; rev:1;) alert tcp $HOME_NET any -> [181.175.23.114] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.23.114/; sid:900763721; rev:1;) alert tcp $HOME_NET any -> [167.0.166.227] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.0.166.227/; sid:900763720; rev:1;) alert tcp $HOME_NET any -> [190.26.98.130] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.26.98.130/; sid:900763718; rev:1;) alert tcp $HOME_NET any -> [138.59.18.169] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.18.169/; sid:900763716; rev:1;) alert tcp $HOME_NET any -> [184.68.59.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.59.166/; sid:900763715; rev:1;) alert tcp $HOME_NET any -> [200.111.255.89] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.255.89/; sid:900763714; rev:1;) alert tcp $HOME_NET any -> [200.105.211.46] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.211.46/; sid:900763713; rev:1;) alert tcp $HOME_NET any -> [190.154.42.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.42.107/; sid:900763711; rev:1;) alert tcp $HOME_NET any -> [45.45.77.43] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.45.77.43/; sid:900763709; rev:1;) alert tcp $HOME_NET any -> [200.117.244.36] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.117.244.36/; sid:900763706; rev:1;) alert tcp $HOME_NET any -> [69.70.238.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.238.170/; sid:900763702; rev:1;) alert tcp $HOME_NET any -> [186.70.105.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.105.27/; sid:900763701; rev:1;) alert tcp $HOME_NET any -> [24.146.61.59] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.61.59/; sid:900763700; rev:1;) alert tcp $HOME_NET any -> [190.158.241.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.241.119/; sid:900763698; rev:1;) alert tcp $HOME_NET any -> [190.128.27.233] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.27.233/; sid:900763697; rev:1;) alert tcp $HOME_NET any -> [69.70.236.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.236.34/; sid:900763696; rev:1;) alert tcp $HOME_NET any -> [96.21.235.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.235.163/; sid:900763695; rev:1;) alert tcp $HOME_NET any -> [142.46.245.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.46.245.2/; sid:900763694; rev:1;) alert tcp $HOME_NET any -> [189.223.4.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.4.181/; sid:900763691; rev:1;) alert tcp $HOME_NET any -> [186.71.23.165] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.23.165/; sid:900763690; rev:1;) alert tcp $HOME_NET any -> [201.146.215.137] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.215.137/; sid:900763689; rev:1;) alert tcp $HOME_NET any -> [24.66.53.180] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.66.53.180/; sid:900763687; rev:1;) alert tcp $HOME_NET any -> [148.240.65.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.65.44/; sid:900763686; rev:1;) alert tcp $HOME_NET any -> [187.155.130.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.130.72/; sid:900763685; rev:1;) alert tcp $HOME_NET any -> [190.183.58.190] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.190/; sid:900763684; rev:1;) alert tcp $HOME_NET any -> [81.82.203.76] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.82.203.76/; sid:900763683; rev:1;) alert tcp $HOME_NET any -> [201.194.127.211] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.194.127.211/; sid:900763682; rev:1;) alert tcp $HOME_NET any -> [186.75.241.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.241.230/; sid:900761674; rev:1;) alert tcp $HOME_NET any -> [186.19.202.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.202.88/; sid:900761664; rev:1;) alert tcp $HOME_NET any -> [179.8.99.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.99.239/; sid:900761657; rev:1;) alert tcp $HOME_NET any -> [119.235.90.232] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.235.90.232/; sid:900761654; rev:1;) alert tcp $HOME_NET any -> [152.231.224.62] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.224.62/; sid:900761644; rev:1;) alert tcp $HOME_NET any -> [85.99.247.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.247.228/; sid:900761636; rev:1;) alert tcp $HOME_NET any -> [201.130.123.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.123.206/; sid:900761620; rev:1;) alert tcp $HOME_NET any -> [189.149.181.61] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.181.61/; sid:900761619; rev:1;) alert tcp $HOME_NET any -> [187.233.137.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.137.90/; sid:900761618; rev:1;) alert tcp $HOME_NET any -> [190.57.232.244] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.232.244/; sid:900760781; rev:1;) alert tcp $HOME_NET any -> [201.180.46.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.180.46.22/; sid:900760779; rev:1;) alert tcp $HOME_NET any -> [186.114.207.82] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.207.82/; sid:900760777; rev:1;) alert tcp $HOME_NET any -> [181.129.30.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.30.82/; sid:900760775; rev:1;) alert tcp $HOME_NET any -> [181.225.14.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.225.14.209/; sid:900760771; rev:1;) alert tcp $HOME_NET any -> [186.120.159.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.159.140/; sid:900760770; rev:1;) alert tcp $HOME_NET any -> [51.148.59.233] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.148.59.233/; sid:900760768; rev:1;) alert tcp $HOME_NET any -> [201.190.204.249] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.204.249/; sid:900760766; rev:1;) alert tcp $HOME_NET any -> [186.137.145.245] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.145.245/; sid:900760765; rev:1;) alert tcp $HOME_NET any -> [175.205.73.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.205.73.49/; sid:900760764; rev:1;) alert tcp $HOME_NET any -> [148.103.82.211] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.82.211/; sid:900760763; rev:1;) alert tcp $HOME_NET any -> [24.48.215.63] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.48.215.63/; sid:900760762; rev:1;) alert tcp $HOME_NET any -> [190.72.239.156] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.239.156/; sid:900760761; rev:1;) alert tcp $HOME_NET any -> [89.211.147.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.147.250/; sid:900760760; rev:1;) alert tcp $HOME_NET any -> [109.121.205.213] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.121.205.213/; sid:900760759; rev:1;) alert tcp $HOME_NET any -> [190.97.63.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.63.104/; sid:900760757; rev:1;) alert tcp $HOME_NET any -> [190.247.62.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.247.62.93/; sid:900760756; rev:1;) alert tcp $HOME_NET any -> [207.167.7.141] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.167.7.141/; sid:900760754; rev:1;) alert tcp $HOME_NET any -> [190.98.58.170] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.98.58.170/; sid:900760753; rev:1;) alert tcp $HOME_NET any -> [86.56.233.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.56.233.166/; sid:900760750; rev:1;) alert tcp $HOME_NET any -> [181.189.212.120] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.212.120/; sid:900760749; rev:1;) alert tcp $HOME_NET any -> [186.108.174.175] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.108.174.175/; sid:900760744; rev:1;) alert tcp $HOME_NET any -> [186.113.19.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.170/; sid:900760743; rev:1;) alert tcp $HOME_NET any -> [191.92.81.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.81.199/; sid:900760742; rev:1;) alert tcp $HOME_NET any -> [184.149.7.49] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.7.49/; sid:900760741; rev:1;) alert tcp $HOME_NET any -> [190.183.58.155] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.155/; sid:900760740; rev:1;) alert tcp $HOME_NET any -> [186.118.161.100] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.118.161.100/; sid:900760738; rev:1;) alert tcp $HOME_NET any -> [190.24.243.186] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.24.243.186/; sid:900760736; rev:1;) alert tcp $HOME_NET any -> [201.212.241.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.241.162/; sid:900760735; rev:1;) alert tcp $HOME_NET any -> [186.94.231.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.94.231.146/; sid:900760733; rev:1;) alert tcp $HOME_NET any -> [181.58.47.34] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.58.47.34/; sid:900760732; rev:1;) alert tcp $HOME_NET any -> [148.103.7.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.7.35/; sid:900760730; rev:1;) alert tcp $HOME_NET any -> [137.74.173.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.173.19/; sid:900760728; rev:1;) alert tcp $HOME_NET any -> [41.32.82.216] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.32.82.216/; sid:900760727; rev:1;) alert tcp $HOME_NET any -> [41.202.77.180] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.202.77.180/; sid:900760726; rev:1;) alert tcp $HOME_NET any -> [217.86.203.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.86.203.2/; sid:900760725; rev:1;) alert tcp $HOME_NET any -> [86.42.254.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.254.71/; sid:900760724; rev:1;) alert tcp $HOME_NET any -> [193.239.235.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.209/; sid:900760723; rev:1;) alert tcp $HOME_NET any -> [189.253.39.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.39.50/; sid:900760721; rev:1;) alert tcp $HOME_NET any -> [128.234.43.30] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.234.43.30/; sid:900760720; rev:1;) alert tcp $HOME_NET any -> [206.248.110.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.248.110.184/; sid:900760719; rev:1;) alert tcp $HOME_NET any -> [182.180.170.72] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.170.72/; sid:900760718; rev:1;) alert tcp $HOME_NET any -> [187.163.60.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.60.63/; sid:900760660; rev:1;) alert tcp $HOME_NET any -> [170.83.53.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.83.53.71/; sid:900760659; rev:1;) alert tcp $HOME_NET any -> [182.72.25.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.72.25.180/; sid:900760658; rev:1;) alert tcp $HOME_NET any -> [78.189.109.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.109.123/; sid:900760656; rev:1;) alert tcp $HOME_NET any -> [190.104.191.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.191.159/; sid:900760655; rev:1;) alert tcp $HOME_NET any -> [191.99.120.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.120.221/; sid:900760654; rev:1;) alert tcp $HOME_NET any -> [187.188.41.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.41.242/; sid:900760651; rev:1;) alert tcp $HOME_NET any -> [99.234.216.14] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.234.216.14/; sid:900760650; rev:1;) alert tcp $HOME_NET any -> [186.136.185.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.185.11/; sid:900760647; rev:1;) alert tcp $HOME_NET any -> [190.44.204.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.204.143/; sid:900760646; rev:1;) alert tcp $HOME_NET any -> [77.44.120.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.120.62/; sid:900760644; rev:1;) alert tcp $HOME_NET any -> [186.68.199.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.199.71/; sid:900760643; rev:1;) alert tcp $HOME_NET any -> [187.228.133.187] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.133.187/; sid:900760642; rev:1;) alert tcp $HOME_NET any -> [54.37.5.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.5.200/; sid:900760640; rev:1;) alert tcp $HOME_NET any -> [94.73.197.123] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.73.197.123/; sid:900760639; rev:1;) alert tcp $HOME_NET any -> [200.43.231.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.231.60/; sid:900760638; rev:1;) alert tcp $HOME_NET any -> [189.252.30.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.30.160/; sid:900760634; rev:1;) alert tcp $HOME_NET any -> [190.57.130.142] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.130.142/; sid:900760633; rev:1;) alert tcp $HOME_NET any -> [187.206.202.129] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.206.202.129/; sid:900760630; rev:1;) alert tcp $HOME_NET any -> [51.77.111.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.111.116/; sid:900760629; rev:1;) alert tcp $HOME_NET any -> [200.58.78.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.78/; sid:900760628; rev:1;) alert tcp $HOME_NET any -> [88.253.236.157] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.236.157/; sid:900760626; rev:1;) alert tcp $HOME_NET any -> [190.179.117.181] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.179.117.181/; sid:900760624; rev:1;) alert tcp $HOME_NET any -> [181.114.107.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.107.154/; sid:900760622; rev:1;) alert tcp $HOME_NET any -> [181.59.253.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.59.253.20/; sid:900760621; rev:1;) alert tcp $HOME_NET any -> [189.228.123.79] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.123.79/; sid:900760620; rev:1;) alert tcp $HOME_NET any -> [109.170.141.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.141.120/; sid:900760619; rev:1;) alert tcp $HOME_NET any -> [179.62.18.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.18.56/; sid:900760618; rev:1;) alert tcp $HOME_NET any -> [158.174.130.145] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.174.130.145/; sid:900760617; rev:1;) alert tcp $HOME_NET any -> [198.46.157.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.157.252/; sid:900760614; rev:1;) alert tcp $HOME_NET any -> [96.20.46.60] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.46.60/; sid:900760613; rev:1;) alert tcp $HOME_NET any -> [181.13.229.35] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.229.35/; sid:900760612; rev:1;) alert tcp $HOME_NET any -> [186.19.62.24] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.62.24/; sid:900760611; rev:1;) alert tcp $HOME_NET any -> [189.250.153.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.153.215/; sid:900760610; rev:1;) alert tcp $HOME_NET any -> [200.68.61.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.61.242/; sid:900760609; rev:1;) alert tcp $HOME_NET any -> [186.176.25.133] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.25.133/; sid:900760608; rev:1;) alert tcp $HOME_NET any -> [75.159.115.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.115.228/; sid:900760607; rev:1;) alert tcp $HOME_NET any -> [190.216.238.62] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.216.238.62/; sid:900760606; rev:1;) alert tcp $HOME_NET any -> [200.125.113.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.113.60/; sid:900760605; rev:1;) alert tcp $HOME_NET any -> [105.210.6.67] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.210.6.67/; sid:900760604; rev:1;) alert tcp $HOME_NET any -> [74.58.188.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.188.22/; sid:900759365; rev:1;) alert tcp $HOME_NET any -> [182.184.108.234] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.108.234/; sid:900759364; rev:1;) alert tcp $HOME_NET any -> [106.51.0.205] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.0.205/; sid:900759361; rev:1;) alert tcp $HOME_NET any -> [5.239.240.88] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.239.240.88/; sid:900759360; rev:1;) alert tcp $HOME_NET any -> [101.229.131.245] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.229.131.245/; sid:900759359; rev:1;) alert tcp $HOME_NET any -> [27.0.180.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.180.40/; sid:900759356; rev:1;) alert tcp $HOME_NET any -> [114.79.134.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.49/; sid:900759355; rev:1;) alert tcp $HOME_NET any -> [50.99.132.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.99.132.7/; sid:900759351; rev:1;) alert tcp $HOME_NET any -> [176.74.89.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.74.89.66/; sid:900759350; rev:1;) alert tcp $HOME_NET any -> [85.99.124.9] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.124.9/; sid:900759349; rev:1;) alert tcp $HOME_NET any -> [203.213.236.70] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.236.70/; sid:900759348; rev:1;) alert tcp $HOME_NET any -> [111.235.148.46] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.148.46/; sid:900759346; rev:1;) alert tcp $HOME_NET any -> [83.110.212.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.212.100/; sid:900759345; rev:1;) alert tcp $HOME_NET any -> [175.101.89.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.89.66/; sid:900759344; rev:1;) alert tcp $HOME_NET any -> [179.13.73.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.73.220/; sid:900759340; rev:1;) alert tcp $HOME_NET any -> [175.32.123.78] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.32.123.78/; sid:900759338; rev:1;) alert tcp $HOME_NET any -> [83.110.108.213] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.108.213/; sid:900759336; rev:1;) alert tcp $HOME_NET any -> [5.128.151.213] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.128.151.213/; sid:900759335; rev:1;) alert tcp $HOME_NET any -> [187.199.129.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.129.111/; sid:900759334; rev:1;) alert tcp $HOME_NET any -> [105.174.6.174] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.174.6.174/; sid:900759333; rev:1;) alert tcp $HOME_NET any -> [113.193.254.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.254.82/; sid:900759330; rev:1;) alert tcp $HOME_NET any -> [14.192.144.194] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.144.194/; sid:900759328; rev:1;) alert tcp $HOME_NET any -> [211.138.24.144] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.138.24.144/; sid:900759326; rev:1;) alert tcp $HOME_NET any -> [197.83.236.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.236.18/; sid:900759325; rev:1;) alert tcp $HOME_NET any -> [190.147.44.151] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.44.151/; sid:900759323; rev:1;) alert tcp $HOME_NET any -> [58.239.33.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.239.33.5/; sid:900759321; rev:1;) alert tcp $HOME_NET any -> [185.129.92.210] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.92.210/; sid:900759320; rev:1;) alert tcp $HOME_NET any -> [50.31.0.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.0.160/; sid:900759318; rev:1;) alert tcp $HOME_NET any -> [189.252.174.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.174.81/; sid:900759317; rev:1;) alert tcp $HOME_NET any -> [180.232.133.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.232.133.50/; sid:900759316; rev:1;) alert tcp $HOME_NET any -> [103.108.204.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.204.93/; sid:900759315; rev:1;) alert tcp $HOME_NET any -> [70.81.33.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.81.33.80/; sid:900759314; rev:1;) alert tcp $HOME_NET any -> [179.53.156.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.53.156.88/; sid:900759313; rev:1;) alert tcp $HOME_NET any -> [187.192.58.207] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.58.207/; sid:900759312; rev:1;) alert tcp $HOME_NET any -> [93.107.126.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.107.126.157/; sid:900759311; rev:1;) alert tcp $HOME_NET any -> [41.216.165.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.216.165.122/; sid:900759310; rev:1;) alert tcp $HOME_NET any -> [100.42.20.148] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.20.148/; sid:900759309; rev:1;) alert tcp $HOME_NET any -> [182.176.106.43] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.106.43/; sid:900759308; rev:1;) alert tcp $HOME_NET any -> [101.0.108.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.0.108.0/; sid:900759092; rev:1;) alert tcp $HOME_NET any -> [116.0.115.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.115.0/; sid:900759091; rev:1;) alert tcp $HOME_NET any -> [32.0.110.0] 26880 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.0.110.0/; sid:900759090; rev:1;) alert tcp $HOME_NET any -> [98.0.32.0] 25856 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.32.0/; sid:900759089; rev:1;) alert tcp $HOME_NET any -> [97.0.101.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.101.0/; sid:900759088; rev:1;) alert tcp $HOME_NET any -> [97.0.32.0] 27648 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.32.0/; sid:900759087; rev:1;) alert tcp $HOME_NET any -> [104.0.32.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.0.32.0/; sid:900759086; rev:1;) alert tcp $HOME_NET any -> [116.0.105.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.105.0/; sid:900759085; rev:1;) alert tcp $HOME_NET any -> [109.0.32.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.0.32.0/; sid:900759084; rev:1;) alert tcp $HOME_NET any -> [105.0.114.0] 28160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.0.114.0/; sid:900759083; rev:1;) alert tcp $HOME_NET any -> [100.0.101.0] 8192 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.101.0/; sid:900759082; rev:1;) alert tcp $HOME_NET any -> [12.36.68.139] 19595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.68.139/; sid:900757216; rev:1;) alert tcp $HOME_NET any -> [181.171.28.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.28.140/; sid:900756111; rev:1;) alert tcp $HOME_NET any -> [86.122.149.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.122.149.86/; sid:900756110; rev:1;) alert tcp $HOME_NET any -> [200.24.248.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.194/; sid:900756108; rev:1;) alert tcp $HOME_NET any -> [78.186.26.189] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.26.189/; sid:900756107; rev:1;) alert tcp $HOME_NET any -> [200.50.177.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.177.218/; sid:900756105; rev:1;) alert tcp $HOME_NET any -> [94.63.172.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.63.172.7/; sid:900756104; rev:1;) alert tcp $HOME_NET any -> [217.145.83.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.145.83.44/; sid:900756098; rev:1;) alert tcp $HOME_NET any -> [105.225.161.70] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.161.70/; sid:900756096; rev:1;) alert tcp $HOME_NET any -> [87.201.127.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.201.127.70/; sid:900756093; rev:1;) alert tcp $HOME_NET any -> [187.247.125.144] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.247.125.144/; sid:900756091; rev:1;) alert tcp $HOME_NET any -> [86.98.71.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.253/; sid:900756090; rev:1;) alert tcp $HOME_NET any -> [45.224.52.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.52.174/; sid:900756088; rev:1;) alert tcp $HOME_NET any -> [197.88.29.182] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.29.182/; sid:900756087; rev:1;) alert tcp $HOME_NET any -> [59.23.248.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.248.48/; sid:900756086; rev:1;) alert tcp $HOME_NET any -> [105.226.195.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.195.36/; sid:900756081; rev:1;) alert tcp $HOME_NET any -> [105.184.219.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.219.102/; sid:900756080; rev:1;) alert tcp $HOME_NET any -> [83.103.164.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.103.164.123/; sid:900756079; rev:1;) alert tcp $HOME_NET any -> [117.197.124.51] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.51/; sid:900756076; rev:1;) alert tcp $HOME_NET any -> [85.54.169.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.169.141/; sid:900756075; rev:1;) alert tcp $HOME_NET any -> [220.123.35.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.123.35.12/; sid:900756073; rev:1;) alert tcp $HOME_NET any -> [194.183.83.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.183.83.82/; sid:900756072; rev:1;) alert tcp $HOME_NET any -> [189.213.205.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.205.70/; sid:900756071; rev:1;) alert tcp $HOME_NET any -> [175.195.100.9] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.195.100.9/; sid:900756070; rev:1;) alert tcp $HOME_NET any -> [194.85.67.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.85.67.180/; sid:900756068; rev:1;) alert tcp $HOME_NET any -> [173.252.33.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.252.33.186/; sid:900756067; rev:1;) alert tcp $HOME_NET any -> [208.78.100.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.100.202/; sid:900756066; rev:1;) alert tcp $HOME_NET any -> [45.63.17.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.17.206/; sid:900756065; rev:1;) alert tcp $HOME_NET any -> [186.46.255.217] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.255.217/; sid:900756064; rev:1;) alert tcp $HOME_NET any -> [24.51.106.145] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.51.106.145/; sid:900756063; rev:1;) alert tcp $HOME_NET any -> [196.210.47.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.47.216/; sid:900756062; rev:1;) alert tcp $HOME_NET any -> [96.22.189.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.22.189.104/; sid:900756061; rev:1;) alert tcp $HOME_NET any -> [118.175.93.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.175.93.254/; sid:900756060; rev:1;) alert tcp $HOME_NET any -> [187.144.78.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.78.190/; sid:900756059; rev:1;) alert tcp $HOME_NET any -> [59.102.162.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.102.162.246/; sid:900756058; rev:1;) alert tcp $HOME_NET any -> [186.67.88.242] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.88.242/; sid:900756057; rev:1;) alert tcp $HOME_NET any -> [189.129.160.167] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.160.167/; sid:900756056; rev:1;) alert tcp $HOME_NET any -> [190.138.221.70] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.221.70/; sid:900756055; rev:1;) alert tcp $HOME_NET any -> [212.81.22.231] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.81.22.231/; sid:900756053; rev:1;) alert tcp $HOME_NET any -> [190.245.10.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.10.162/; sid:900756049; rev:1;) alert tcp $HOME_NET any -> [200.86.246.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.86.246.50/; sid:900756046; rev:1;) alert tcp $HOME_NET any -> [189.208.126.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.126.53/; sid:900756043; rev:1;) alert tcp $HOME_NET any -> [190.195.169.170] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.169.170/; sid:900756035; rev:1;) alert tcp $HOME_NET any -> [190.25.255.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.255.98/; sid:900756030; rev:1;) alert tcp $HOME_NET any -> [187.137.111.0] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.111.0/; sid:900756024; rev:1;) alert tcp $HOME_NET any -> [189.190.40.163] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.40.163/; sid:900756022; rev:1;) alert tcp $HOME_NET any -> [181.54.202.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.202.80/; sid:900756020; rev:1;) alert tcp $HOME_NET any -> [187.192.133.210] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.133.210/; sid:900756017; rev:1;) alert tcp $HOME_NET any -> [31.193.130.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.193.130.187/; sid:900756016; rev:1;) alert tcp $HOME_NET any -> [185.38.216.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.38.216.84/; sid:900756012; rev:1;) alert tcp $HOME_NET any -> [72.47.248.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.248.48/; sid:900756007; rev:1;) alert tcp $HOME_NET any -> [189.173.4.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.4.161/; sid:900756006; rev:1;) alert tcp $HOME_NET any -> [186.129.174.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.129.174.150/; sid:900756005; rev:1;) alert tcp $HOME_NET any -> [189.250.100.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.100.248/; sid:900756004; rev:1;) alert tcp $HOME_NET any -> [186.90.155.228] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.155.228/; sid:900756003; rev:1;) alert tcp $HOME_NET any -> [201.103.81.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.81.129/; sid:900756002; rev:1;) alert tcp $HOME_NET any -> [189.159.119.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.119.242/; sid:900756001; rev:1;) alert tcp $HOME_NET any -> [200.43.114.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.114.10/; sid:900756000; rev:1;) alert tcp $HOME_NET any -> [178.201.186.245] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.201.186.245/; sid:900755999; rev:1;) alert tcp $HOME_NET any -> [190.55.123.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.123.250/; sid:900755998; rev:1;) alert tcp $HOME_NET any -> [190.146.158.142] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.158.142/; sid:900755997; rev:1;) alert tcp $HOME_NET any -> [116.112.111.32] 28521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.112.111.32/; sid:900755705; rev:1;) alert tcp $HOME_NET any -> [46.121.114.97] 21514 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.121.114.97/; sid:900755704; rev:1;) alert tcp $HOME_NET any -> [99.105.100.32] 26996 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.105.100.32/; sid:900755703; rev:1;) alert tcp $HOME_NET any -> [97.32.116.99] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.116.99/; sid:900755702; rev:1;) alert tcp $HOME_NET any -> [32.101.100.111] 25199 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.100.111/; sid:900755701; rev:1;) alert tcp $HOME_NET any -> [122.176.109.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.109.10/; sid:900752888; rev:1;) alert tcp $HOME_NET any -> [117.247.233.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.247.233.82/; sid:900752887; rev:1;) alert tcp $HOME_NET any -> [183.82.112.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.154/; sid:900752882; rev:1;) alert tcp $HOME_NET any -> [217.165.2.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.29/; sid:900752880; rev:1;) alert tcp $HOME_NET any -> [186.90.227.239] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.227.239/; sid:900752879; rev:1;) alert tcp $HOME_NET any -> [58.65.178.100] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.178.100/; sid:900752878; rev:1;) alert tcp $HOME_NET any -> [27.96.91.73] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.73/; sid:900752877; rev:1;) alert tcp $HOME_NET any -> [109.129.2.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.129.2.50/; sid:900752876; rev:1;) alert tcp $HOME_NET any -> [2.50.183.165] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.183.165/; sid:900752875; rev:1;) alert tcp $HOME_NET any -> [211.248.17.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.17.209/; sid:900752873; rev:1;) alert tcp $HOME_NET any -> [190.228.72.180] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.72.180/; sid:900752872; rev:1;) alert tcp $HOME_NET any -> [187.144.76.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.76.174/; sid:900752867; rev:1;) alert tcp $HOME_NET any -> [196.209.233.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.209.233.234/; sid:900752866; rev:1;) alert tcp $HOME_NET any -> [190.147.100.8] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.100.8/; sid:900752865; rev:1;) alert tcp $HOME_NET any -> [123.136.174.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.136.174.52/; sid:900752860; rev:1;) alert tcp $HOME_NET any -> [189.149.3.197] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.3.197/; sid:900752859; rev:1;) alert tcp $HOME_NET any -> [115.93.16.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.93.16.173/; sid:900752858; rev:1;) alert tcp $HOME_NET any -> [121.74.198.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.198.58/; sid:900752857; rev:1;) alert tcp $HOME_NET any -> [190.109.223.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.223.50/; sid:900752853; rev:1;) alert tcp $HOME_NET any -> [118.69.35.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.35.66/; sid:900752852; rev:1;) alert tcp $HOME_NET any -> [27.147.163.188] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.147.163.188/; sid:900752851; rev:1;) alert tcp $HOME_NET any -> [147.83.156.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.156.162/; sid:900752848; rev:1;) alert tcp $HOME_NET any -> [190.0.1.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.1.30/; sid:900752847; rev:1;) alert tcp $HOME_NET any -> [186.4.165.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.165.50/; sid:900752846; rev:1;) alert tcp $HOME_NET any -> [190.94.79.239] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.94.79.239/; sid:900752845; rev:1;) alert tcp $HOME_NET any -> [183.82.120.85] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.120.85/; sid:900752844; rev:1;) alert tcp $HOME_NET any -> [189.194.250.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.250.74/; sid:900752843; rev:1;) alert tcp $HOME_NET any -> [189.230.124.74] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.124.74/; sid:900752842; rev:1;) alert tcp $HOME_NET any -> [181.119.30.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.25/; sid:900752840; rev:1;) alert tcp $HOME_NET any -> [148.243.206.110] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.243.206.110/; sid:900752839; rev:1;) alert tcp $HOME_NET any -> [218.105.184.93] 36275 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.105.184.93/; sid:900752398; rev:1;) alert tcp $HOME_NET any -> [100.231.103.203] 61235 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.231.103.203/; sid:900752397; rev:1;) alert tcp $HOME_NET any -> [201.248.14.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.14.67/; sid:900752289; rev:1;) alert tcp $HOME_NET any -> [125.130.72.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.130.72.105/; sid:900752270; rev:1;) alert tcp $HOME_NET any -> [181.31.246.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.246.152/; sid:900752266; rev:1;) alert tcp $HOME_NET any -> [116.240.3.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.240.3.27/; sid:900752265; rev:1;) alert tcp $HOME_NET any -> [186.150.202.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.202.242/; sid:900752245; rev:1;) alert tcp $HOME_NET any -> [190.190.101.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.101.38/; sid:900752243; rev:1;) alert tcp $HOME_NET any -> [31.53.229.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.229.122/; sid:900752229; rev:1;) alert tcp $HOME_NET any -> [181.45.45.132] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.45.132/; sid:900752228; rev:1;) alert tcp $HOME_NET any -> [181.211.11.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.11.171/; sid:900752227; rev:1;) alert tcp $HOME_NET any -> [190.226.34.8] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.34.8/; sid:900752225; rev:1;) alert tcp $HOME_NET any -> [186.15.66.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.66.98/; sid:900752224; rev:1;) alert tcp $HOME_NET any -> [200.83.21.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.21.5/; sid:900752222; rev:1;) alert tcp $HOME_NET any -> [24.53.3.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.3.10/; sid:900752221; rev:1;) alert tcp $HOME_NET any -> [69.158.10.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.10.125/; sid:900752220; rev:1;) alert tcp $HOME_NET any -> [24.222.22.58] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.22.58/; sid:900752219; rev:1;) alert tcp $HOME_NET any -> [45.73.27.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.27.218/; sid:900752216; rev:1;) alert tcp $HOME_NET any -> [95.9.248.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.248.89/; sid:900752214; rev:1;) alert tcp $HOME_NET any -> [66.50.57.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.57.73/; sid:900752210; rev:1;) alert tcp $HOME_NET any -> [189.225.146.180] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.146.180/; sid:900752209; rev:1;) alert tcp $HOME_NET any -> [189.129.134.124] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.134.124/; sid:900752208; rev:1;) alert tcp $HOME_NET any -> [200.54.18.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.18.162/; sid:900752207; rev:1;) alert tcp $HOME_NET any -> [181.164.8.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.8/; sid:900752206; rev:1;) alert tcp $HOME_NET any -> [187.163.177.194] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.177.194/; sid:900752205; rev:1;) alert tcp $HOME_NET any -> [216.244.228.62] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.228.62/; sid:900752204; rev:1;) alert tcp $HOME_NET any -> [189.146.157.111] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.157.111/; sid:900752203; rev:1;) alert tcp $HOME_NET any -> [190.10.220.92] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.220.92/; sid:900752202; rev:1;) alert tcp $HOME_NET any -> [187.158.112.43] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.158.112.43/; sid:900752201; rev:1;) alert tcp $HOME_NET any -> [201.245.184.16] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.184.16/; sid:900749547; rev:1;) alert tcp $HOME_NET any -> [80.44.121.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.121.62/; sid:900749546; rev:1;) alert tcp $HOME_NET any -> [45.167.12.22] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.12.22/; sid:900749542; rev:1;) alert tcp $HOME_NET any -> [105.184.237.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.237.83/; sid:900749535; rev:1;) alert tcp $HOME_NET any -> [78.189.173.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.173.217/; sid:900749534; rev:1;) alert tcp $HOME_NET any -> [201.143.82.199] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.82.199/; sid:900749529; rev:1;) alert tcp $HOME_NET any -> [182.73.147.218] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.147.218/; sid:900749528; rev:1;) alert tcp $HOME_NET any -> [105.184.106.99] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.106.99/; sid:900749525; rev:1;) alert tcp $HOME_NET any -> [151.237.16.5] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.16.5/; sid:900749522; rev:1;) alert tcp $HOME_NET any -> [178.209.71.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.209.71.63/; sid:900749520; rev:1;) alert tcp $HOME_NET any -> [88.249.181.174] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.174/; sid:900749519; rev:1;) alert tcp $HOME_NET any -> [27.109.116.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.116.48/; sid:900749515; rev:1;) alert tcp $HOME_NET any -> [187.163.91.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.91.104/; sid:900749510; rev:1;) alert tcp $HOME_NET any -> [190.17.173.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.58/; sid:900749509; rev:1;) alert tcp $HOME_NET any -> [120.63.148.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.63.148.9/; sid:900749508; rev:1;) alert tcp $HOME_NET any -> [201.111.29.109] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.29.109/; sid:900749507; rev:1;) alert tcp $HOME_NET any -> [187.135.141.61] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.141.61/; sid:900749506; rev:1;) alert tcp $HOME_NET any -> [178.92.73.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.92.73.34/; sid:900749505; rev:1;) alert tcp $HOME_NET any -> [187.235.145.190] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.145.190/; sid:900749504; rev:1;) alert tcp $HOME_NET any -> [94.59.80.100] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.80.100/; sid:900749503; rev:1;) alert tcp $HOME_NET any -> [201.230.255.100] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.230.255.100/; sid:900749502; rev:1;) alert tcp $HOME_NET any -> [187.207.58.148] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.58.148/; sid:900749501; rev:1;) alert tcp $HOME_NET any -> [201.235.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.65.61/; sid:900747250; rev:1;) alert tcp $HOME_NET any -> [204.13.253.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.13.253.141/; sid:900747247; rev:1;) alert tcp $HOME_NET any -> [189.155.150.137] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.150.137/; sid:900747245; rev:1;) alert tcp $HOME_NET any -> [200.93.90.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.90.133/; sid:900747244; rev:1;) alert tcp $HOME_NET any -> [201.110.118.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.118.102/; sid:900747243; rev:1;) alert tcp $HOME_NET any -> [190.52.161.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.52.161.1/; sid:900747242; rev:1;) alert tcp $HOME_NET any -> [181.57.230.186] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.230.186/; sid:900747238; rev:1;) alert tcp $HOME_NET any -> [190.210.223.238] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.223.238/; sid:900747237; rev:1;) alert tcp $HOME_NET any -> [85.99.104.112] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.104.112/; sid:900747236; rev:1;) alert tcp $HOME_NET any -> [200.68.111.81] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.111.81/; sid:900747234; rev:1;) alert tcp $HOME_NET any -> [179.41.14.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.41.14.199/; sid:900747233; rev:1;) alert tcp $HOME_NET any -> [190.60.225.114] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.60.225.114/; sid:900747232; rev:1;) alert tcp $HOME_NET any -> [190.10.159.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.159.242/; sid:900747231; rev:1;) alert tcp $HOME_NET any -> [178.62.37.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.37.188/; sid:900747229; rev:1;) alert tcp $HOME_NET any -> [180.92.239.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.92.239.110/; sid:900747228; rev:1;) alert tcp $HOME_NET any -> [190.120.195.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.195.162/; sid:900747225; rev:1;) alert tcp $HOME_NET any -> [83.110.19.147] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.19.147/; sid:900747224; rev:1;) alert tcp $HOME_NET any -> [24.232.79.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.79.140/; sid:900747223; rev:1;) alert tcp $HOME_NET any -> [181.143.91.186] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.91.186/; sid:900747220; rev:1;) alert tcp $HOME_NET any -> [187.207.186.161] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.186.161/; sid:900747219; rev:1;) alert tcp $HOME_NET any -> [37.187.159.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.159.59/; sid:900747218; rev:1;) alert tcp $HOME_NET any -> [216.8.148.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.148.141/; sid:900747216; rev:1;) alert tcp $HOME_NET any -> [190.17.160.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.160.28/; sid:900747215; rev:1;) alert tcp $HOME_NET any -> [190.167.214.75] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.167.214.75/; sid:900747214; rev:1;) alert tcp $HOME_NET any -> [62.75.191.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.191.231/; sid:900747211; rev:1;) alert tcp $HOME_NET any -> [41.75.132.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.132.231/; sid:900747210; rev:1;) alert tcp $HOME_NET any -> [189.244.154.169] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.154.169/; sid:900747209; rev:1;) alert tcp $HOME_NET any -> [86.217.148.38] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.217.148.38/; sid:900747208; rev:1;) alert tcp $HOME_NET any -> [190.103.30.186] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.30.186/; sid:900747207; rev:1;) alert tcp $HOME_NET any -> [181.143.194.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.194.138/; sid:900747206; rev:1;) alert tcp $HOME_NET any -> [177.242.215.65] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.65/; sid:900747205; rev:1;) alert tcp $HOME_NET any -> [81.130.209.250] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.209.250/; sid:900747204; rev:1;) alert tcp $HOME_NET any -> [190.6.24.248] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.24.248/; sid:900747203; rev:1;) alert tcp $HOME_NET any -> [201.130.151.95] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.151.95/; sid:900747202; rev:1;) alert tcp $HOME_NET any -> [70.55.70.147] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.147/; sid:900747201; rev:1;) alert tcp $HOME_NET any -> [60.54.121.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.121.215/; sid:900746589; rev:1;) alert tcp $HOME_NET any -> [210.19.41.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.19.41.87/; sid:900746587; rev:1;) alert tcp $HOME_NET any -> [139.13.91.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.136/; sid:900746586; rev:1;) alert tcp $HOME_NET any -> [186.16.203.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.203.150/; sid:900746584; rev:1;) alert tcp $HOME_NET any -> [86.98.65.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.65.187/; sid:900746583; rev:1;) alert tcp $HOME_NET any -> [181.61.253.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.90/; sid:900746582; rev:1;) alert tcp $HOME_NET any -> [139.13.91.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.149/; sid:900746581; rev:1;) alert tcp $HOME_NET any -> [200.71.112.158] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.112.158/; sid:900746580; rev:1;) alert tcp $HOME_NET any -> [201.231.70.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.70.72/; sid:900746578; rev:1;) alert tcp $HOME_NET any -> [189.163.44.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.44.44/; sid:900746576; rev:1;) alert tcp $HOME_NET any -> [201.200.3.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.200.3.74/; sid:900746575; rev:1;) alert tcp $HOME_NET any -> [181.46.46.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.46.49/; sid:900746572; rev:1;) alert tcp $HOME_NET any -> [80.12.84.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.84.86/; sid:900746571; rev:1;) alert tcp $HOME_NET any -> [181.48.239.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.239.3/; sid:900746570; rev:1;) alert tcp $HOME_NET any -> [200.113.106.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.106.18/; sid:900746568; rev:1;) alert tcp $HOME_NET any -> [81.86.206.166] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.206.166/; sid:900746567; rev:1;) alert tcp $HOME_NET any -> [190.210.236.237] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.237/; sid:900746566; rev:1;) alert tcp $HOME_NET any -> [183.82.34.65] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.34.65/; sid:900746562; rev:1;) alert tcp $HOME_NET any -> [190.220.19.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.19.82/; sid:900746560; rev:1;) alert tcp $HOME_NET any -> [78.187.52.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.52.65/; sid:900746559; rev:1;) alert tcp $HOME_NET any -> [216.252.83.23] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.252.83.23/; sid:900746558; rev:1;) alert tcp $HOME_NET any -> [79.127.57.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.42/; sid:900746557; rev:1;) alert tcp $HOME_NET any -> [169.0.47.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.47.103/; sid:900746556; rev:1;) alert tcp $HOME_NET any -> [79.98.31.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.98.31.206/; sid:900746555; rev:1;) alert tcp $HOME_NET any -> [186.190.192.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.190.192.84/; sid:900746554; rev:1;) alert tcp $HOME_NET any -> [69.163.33.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.82/; sid:900746552; rev:1;) alert tcp $HOME_NET any -> [139.13.92.63] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.92.63/; sid:900746551; rev:1;) alert tcp $HOME_NET any -> [181.167.49.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.49.76/; sid:900746550; rev:1;) alert tcp $HOME_NET any -> [189.154.188.33] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.188.33/; sid:900746549; rev:1;) alert tcp $HOME_NET any -> [79.66.242.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.66.242.43/; sid:900746548; rev:1;) alert tcp $HOME_NET any -> [181.169.58.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.58.108/; sid:900746547; rev:1;) alert tcp $HOME_NET any -> [139.13.84.107] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.84.107/; sid:900746546; rev:1;) alert tcp $HOME_NET any -> [154.120.231.114] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.231.114/; sid:900746544; rev:1;) alert tcp $HOME_NET any -> [187.200.132.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.200.132.53/; sid:900746543; rev:1;) alert tcp $HOME_NET any -> [187.163.213.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.213.124/; sid:900746542; rev:1;) alert tcp $HOME_NET any -> [97.32.110.101] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.110.101/; sid:900746048; rev:1;) alert tcp $HOME_NET any -> [206.5.160.235] 5657 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.5.160.235/; sid:900741170; rev:1;) alert tcp $HOME_NET any -> [106.51.37.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.37.192/; sid:900738854; rev:1;) alert tcp $HOME_NET any -> [2.50.53.185] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.53.185/; sid:900738848; rev:1;) alert tcp $HOME_NET any -> [88.249.120.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.120.191/; sid:900738846; rev:1;) alert tcp $HOME_NET any -> [105.224.105.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.105.73/; sid:900738827; rev:1;) alert tcp $HOME_NET any -> [183.82.104.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.104.81/; sid:900738825; rev:1;) alert tcp $HOME_NET any -> [190.202.166.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.166.164/; sid:900734353; rev:1;) alert tcp $HOME_NET any -> [190.19.178.131] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.178.131/; sid:900734351; rev:1;) alert tcp $HOME_NET any -> [201.183.225.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.225.39/; sid:900734350; rev:1;) alert tcp $HOME_NET any -> [103.91.228.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.228.3/; sid:900734347; rev:1;) alert tcp $HOME_NET any -> [189.159.150.1] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.150.1/; sid:900734346; rev:1;) alert tcp $HOME_NET any -> [186.149.140.55] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.140.55/; sid:900734345; rev:1;) alert tcp $HOME_NET any -> [103.251.141.42] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.141.42/; sid:900734344; rev:1;) alert tcp $HOME_NET any -> [187.177.166.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.166.183/; sid:900734341; rev:1;) alert tcp $HOME_NET any -> [152.231.109.201] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.109.201/; sid:900734340; rev:1;) alert tcp $HOME_NET any -> [190.44.153.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.153.169/; sid:900734336; rev:1;) alert tcp $HOME_NET any -> [201.228.78.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.228.78.117/; sid:900734334; rev:1;) alert tcp $HOME_NET any -> [221.4.142.41] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.4.142.41/; sid:900734329; rev:1;) alert tcp $HOME_NET any -> [91.183.108.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.183.108.184/; sid:900734328; rev:1;) alert tcp $HOME_NET any -> [152.168.249.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.249.64/; sid:900734325; rev:1;) alert tcp $HOME_NET any -> [200.6.186.36] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.186.36/; sid:900734323; rev:1;) alert tcp $HOME_NET any -> [190.136.177.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.177.34/; sid:900734321; rev:1;) alert tcp $HOME_NET any -> [83.110.153.207] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.153.207/; sid:900734320; rev:1;) alert tcp $HOME_NET any -> [190.230.171.15] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.171.15/; sid:900734319; rev:1;) alert tcp $HOME_NET any -> [5.187.152.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.187.152.115/; sid:900734318; rev:1;) alert tcp $HOME_NET any -> [190.138.220.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.220.6/; sid:900734317; rev:1;) alert tcp $HOME_NET any -> [181.197.14.204] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.14.204/; sid:900734314; rev:1;) alert tcp $HOME_NET any -> [187.232.87.141] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.87.141/; sid:900734313; rev:1;) alert tcp $HOME_NET any -> [85.75.118.245] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.75.118.245/; sid:900734312; rev:1;) alert tcp $HOME_NET any -> [190.186.38.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.38.22/; sid:900734311; rev:1;) alert tcp $HOME_NET any -> [181.177.213.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.177.213.144/; sid:900734310; rev:1;) alert tcp $HOME_NET any -> [181.39.166.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.166.254/; sid:900734309; rev:1;) alert tcp $HOME_NET any -> [181.143.126.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.126.170/; sid:900734308; rev:1;) alert tcp $HOME_NET any -> [94.70.164.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.164.109/; sid:900734307; rev:1;) alert tcp $HOME_NET any -> [190.186.42.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.42.98/; sid:900734306; rev:1;) alert tcp $HOME_NET any -> [217.165.127.208] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.208/; sid:900734305; rev:1;) alert tcp $HOME_NET any -> [190.210.33.41] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.33.41/; sid:900733153; rev:1;) alert tcp $HOME_NET any -> [64.39.179.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.39.179.131/; sid:900733152; rev:1;) alert tcp $HOME_NET any -> [212.99.204.114] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.99.204.114/; sid:900733151; rev:1;) alert tcp $HOME_NET any -> [201.231.77.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.77.11/; sid:900733149; rev:1;) alert tcp $HOME_NET any -> [190.104.233.88] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.233.88/; sid:900733147; rev:1;) alert tcp $HOME_NET any -> [190.147.247.215] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.247.215/; sid:900733146; rev:1;) alert tcp $HOME_NET any -> [5.44.210.163] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.210.163/; sid:900733144; rev:1;) alert tcp $HOME_NET any -> [189.163.192.252] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.192.252/; sid:900733142; rev:1;) alert tcp $HOME_NET any -> [187.163.143.13] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.143.13/; sid:900733140; rev:1;) alert tcp $HOME_NET any -> [181.39.96.86] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.96.86/; sid:900733139; rev:1;) alert tcp $HOME_NET any -> [200.84.36.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.36.201/; sid:900733138; rev:1;) alert tcp $HOME_NET any -> [92.11.254.135] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.254.135/; sid:900733136; rev:1;) alert tcp $HOME_NET any -> [200.52.206.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.206.246/; sid:900733135; rev:1;) alert tcp $HOME_NET any -> [190.72.254.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.254.66/; sid:900733132; rev:1;) alert tcp $HOME_NET any -> [181.166.88.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.166.88.217/; sid:900733131; rev:1;) alert tcp $HOME_NET any -> [200.68.68.153] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.68.153/; sid:900733130; rev:1;) alert tcp $HOME_NET any -> [81.214.63.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.63.242/; sid:900733127; rev:1;) alert tcp $HOME_NET any -> [190.245.191.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.191.156/; sid:900733126; rev:1;) alert tcp $HOME_NET any -> [189.222.109.159] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.109.159/; sid:900733124; rev:1;) alert tcp $HOME_NET any -> [186.24.240.240] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.24.240.240/; sid:900733123; rev:1;) alert tcp $HOME_NET any -> [169.0.100.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.48/; sid:900733121; rev:1;) alert tcp $HOME_NET any -> [190.158.224.107] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.224.107/; sid:900733118; rev:1;) alert tcp $HOME_NET any -> [190.171.237.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.189/; sid:900733117; rev:1;) alert tcp $HOME_NET any -> [190.245.107.73] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.107.73/; sid:900733116; rev:1;) alert tcp $HOME_NET any -> [189.149.12.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.12.180/; sid:900733115; rev:1;) alert tcp $HOME_NET any -> [186.137.231.77] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.231.77/; sid:900733114; rev:1;) alert tcp $HOME_NET any -> [189.203.177.52] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.52/; sid:900733113; rev:1;) alert tcp $HOME_NET any -> [200.127.231.105] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.231.105/; sid:900733112; rev:1;) alert tcp $HOME_NET any -> [189.228.101.204] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.101.204/; sid:900733111; rev:1;) alert tcp $HOME_NET any -> [139.13.93.50] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.93.50/; sid:900733110; rev:1;) alert tcp $HOME_NET any -> [201.214.147.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.147.166/; sid:900733109; rev:1;) alert tcp $HOME_NET any -> [200.124.27.202] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.27.202/; sid:900730282; rev:1;) alert tcp $HOME_NET any -> [95.70.224.237] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.70.224.237/; sid:900730281; rev:1;) alert tcp $HOME_NET any -> [189.131.47.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.47.159/; sid:900730280; rev:1;) alert tcp $HOME_NET any -> [186.159.122.233] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.122.233/; sid:900730276; rev:1;) alert tcp $HOME_NET any -> [169.1.71.215] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.71.215/; sid:900730274; rev:1;) alert tcp $HOME_NET any -> [86.98.53.59] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.53.59/; sid:900730271; rev:1;) alert tcp $HOME_NET any -> [179.50.131.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.50.131.35/; sid:900730270; rev:1;) alert tcp $HOME_NET any -> [187.193.117.191] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.117.191/; sid:900730267; rev:1;) alert tcp $HOME_NET any -> [186.82.11.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.82.11.76/; sid:900730265; rev:1;) alert tcp $HOME_NET any -> [27.100.25.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.100.25.74/; sid:900730263; rev:1;) alert tcp $HOME_NET any -> [186.136.29.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.29.143/; sid:900730258; rev:1;) alert tcp $HOME_NET any -> [88.247.76.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.76.191/; sid:900730257; rev:1;) alert tcp $HOME_NET any -> [201.238.171.6] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.171.6/; sid:900730255; rev:1;) alert tcp $HOME_NET any -> [187.148.160.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.160.52/; sid:900730253; rev:1;) alert tcp $HOME_NET any -> [70.178.189.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.178.189.123/; sid:900730252; rev:1;) alert tcp $HOME_NET any -> [181.48.22.219] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.22.219/; sid:900730251; rev:1;) alert tcp $HOME_NET any -> [105.228.147.223] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.147.223/; sid:900730250; rev:1;) alert tcp $HOME_NET any -> [63.143.74.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.74.70/; sid:900730249; rev:1;) alert tcp $HOME_NET any -> [217.165.124.206] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.124.206/; sid:900730248; rev:1;) alert tcp $HOME_NET any -> [176.192.20.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.192.20.62/; sid:900730246; rev:1;) alert tcp $HOME_NET any -> [177.225.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.150.89/; sid:900730245; rev:1;) alert tcp $HOME_NET any -> [200.119.193.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.193.251/; sid:900730241; rev:1;) alert tcp $HOME_NET any -> [189.189.79.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.79.143/; sid:900730240; rev:1;) alert tcp $HOME_NET any -> [179.32.192.202] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.32.192.202/; sid:900730239; rev:1;) alert tcp $HOME_NET any -> [54.38.247.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.247.98/; sid:900730238; rev:1;) alert tcp $HOME_NET any -> [187.163.183.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.183.194/; sid:900730237; rev:1;) alert tcp $HOME_NET any -> [70.45.60.142] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.60.142/; sid:900730236; rev:1;) alert tcp $HOME_NET any -> [182.191.119.91] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.119.91/; sid:900730235; rev:1;) alert tcp $HOME_NET any -> [190.75.47.24] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.47.24/; sid:900730234; rev:1;) alert tcp $HOME_NET any -> [187.169.245.45] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.169.245.45/; sid:900730233; rev:1;) alert tcp $HOME_NET any -> [190.188.46.233] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.46.233/; sid:900730232; rev:1;) alert tcp $HOME_NET any -> [189.205.249.209] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.249.209/; sid:900728513; rev:1;) alert tcp $HOME_NET any -> [189.253.56.145] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.56.145/; sid:900728512; rev:1;) alert tcp $HOME_NET any -> [186.4.242.12] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.242.12/; sid:900728510; rev:1;) alert tcp $HOME_NET any -> [177.243.144.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.243.144.248/; sid:900728508; rev:1;) alert tcp $HOME_NET any -> [177.240.208.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.240.208.251/; sid:900728506; rev:1;) alert tcp $HOME_NET any -> [186.177.126.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.126.252/; sid:900728504; rev:1;) alert tcp $HOME_NET any -> [177.242.215.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.230/; sid:900728503; rev:1;) alert tcp $HOME_NET any -> [187.243.70.172] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.70.172/; sid:900728502; rev:1;) alert tcp $HOME_NET any -> [177.231.56.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.56.40/; sid:900728500; rev:1;) alert tcp $HOME_NET any -> [187.163.179.73] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.179.73/; sid:900728499; rev:1;) alert tcp $HOME_NET any -> [200.115.53.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.115.53.210/; sid:900728498; rev:1;) alert tcp $HOME_NET any -> [197.211.244.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.244.219/; sid:900728497; rev:1;) alert tcp $HOME_NET any -> [187.131.47.157] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.47.157/; sid:900728496; rev:1;) alert tcp $HOME_NET any -> [190.240.175.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.175.190/; sid:900728495; rev:1;) alert tcp $HOME_NET any -> [187.150.211.115] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.211.115/; sid:900728494; rev:1;) alert tcp $HOME_NET any -> [190.146.169.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.169.53/; sid:900728493; rev:1;) alert tcp $HOME_NET any -> [189.225.148.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.148.250/; sid:900728492; rev:1;) alert tcp $HOME_NET any -> [186.4.4.161] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.161/; sid:900728491; rev:1;) alert tcp $HOME_NET any -> [87.225.109.55] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.225.109.55/; sid:900728490; rev:1;) alert tcp $HOME_NET any -> [213.14.139.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.139.81/; sid:900728488; rev:1;) alert tcp $HOME_NET any -> [187.153.105.212] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.105.212/; sid:900728487; rev:1;) alert tcp $HOME_NET any -> [190.182.134.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.182.134.41/; sid:900728486; rev:1;) alert tcp $HOME_NET any -> [189.218.186.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.186.138/; sid:900728485; rev:1;) alert tcp $HOME_NET any -> [190.130.152.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.130.152.209/; sid:900728484; rev:1;) alert tcp $HOME_NET any -> [181.230.129.137] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.129.137/; sid:900728483; rev:1;) alert tcp $HOME_NET any -> [186.3.223.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.223.3/; sid:900728482; rev:1;) alert tcp $HOME_NET any -> [190.117.161.108] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.161.108/; sid:900728481; rev:1;) alert tcp $HOME_NET any -> [181.27.124.64] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.124.64/; sid:900728480; rev:1;) alert tcp $HOME_NET any -> [201.110.250.76] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.250.76/; sid:900728479; rev:1;) alert tcp $HOME_NET any -> [201.192.162.109] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.162.109/; sid:900728477; rev:1;) alert tcp $HOME_NET any -> [186.176.140.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.140.255/; sid:900728475; rev:1;) alert tcp $HOME_NET any -> [187.241.18.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.241.18.251/; sid:900728474; rev:1;) alert tcp $HOME_NET any -> [181.168.80.87] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.80.87/; sid:900728473; rev:1;) alert tcp $HOME_NET any -> [191.103.109.235] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.109.235/; sid:900728472; rev:1;) alert tcp $HOME_NET any -> [84.173.140.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.173.140.231/; sid:900728470; rev:1;) alert tcp $HOME_NET any -> [177.226.75.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.226.75.31/; sid:900728468; rev:1;) alert tcp $HOME_NET any -> [200.194.14.232] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.194.14.232/; sid:900728466; rev:1;) alert tcp $HOME_NET any -> [105.225.76.76] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.76.76/; sid:900728463; rev:1;) alert tcp $HOME_NET any -> [189.157.57.135] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.57.135/; sid:900728462; rev:1;) alert tcp $HOME_NET any -> [201.248.199.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.199.100/; sid:900728459; rev:1;) alert tcp $HOME_NET any -> [190.27.27.139] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.27.27.139/; sid:900728458; rev:1;) alert tcp $HOME_NET any -> [187.250.133.125] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.133.125/; sid:900728457; rev:1;) alert tcp $HOME_NET any -> [1.22.119.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.22.119.250/; sid:900728456; rev:1;) alert tcp $HOME_NET any -> [189.222.245.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.245.247/; sid:900728455; rev:1;) alert tcp $HOME_NET any -> [181.63.199.17] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.199.17/; sid:900728454; rev:1;) alert tcp $HOME_NET any -> [201.102.7.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.102.7.208/; sid:900728453; rev:1;) alert tcp $HOME_NET any -> [70.80.135.35] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.80.135.35/; sid:900728452; rev:1;) alert tcp $HOME_NET any -> [200.124.225.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.225.32/; sid:900728451; rev:1;) alert tcp $HOME_NET any -> [189.226.214.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.214.129/; sid:900728450; rev:1;) alert tcp $HOME_NET any -> [130.209.253.231] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.253.231/; sid:900726635; rev:1;) alert tcp $HOME_NET any -> [173.212.221.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.221.251/; sid:900726634; rev:1;) alert tcp $HOME_NET any -> [81.145.239.194] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.145.239.194/; sid:900726633; rev:1;) alert tcp $HOME_NET any -> [186.139.184.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.184.36/; sid:900726632; rev:1;) alert tcp $HOME_NET any -> [190.67.11.122] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.67.11.122/; sid:900726629; rev:1;) alert tcp $HOME_NET any -> [178.141.80.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.141.80.155/; sid:900726627; rev:1;) alert tcp $HOME_NET any -> [93.182.25.14] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.182.25.14/; sid:900726626; rev:1;) alert tcp $HOME_NET any -> [109.128.252.1] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.128.252.1/; sid:900726625; rev:1;) alert tcp $HOME_NET any -> [85.99.251.233] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.251.233/; sid:900726624; rev:1;) alert tcp $HOME_NET any -> [179.52.155.151] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.155.151/; sid:900726621; rev:1;) alert tcp $HOME_NET any -> [94.64.51.64] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.64.51.64/; sid:900726620; rev:1;) alert tcp $HOME_NET any -> [186.70.152.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.152.218/; sid:900726619; rev:1;) alert tcp $HOME_NET any -> [186.101.235.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.235.14/; sid:900726618; rev:1;) alert tcp $HOME_NET any -> [190.202.39.187] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.39.187/; sid:900726616; rev:1;) alert tcp $HOME_NET any -> [213.184.244.254] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.184.244.254/; sid:900726615; rev:1;) alert tcp $HOME_NET any -> [190.180.124.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.124.226/; sid:900726613; rev:1;) alert tcp $HOME_NET any -> [190.193.3.177] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.3.177/; sid:900726610; rev:1;) alert tcp $HOME_NET any -> [130.209.248.130] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.248.130/; sid:900726608; rev:1;) alert tcp $HOME_NET any -> [190.106.97.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.106.97.230/; sid:900726607; rev:1;) alert tcp $HOME_NET any -> [83.110.12.246] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.12.246/; sid:900726605; rev:1;) alert tcp $HOME_NET any -> [188.194.63.4] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.194.63.4/; sid:900726604; rev:1;) alert tcp $HOME_NET any -> [78.61.250.157] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.61.250.157/; sid:900726602; rev:1;) alert tcp $HOME_NET any -> [152.169.22.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.153/; sid:900726601; rev:1;) alert tcp $HOME_NET any -> [190.84.160.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.160.195/; sid:900726600; rev:1;) alert tcp $HOME_NET any -> [190.79.4.107] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.4.107/; sid:900726599; rev:1;) alert tcp $HOME_NET any -> [130.209.248.118] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.248.118/; sid:900726598; rev:1;) alert tcp $HOME_NET any -> [181.57.97.83] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.97.83/; sid:900726594; rev:1;) alert tcp $HOME_NET any -> [181.51.214.5] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.51.214.5/; sid:900726593; rev:1;) alert tcp $HOME_NET any -> [181.60.57.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.57.250/; sid:900726592; rev:1;) alert tcp $HOME_NET any -> [190.195.129.227] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.129.227/; sid:900726591; rev:1;) alert tcp $HOME_NET any -> [78.186.175.183] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.183/; sid:900726590; rev:1;) alert tcp $HOME_NET any -> [63.143.67.107] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.67.107/; sid:900726589; rev:1;) alert tcp $HOME_NET any -> [189.222.20.165] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.20.165/; sid:900726588; rev:1;) alert tcp $HOME_NET any -> [190.131.157.113] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.157.113/; sid:900726587; rev:1;) alert tcp $HOME_NET any -> [189.146.217.35] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.217.35/; sid:900726586; rev:1;) alert tcp $HOME_NET any -> [189.134.53.158] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.53.158/; sid:900726585; rev:1;) alert tcp $HOME_NET any -> [220.130.37.13] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.130.37.13/; sid:900726448; rev:1;) alert tcp $HOME_NET any -> [189.209.255.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.255.52/; sid:900726445; rev:1;) alert tcp $HOME_NET any -> [189.148.190.37] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.148.190.37/; sid:900726444; rev:1;) alert tcp $HOME_NET any -> [200.126.171.119] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.171.119/; sid:900726442; rev:1;) alert tcp $HOME_NET any -> [117.3.39.85] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.3.39.85/; sid:900726440; rev:1;) alert tcp $HOME_NET any -> [181.167.31.88] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.31.88/; sid:900726438; rev:1;) alert tcp $HOME_NET any -> [190.55.209.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.209.82/; sid:900726436; rev:1;) alert tcp $HOME_NET any -> [201.152.93.218] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.93.218/; sid:900726428; rev:1;) alert tcp $HOME_NET any -> [186.28.36.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.28.36.44/; sid:900726427; rev:1;) alert tcp $HOME_NET any -> [181.189.221.172] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.221.172/; sid:900726421; rev:1;) alert tcp $HOME_NET any -> [186.4.172.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.172.5/; sid:900726418; rev:1;) alert tcp $HOME_NET any -> [2.86.188.27] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.86.188.27/; sid:900726416; rev:1;) alert tcp $HOME_NET any -> [186.179.80.101] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.101/; sid:900726415; rev:1;) alert tcp $HOME_NET any -> [186.20.248.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.248.146/; sid:900726412; rev:1;) alert tcp $HOME_NET any -> [24.157.195.134] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.157.195.134/; sid:900726411; rev:1;) alert tcp $HOME_NET any -> [99.239.84.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.239.84.14/; sid:900725933; rev:1;) alert tcp $HOME_NET any -> [115.166.1.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.166.1.82/; sid:900725930; rev:1;) alert tcp $HOME_NET any -> [171.101.153.12] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.153.12/; sid:900725928; rev:1;) alert tcp $HOME_NET any -> [189.213.120.20] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.120.20/; sid:900725925; rev:1;) alert tcp $HOME_NET any -> [75.99.13.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.13.124/; sid:900725915; rev:1;) alert tcp $HOME_NET any -> [175.140.115.82] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.140.115.82/; sid:900725913; rev:1;) alert tcp $HOME_NET any -> [219.92.81.149] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.92.81.149/; sid:900725912; rev:1;) alert tcp $HOME_NET any -> [41.169.20.147] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.169.20.147/; sid:900725911; rev:1;) alert tcp $HOME_NET any -> [181.27.124.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.124.18/; sid:900725910; rev:1;) alert tcp $HOME_NET any -> [173.255.196.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.196.209/; sid:900725909; rev:1;) alert tcp $HOME_NET any -> [222.97.149.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.97.149.122/; sid:900725906; rev:1;) alert tcp $HOME_NET any -> [60.212.12.177] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.212.12.177/; sid:900725905; rev:1;) alert tcp $HOME_NET any -> [181.168.74.104] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.74.104/; sid:900725903; rev:1;) alert tcp $HOME_NET any -> [189.250.216.207] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.216.207/; sid:900725902; rev:1;) alert tcp $HOME_NET any -> [186.136.188.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.188.169/; sid:900725898; rev:1;) alert tcp $HOME_NET any -> [220.161.178.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.161.178.6/; sid:900725896; rev:1;) alert tcp $HOME_NET any -> [105.246.66.139] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.246.66.139/; sid:900725890; rev:1;) alert tcp $HOME_NET any -> [190.95.116.116] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.95.116.116/; sid:900725889; rev:1;) alert tcp $HOME_NET any -> [187.169.235.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.169.235.5/; sid:900725884; rev:1;) alert tcp $HOME_NET any -> [69.195.223.154] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.195.223.154/; sid:900725882; rev:1;) alert tcp $HOME_NET any -> [201.97.99.39] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.99.39/; sid:900725881; rev:1;) alert tcp $HOME_NET any -> [138.37.47.17] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.37.47.17/; sid:900725880; rev:1;) alert tcp $HOME_NET any -> [121.175.22.236] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.22.236/; sid:900725879; rev:1;) alert tcp $HOME_NET any -> [218.214.130.200] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.214.130.200/; sid:900725878; rev:1;) alert tcp $HOME_NET any -> [189.211.177.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.211.177.82/; sid:900725877; rev:1;) alert tcp $HOME_NET any -> [187.167.204.28] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.204.28/; sid:900725876; rev:1;) alert tcp $HOME_NET any -> [61.1.33.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.1.33.229/; sid:900725875; rev:1;) alert tcp $HOME_NET any -> [201.251.43.69] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.43.69/; sid:900725872; rev:1;) alert tcp $HOME_NET any -> [182.71.147.46] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.71.147.46/; sid:900725647; rev:1;) alert tcp $HOME_NET any -> [150.107.20.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.107.20.18/; sid:900725643; rev:1;) alert tcp $HOME_NET any -> [201.208.254.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.254.113/; sid:900725622; rev:1;) alert tcp $HOME_NET any -> [189.208.84.186] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.84.186/; sid:900725621; rev:1;) alert tcp $HOME_NET any -> [189.253.31.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.31.61/; sid:900725620; rev:1;) alert tcp $HOME_NET any -> [177.230.11.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.11.212/; sid:900725618; rev:1;) alert tcp $HOME_NET any -> [24.160.184.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.160.184.201/; sid:900725617; rev:1;) alert tcp $HOME_NET any -> [197.89.222.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.222.16/; sid:900725616; rev:1;) alert tcp $HOME_NET any -> [152.172.214.195] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.172.214.195/; sid:900725615; rev:1;) alert tcp $HOME_NET any -> [203.122.236.163] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.236.163/; sid:900725614; rev:1;) alert tcp $HOME_NET any -> [103.12.246.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.246.188/; sid:900725613; rev:1;) alert tcp $HOME_NET any -> [190.73.133.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.133.66/; sid:900725002; rev:1;) alert tcp $HOME_NET any -> [179.60.24.164] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.24.164/; sid:900724999; rev:1;) alert tcp $HOME_NET any -> [103.9.226.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.226.57/; sid:900724998; rev:1;) alert tcp $HOME_NET any -> [181.168.130.219] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.130.219/; sid:900724997; rev:1;) alert tcp $HOME_NET any -> [190.147.19.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.19.32/; sid:900724992; rev:1;) alert tcp $HOME_NET any -> [70.28.2.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.2.171/; sid:900724990; rev:1;) alert tcp $HOME_NET any -> [190.13.222.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.222.120/; sid:900724986; rev:1;) alert tcp $HOME_NET any -> [115.160.160.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.160.160.134/; sid:900724983; rev:1;) alert tcp $HOME_NET any -> [86.43.100.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.43.100.19/; sid:900724982; rev:1;) alert tcp $HOME_NET any -> [60.48.92.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.48.92.229/; sid:900724978; rev:1;) alert tcp $HOME_NET any -> [187.137.178.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.178.62/; sid:900724975; rev:1;) alert tcp $HOME_NET any -> [130.241.16.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.241.16.154/; sid:900724974; rev:1;) alert tcp $HOME_NET any -> [70.55.69.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.69.202/; sid:900724973; rev:1;) alert tcp $HOME_NET any -> [181.197.253.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.253.133/; sid:900724972; rev:1;) alert tcp $HOME_NET any -> [201.190.150.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.150.60/; sid:900724971; rev:1;) alert tcp $HOME_NET any -> [81.150.17.158] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.17.158/; sid:900724969; rev:1;) alert tcp $HOME_NET any -> [187.140.90.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.140.90.91/; sid:900724968; rev:1;) alert tcp $HOME_NET any -> [78.189.21.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.21.131/; sid:900724967; rev:1;) alert tcp $HOME_NET any -> [213.120.119.231] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.119.231/; sid:900724966; rev:1;) alert tcp $HOME_NET any -> [186.170.25.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.170.25.122/; sid:900724925; rev:1;) alert tcp $HOME_NET any -> [186.120.211.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.211.26/; sid:900724923; rev:1;) alert tcp $HOME_NET any -> [181.211.102.138] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.102.138/; sid:900724921; rev:1;) alert tcp $HOME_NET any -> [190.146.0.108] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.0.108/; sid:900724920; rev:1;) alert tcp $HOME_NET any -> [186.114.143.12] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.143.12/; sid:900724919; rev:1;) alert tcp $HOME_NET any -> [186.87.134.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.87.134.176/; sid:900724917; rev:1;) alert tcp $HOME_NET any -> [201.236.218.36] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.218.36/; sid:900724912; rev:1;) alert tcp $HOME_NET any -> [186.33.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.33.185.229/; sid:900724909; rev:1;) alert tcp $HOME_NET any -> [201.220.68.11] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.68.11/; sid:900724905; rev:1;) alert tcp $HOME_NET any -> [190.104.213.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.213.38/; sid:900724903; rev:1;) alert tcp $HOME_NET any -> [181.60.244.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.244.166/; sid:900724902; rev:1;) alert tcp $HOME_NET any -> [190.11.22.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.22.92/; sid:900724900; rev:1;) alert tcp $HOME_NET any -> [190.219.129.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.129.131/; sid:900724897; rev:1;) alert tcp $HOME_NET any -> [190.142.80.8] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.142.80.8/; sid:900724896; rev:1;) alert tcp $HOME_NET any -> [190.129.111.12] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.129.111.12/; sid:900724895; rev:1;) alert tcp $HOME_NET any -> [190.202.173.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.173.244/; sid:900724894; rev:1;) alert tcp $HOME_NET any -> [181.48.61.138] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.61.138/; sid:900724893; rev:1;) alert tcp $HOME_NET any -> [201.211.77.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.77.71/; sid:900724892; rev:1;) alert tcp $HOME_NET any -> [186.85.86.220] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.86.220/; sid:900724891; rev:1;) alert tcp $HOME_NET any -> [190.100.239.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.239.58/; sid:900724890; rev:1;) alert tcp $HOME_NET any -> [217.173.64.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.173.64.242/; sid:900724888; rev:1;) alert tcp $HOME_NET any -> [80.122.2.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.122.2.142/; sid:900724294; rev:1;) alert tcp $HOME_NET any -> [39.61.34.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.34.254/; sid:900724290; rev:1;) alert tcp $HOME_NET any -> [94.205.247.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.205.247.10/; sid:900724282; rev:1;) alert tcp $HOME_NET any -> [210.1.248.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.1.248.186/; sid:900724281; rev:1;) alert tcp $HOME_NET any -> [212.174.57.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.174.57.124/; sid:900724280; rev:1;) alert tcp $HOME_NET any -> [94.247.20.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.20.26/; sid:900724278; rev:1;) alert tcp $HOME_NET any -> [41.79.231.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.79.231.118/; sid:900724277; rev:1;) alert tcp $HOME_NET any -> [178.254.31.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.31.162/; sid:900724275; rev:1;) alert tcp $HOME_NET any -> [176.43.121.249] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.43.121.249/; sid:900724274; rev:1;) alert tcp $HOME_NET any -> [85.104.117.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.117.11/; sid:900724273; rev:1;) alert tcp $HOME_NET any -> [196.218.42.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.218.42.207/; sid:900724271; rev:1;) alert tcp $HOME_NET any -> [83.169.36.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.36.58/; sid:900724269; rev:1;) alert tcp $HOME_NET any -> [81.182.250.78] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.182.250.78/; sid:900724268; rev:1;) alert tcp $HOME_NET any -> [103.11.83.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.83.112/; sid:900724267; rev:1;) alert tcp $HOME_NET any -> [122.169.101.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.169.101.242/; sid:900724266; rev:1;) alert tcp $HOME_NET any -> [203.122.44.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.44.178/; sid:900724265; rev:1;) alert tcp $HOME_NET any -> [103.44.18.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.44.18.238/; sid:900724264; rev:1;) alert tcp $HOME_NET any -> [39.61.53.136] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.53.136/; sid:900724263; rev:1;) alert tcp $HOME_NET any -> [86.98.59.115] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.59.115/; sid:900724262; rev:1;) alert tcp $HOME_NET any -> [202.83.16.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.83.16.150/; sid:900724261; rev:1;) alert tcp $HOME_NET any -> [190.6.167.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.167.153/; sid:900724260; rev:1;) alert tcp $HOME_NET any -> [187.143.186.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.143.186.159/; sid:900724259; rev:1;) alert tcp $HOME_NET any -> [200.126.228.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.228.236/; sid:900721897; rev:1;) alert tcp $HOME_NET any -> [189.145.144.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.145.144.172/; sid:900721895; rev:1;) alert tcp $HOME_NET any -> [124.100.221.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.100.221.134/; sid:900721892; rev:1;) alert tcp $HOME_NET any -> [189.132.43.14] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.132.43.14/; sid:900721882; rev:1;) alert tcp $HOME_NET any -> [200.71.148.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.148.138/; sid:900721876; rev:1;) alert tcp $HOME_NET any -> [45.118.32.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.32.204/; sid:900721873; rev:1;) alert tcp $HOME_NET any -> [101.187.243.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.243.188/; sid:900721872; rev:1;) alert tcp $HOME_NET any -> [61.79.164.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.79.164.230/; sid:900721869; rev:1;) alert tcp $HOME_NET any -> [54.38.42.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.42.189/; sid:900721864; rev:1;) alert tcp $HOME_NET any -> [187.199.72.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.72.153/; sid:900721863; rev:1;) alert tcp $HOME_NET any -> [187.163.205.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.205.19/; sid:900721862; rev:1;) alert tcp $HOME_NET any -> [189.189.203.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.203.152/; sid:900721861; rev:1;) alert tcp $HOME_NET any -> [60.49.37.128] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.49.37.128/; sid:900721860; rev:1;) alert tcp $HOME_NET any -> [79.78.139.74] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.139.74/; sid:900721441; rev:1;) alert tcp $HOME_NET any -> [78.186.175.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.54/; sid:900721437; rev:1;) alert tcp $HOME_NET any -> [24.232.26.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.26.157/; sid:900721431; rev:1;) alert tcp $HOME_NET any -> [54.39.180.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.180.109/; sid:900721425; rev:1;) alert tcp $HOME_NET any -> [105.184.191.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.191.243/; sid:900721424; rev:1;) alert tcp $HOME_NET any -> [187.177.155.123] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.155.123/; sid:900721423; rev:1;) alert tcp $HOME_NET any -> [81.136.148.196] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.148.196/; sid:900721417; rev:1;) alert tcp $HOME_NET any -> [190.210.37.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.37.122/; sid:900721416; rev:1;) alert tcp $HOME_NET any -> [181.29.77.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.77.158/; sid:900721415; rev:1;) alert tcp $HOME_NET any -> [181.111.60.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.111.60.39/; sid:900721414; rev:1;) alert tcp $HOME_NET any -> [187.243.203.67] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.203.67/; sid:900721413; rev:1;) alert tcp $HOME_NET any -> [109.74.142.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.142.74/; sid:900721412; rev:1;) alert tcp $HOME_NET any -> [110.37.219.134] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.219.134/; sid:900721411; rev:1;) alert tcp $HOME_NET any -> [152.168.60.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.60.9/; sid:900721410; rev:1;) alert tcp $HOME_NET any -> [190.152.12.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.12.86/; sid:900721409; rev:1;) alert tcp $HOME_NET any -> [190.146.201.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.201.54/; sid:900721408; rev:1;) alert tcp $HOME_NET any -> [190.6.140.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.140.136/; sid:900721267; rev:1;) alert tcp $HOME_NET any -> [216.8.172.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.172.167/; sid:900721265; rev:1;) alert tcp $HOME_NET any -> [181.28.109.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.109.32/; sid:900721264; rev:1;) alert tcp $HOME_NET any -> [190.224.219.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.224.219.14/; sid:900721263; rev:1;) alert tcp $HOME_NET any -> [201.212.49.159] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.159/; sid:900721260; rev:1;) alert tcp $HOME_NET any -> [200.123.110.50] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.110.50/; sid:900721257; rev:1;) alert tcp $HOME_NET any -> [94.100.167.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.100.167.7/; sid:900721256; rev:1;) alert tcp $HOME_NET any -> [190.72.55.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.55.98/; sid:900721250; rev:1;) alert tcp $HOME_NET any -> [186.90.238.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.238.36/; sid:900721247; rev:1;) alert tcp $HOME_NET any -> [190.195.199.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.199.97/; sid:900721244; rev:1;) alert tcp $HOME_NET any -> [190.104.221.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.221.186/; sid:900721241; rev:1;) alert tcp $HOME_NET any -> [181.31.10.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.10.25/; sid:900721240; rev:1;) alert tcp $HOME_NET any -> [190.31.132.206] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.31.132.206/; sid:900721239; rev:1;) alert tcp $HOME_NET any -> [41.76.243.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.243.113/; sid:900721238; rev:1;) alert tcp $HOME_NET any -> [181.126.47.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.47.7/; sid:900721038; rev:1;) alert tcp $HOME_NET any -> [190.145.67.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.67.178/; sid:900721030; rev:1;) alert tcp $HOME_NET any -> [186.89.170.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.89.170.142/; sid:900721029; rev:1;) alert tcp $HOME_NET any -> [190.79.170.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.170.161/; sid:900721027; rev:1;) alert tcp $HOME_NET any -> [88.250.255.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.255.12/; sid:900721025; rev:1;) alert tcp $HOME_NET any -> [87.224.1.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.224.1.34/; sid:900721024; rev:1;) alert tcp $HOME_NET any -> [173.178.223.66] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.223.66/; sid:900721022; rev:1;) alert tcp $HOME_NET any -> [187.148.173.68] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.173.68/; sid:900721021; rev:1;) alert tcp $HOME_NET any -> [217.165.236.108] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.236.108/; sid:900721019; rev:1;) alert tcp $HOME_NET any -> [24.53.224.19] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.224.19/; sid:900721015; rev:1;) alert tcp $HOME_NET any -> [65.94.72.239] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.72.239/; sid:900721011; rev:1;) alert tcp $HOME_NET any -> [142.59.39.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.59.39.157/; sid:900721010; rev:1;) alert tcp $HOME_NET any -> [203.130.23.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.23.27/; sid:900721009; rev:1;) alert tcp $HOME_NET any -> [190.114.242.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.114.242.130/; sid:900721008; rev:1;) alert tcp $HOME_NET any -> [189.163.1.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.1.225/; sid:900721007; rev:1;) alert tcp $HOME_NET any -> [216.244.217.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.217.182/; sid:900721006; rev:1;) alert tcp $HOME_NET any -> [190.141.163.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.163.190/; sid:900721005; rev:1;) alert tcp $HOME_NET any -> [70.45.114.92] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.114.92/; sid:900721004; rev:1;) alert tcp $HOME_NET any -> [189.187.170.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.187.170.206/; sid:900721003; rev:1;) alert tcp $HOME_NET any -> [190.151.0.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.0.46/; sid:900721002; rev:1;) alert tcp $HOME_NET any -> [114.79.159.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.159.169/; sid:900721000; rev:1;) alert tcp $HOME_NET any -> [88.247.163.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.163.44/; sid:900720998; rev:1;) alert tcp $HOME_NET any -> [114.79.133.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.133.102/; sid:900720997; rev:1;) alert tcp $HOME_NET any -> [78.189.207.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.207.238/; sid:900720995; rev:1;) alert tcp $HOME_NET any -> [203.122.44.152] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.44.152/; sid:900720993; rev:1;) alert tcp $HOME_NET any -> [42.200.102.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.102.153/; sid:900720990; rev:1;) alert tcp $HOME_NET any -> [46.29.143.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.29.143.219/; sid:900720989; rev:1;) alert tcp $HOME_NET any -> [49.248.119.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.119.186/; sid:900720988; rev:1;) alert tcp $HOME_NET any -> [86.98.66.88] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.66.88/; sid:900720986; rev:1;) alert tcp $HOME_NET any -> [113.182.203.150] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.182.203.150/; sid:900720981; rev:1;) alert tcp $HOME_NET any -> [105.225.156.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.156.246/; sid:900720978; rev:1;) alert tcp $HOME_NET any -> [91.93.202.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.93.202.142/; sid:900720975; rev:1;) alert tcp $HOME_NET any -> [27.54.146.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.54.146.165/; sid:900720972; rev:1;) alert tcp $HOME_NET any -> [110.172.188.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.210/; sid:900720971; rev:1;) alert tcp $HOME_NET any -> [203.99.177.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.177.144/; sid:900720970; rev:1;) alert tcp $HOME_NET any -> [221.160.242.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.160.242.77/; sid:900720969; rev:1;) alert tcp $HOME_NET any -> [111.223.147.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.223.147.4/; sid:900720968; rev:1;) alert tcp $HOME_NET any -> [94.13.70.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.13.70.255/; sid:900720967; rev:1;) alert tcp $HOME_NET any -> [189.154.39.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.39.153/; sid:900720966; rev:1;) alert tcp $HOME_NET any -> [189.180.237.144] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.237.144/; sid:900720965; rev:1;) alert tcp $HOME_NET any -> [186.136.68.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.68.246/; sid:900720964; rev:1;) alert tcp $HOME_NET any -> [201.111.83.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.83.186/; sid:900720963; rev:1;) alert tcp $HOME_NET any -> [96.21.235.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.235.243/; sid:900720887; rev:1;) alert tcp $HOME_NET any -> [189.178.109.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.109.180/; sid:900720884; rev:1;) alert tcp $HOME_NET any -> [189.134.34.13] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.34.13/; sid:900720883; rev:1;) alert tcp $HOME_NET any -> [50.101.109.25] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.109.25/; sid:900720881; rev:1;) alert tcp $HOME_NET any -> [200.105.164.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.164.138/; sid:900720876; rev:1;) alert tcp $HOME_NET any -> [60.240.221.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.240.221.183/; sid:900720875; rev:1;) alert tcp $HOME_NET any -> [190.0.28.219] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.28.219/; sid:900720869; rev:1;) alert tcp $HOME_NET any -> [179.52.124.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.124.226/; sid:900720866; rev:1;) alert tcp $HOME_NET any -> [189.225.119.5] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.119.5/; sid:900720865; rev:1;) alert tcp $HOME_NET any -> [181.170.160.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.160.21/; sid:900720861; rev:1;) alert tcp $HOME_NET any -> [81.132.30.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.132.30.110/; sid:900720860; rev:1;) alert tcp $HOME_NET any -> [190.85.8.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.157/; sid:900720859; rev:1;) alert tcp $HOME_NET any -> [181.46.149.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.149.53/; sid:900720858; rev:1;) alert tcp $HOME_NET any -> [201.244.43.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.43.242/; sid:900720857; rev:1;) alert tcp $HOME_NET any -> [186.66.93.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.93.242/; sid:900720856; rev:1;) alert tcp $HOME_NET any -> [152.169.192.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.192.209/; sid:900720855; rev:1;) alert tcp $HOME_NET any -> [179.33.30.194] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.33.30.194/; sid:900720854; rev:1;) alert tcp $HOME_NET any -> [186.96.193.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.193.55/; sid:900720853; rev:1;) alert tcp $HOME_NET any -> [217.34.55.79] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.34.55.79/; sid:900720852; rev:1;) alert tcp $HOME_NET any -> [142.163.208.70] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.163.208.70/; sid:900720733; rev:1;) alert tcp $HOME_NET any -> [222.235.126.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.235.126.213/; sid:900720723; rev:1;) alert tcp $HOME_NET any -> [137.59.227.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.59.227.184/; sid:900720722; rev:1;) alert tcp $HOME_NET any -> [103.53.44.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.26/; sid:900720715; rev:1;) alert tcp $HOME_NET any -> [87.191.170.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.191.170.153/; sid:900720712; rev:1;) alert tcp $HOME_NET any -> [46.130.113.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.130.113.218/; sid:900720711; rev:1;) alert tcp $HOME_NET any -> [201.171.3.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.3.20/; sid:900720710; rev:1;) alert tcp $HOME_NET any -> [191.102.109.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.102.109.158/; sid:900720709; rev:1;) alert tcp $HOME_NET any -> [70.52.138.10] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.52.138.10/; sid:900720708; rev:1;) alert tcp $HOME_NET any -> [200.25.160.121] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.25.160.121/; sid:900720707; rev:1;) alert tcp $HOME_NET any -> [187.147.253.144] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.253.144/; sid:900720706; rev:1;) alert tcp $HOME_NET any -> [217.165.116.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.116.167/; sid:900720705; rev:1;) alert tcp $HOME_NET any -> [197.89.216.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.216.173/; sid:900720704; rev:1;) alert tcp $HOME_NET any -> [85.97.123.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.97.123.102/; sid:900720227; rev:1;) alert tcp $HOME_NET any -> [24.53.48.176] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.48.176/; sid:900720225; rev:1;) alert tcp $HOME_NET any -> [200.126.171.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.171.225/; sid:900720221; rev:1;) alert tcp $HOME_NET any -> [181.48.236.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.236.93/; sid:900720220; rev:1;) alert tcp $HOME_NET any -> [187.220.99.192] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.220.99.192/; sid:900720218; rev:1;) alert tcp $HOME_NET any -> [185.86.148.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.148.222/; sid:900720216; rev:1;) alert tcp $HOME_NET any -> [190.100.136.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.136.117/; sid:900720213; rev:1;) alert tcp $HOME_NET any -> [184.145.137.151] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.145.137.151/; sid:900720212; rev:1;) alert tcp $HOME_NET any -> [81.143.197.4] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.197.4/; sid:900720211; rev:1;) alert tcp $HOME_NET any -> [130.241.35.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.241.35.152/; sid:900720208; rev:1;) alert tcp $HOME_NET any -> [181.44.96.147] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.96.147/; sid:900720206; rev:1;) alert tcp $HOME_NET any -> [198.61.196.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.196.18/; sid:900720204; rev:1;) alert tcp $HOME_NET any -> [220.247.246.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.247.246.243/; sid:900720203; rev:1;) alert tcp $HOME_NET any -> [190.1.49.204] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.1.49.204/; sid:900720202; rev:1;) alert tcp $HOME_NET any -> [190.56.255.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.56.255.118/; sid:900720201; rev:1;) alert tcp $HOME_NET any -> [190.171.216.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.216.50/; sid:900720200; rev:1;) alert tcp $HOME_NET any -> [81.134.93.59] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.93.59/; sid:900720199; rev:1;) alert tcp $HOME_NET any -> [189.159.133.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.133.168/; sid:900720198; rev:1;) alert tcp $HOME_NET any -> [200.123.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.150.89/; sid:900720197; rev:1;) alert tcp $HOME_NET any -> [201.170.181.168] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.181.168/; sid:900720196; rev:1;) alert tcp $HOME_NET any -> [209.239.4.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.4.118/; sid:900720195; rev:1;) alert tcp $HOME_NET any -> [200.91.50.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.91.50.2/; sid:900720194; rev:1;) alert tcp $HOME_NET any -> [188.122.51.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.122.51.199/; sid:900720193; rev:1;) alert tcp $HOME_NET any -> [101.99.23.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.99.23.252/; sid:900720186; rev:1;) alert tcp $HOME_NET any -> [221.162.74.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.162.74.239/; sid:900720183; rev:1;) alert tcp $HOME_NET any -> [39.88.192.28] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.88.192.28/; sid:900720182; rev:1;) alert tcp $HOME_NET any -> [101.187.199.72] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.199.72/; sid:900720181; rev:1;) alert tcp $HOME_NET any -> [109.2.99.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.2.99.144/; sid:900720177; rev:1;) alert tcp $HOME_NET any -> [80.253.241.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.253.241.66/; sid:900720176; rev:1;) alert tcp $HOME_NET any -> [88.174.131.38] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.174.131.38/; sid:900720171; rev:1;) alert tcp $HOME_NET any -> [49.207.182.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.207.182.22/; sid:900720169; rev:1;) alert tcp $HOME_NET any -> [106.243.237.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.237.73/; sid:900720168; rev:1;) alert tcp $HOME_NET any -> [121.69.90.14] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.69.90.14/; sid:900720165; rev:1;) alert tcp $HOME_NET any -> [188.53.210.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.53.210.137/; sid:900720164; rev:1;) alert tcp $HOME_NET any -> [99.226.186.39] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.226.186.39/; sid:900720163; rev:1;) alert tcp $HOME_NET any -> [77.69.190.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.69.190.139/; sid:900720162; rev:1;) alert tcp $HOME_NET any -> [45.227.225.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.227.225.46/; sid:900720161; rev:1;) alert tcp $HOME_NET any -> [41.177.126.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.177.126.139/; sid:900720160; rev:1;) alert tcp $HOME_NET any -> [54.38.91.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.91.176/; sid:900720159; rev:1;) alert tcp $HOME_NET any -> [189.142.157.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.142.157.203/; sid:900720158; rev:1;) alert tcp $HOME_NET any -> [190.56.149.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.56.149.122/; sid:900720157; rev:1;) alert tcp $HOME_NET any -> [54.39.178.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.178.177/; sid:900720156; rev:1;) alert tcp $HOME_NET any -> [41.71.19.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.71.19.139/; sid:900717259; rev:1;) alert tcp $HOME_NET any -> [105.186.166.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.166.65/; sid:900717252; rev:1;) alert tcp $HOME_NET any -> [2.50.150.240] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.150.240/; sid:900717239; rev:1;) alert tcp $HOME_NET any -> [165.255.145.156] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.145.156/; sid:900717238; rev:1;) alert tcp $HOME_NET any -> [58.65.211.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.211.99/; sid:900717155; rev:1;) alert tcp $HOME_NET any -> [201.110.102.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.102.182/; sid:900717151; rev:1;) alert tcp $HOME_NET any -> [77.30.231.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.30.231.30/; sid:900717146; rev:1;) alert tcp $HOME_NET any -> [59.96.244.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.96.244.37/; sid:900717145; rev:1;) alert tcp $HOME_NET any -> [200.29.111.252] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.29.111.252/; sid:900717144; rev:1;) alert tcp $HOME_NET any -> [124.194.66.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.194.66.218/; sid:900717143; rev:1;) alert tcp $HOME_NET any -> [187.198.19.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.19.70/; sid:900717141; rev:1;) alert tcp $HOME_NET any -> [120.150.66.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.66.156/; sid:900717140; rev:1;) alert tcp $HOME_NET any -> [187.250.201.195] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.201.195/; sid:900717137; rev:1;) alert tcp $HOME_NET any -> [189.248.128.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.248.128.101/; sid:900717136; rev:1;) alert tcp $HOME_NET any -> [89.211.243.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.243.207/; sid:900717133; rev:1;) alert tcp $HOME_NET any -> [189.183.174.174] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.174.174/; sid:900717132; rev:1;) alert tcp $HOME_NET any -> [189.186.19.97] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.19.97/; sid:900717131; rev:1;) alert tcp $HOME_NET any -> [105.225.199.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.199.219/; sid:900717130; rev:1;) alert tcp $HOME_NET any -> [85.243.49.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.243.49.63/; sid:900717129; rev:1;) alert tcp $HOME_NET any -> [187.205.170.3] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.205.170.3/; sid:900717128; rev:1;) alert tcp $HOME_NET any -> [189.152.183.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.183.239/; sid:900717127; rev:1;) alert tcp $HOME_NET any -> [169.0.142.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.142.82/; sid:900717126; rev:1;) alert tcp $HOME_NET any -> [83.110.95.159] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.95.159/; sid:900717125; rev:1;) alert tcp $HOME_NET any -> [105.228.198.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.198.254/; sid:900717124; rev:1;) alert tcp $HOME_NET any -> [189.236.139.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.139.230/; sid:900717123; rev:1;) alert tcp $HOME_NET any -> [189.162.104.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.162.104.16/; sid:900717121; rev:1;) alert tcp $HOME_NET any -> [190.173.73.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.173.73.135/; sid:900717120; rev:1;) alert tcp $HOME_NET any -> [190.139.134.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.139.134.60/; sid:900717116; rev:1;) alert tcp $HOME_NET any -> [190.158.193.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.193.245/; sid:900717115; rev:1;) alert tcp $HOME_NET any -> [189.231.145.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.231.145.106/; sid:900717110; rev:1;) alert tcp $HOME_NET any -> [200.8.143.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.8.143.148/; sid:900717105; rev:1;) alert tcp $HOME_NET any -> [187.136.95.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.136.95.168/; sid:900717102; rev:1;) alert tcp $HOME_NET any -> [186.156.228.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.156.228.33/; sid:900717100; rev:1;) alert tcp $HOME_NET any -> [190.97.212.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.212.150/; sid:900717099; rev:1;) alert tcp $HOME_NET any -> [189.146.214.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.214.30/; sid:900717098; rev:1;) alert tcp $HOME_NET any -> [189.193.19.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.193.19.5/; sid:900717095; rev:1;) alert tcp $HOME_NET any -> [189.195.1.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.1.15/; sid:900717094; rev:1;) alert tcp $HOME_NET any -> [186.0.76.40] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.76.40/; sid:900717093; rev:1;) alert tcp $HOME_NET any -> [186.16.209.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.209.106/; sid:900717092; rev:1;) alert tcp $HOME_NET any -> [190.240.45.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.45.201/; sid:900717091; rev:1;) alert tcp $HOME_NET any -> [178.200.64.181] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.200.64.181/; sid:900717090; rev:1;) alert tcp $HOME_NET any -> [190.15.153.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.153.90/; sid:900717089; rev:1;) alert tcp $HOME_NET any -> [181.230.241.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.241.2/; sid:900717088; rev:1;) alert tcp $HOME_NET any -> [186.103.219.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.219.114/; sid:900717087; rev:1;) alert tcp $HOME_NET any -> [142.112.27.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.112.27.238/; sid:900717086; rev:1;) alert tcp $HOME_NET any -> [208.180.47.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.47.78/; sid:900716930; rev:1;) alert tcp $HOME_NET any -> [24.248.210.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.248.210.137/; sid:900716923; rev:1;) alert tcp $HOME_NET any -> [190.147.162.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.162.82/; sid:900716922; rev:1;) alert tcp $HOME_NET any -> [72.38.164.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.38.164.146/; sid:900716921; rev:1;) alert tcp $HOME_NET any -> [167.250.193.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.250.193.184/; sid:900716915; rev:1;) alert tcp $HOME_NET any -> [181.44.88.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.88.97/; sid:900716914; rev:1;) alert tcp $HOME_NET any -> [181.54.149.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.149.75/; sid:900716912; rev:1;) alert tcp $HOME_NET any -> [86.165.201.190] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.201.190/; sid:900716908; rev:1;) alert tcp $HOME_NET any -> [76.102.38.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.102.38.14/; sid:900716907; rev:1;) alert tcp $HOME_NET any -> [46.228.199.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.228.199.98/; sid:900716906; rev:1;) alert tcp $HOME_NET any -> [169.0.100.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.63/; sid:900716902; rev:1;) alert tcp $HOME_NET any -> [189.208.149.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.149.163/; sid:900716901; rev:1;) alert tcp $HOME_NET any -> [189.146.73.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.73.28/; sid:900716900; rev:1;) alert tcp $HOME_NET any -> [71.221.87.227] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.221.87.227/; sid:900716899; rev:1;) alert tcp $HOME_NET any -> [65.29.69.193] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.69.193/; sid:900716898; rev:1;) alert tcp $HOME_NET any -> [47.205.41.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.205.41.43/; sid:900716897; rev:1;) alert tcp $HOME_NET any -> [72.22.245.117] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.22.245.117/; sid:900716896; rev:1;) alert tcp $HOME_NET any -> [119.92.51.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.92.51.40/; sid:900716895; rev:1;) alert tcp $HOME_NET any -> [74.104.175.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.104.175.6/; sid:900716894; rev:1;) alert tcp $HOME_NET any -> [142.169.99.1] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.169.99.1/; sid:900716893; rev:1;) alert tcp $HOME_NET any -> [98.26.18.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.26.18.226/; sid:900716888; rev:1;) alert tcp $HOME_NET any -> [108.190.108.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.108.173/; sid:900716884; rev:1;) alert tcp $HOME_NET any -> [189.181.224.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.181.224.33/; sid:900716881; rev:1;) alert tcp $HOME_NET any -> [76.97.133.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.97.133.251/; sid:900716880; rev:1;) alert tcp $HOME_NET any -> [71.125.28.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.125.28.55/; sid:900716875; rev:1;) alert tcp $HOME_NET any -> [76.72.180.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.72.180.184/; sid:900716874; rev:1;) alert tcp $HOME_NET any -> [151.253.92.20] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.253.92.20/; sid:900716872; rev:1;) alert tcp $HOME_NET any -> [73.163.161.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.163.161.117/; sid:900716870; rev:1;) alert tcp $HOME_NET any -> [70.171.185.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.171.185.162/; sid:900716868; rev:1;) alert tcp $HOME_NET any -> [96.255.49.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.255.49.68/; sid:900716867; rev:1;) alert tcp $HOME_NET any -> [190.100.158.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.158.207/; sid:900716864; rev:1;) alert tcp $HOME_NET any -> [83.110.204.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.204.231/; sid:900716863; rev:1;) alert tcp $HOME_NET any -> [173.166.140.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.166.140.145/; sid:900716862; rev:1;) alert tcp $HOME_NET any -> [24.158.46.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.158.46.82/; sid:900716861; rev:1;) alert tcp $HOME_NET any -> [120.151.13.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.13.225/; sid:900716860; rev:1;) alert tcp $HOME_NET any -> [217.165.183.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.183.54/; sid:900716859; rev:1;) alert tcp $HOME_NET any -> [74.129.194.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.129.194.207/; sid:900716386; rev:1;) alert tcp $HOME_NET any -> [189.158.106.37] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.158.106.37/; sid:900716383; rev:1;) alert tcp $HOME_NET any -> [189.223.176.239] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.176.239/; sid:900716382; rev:1;) alert tcp $HOME_NET any -> [189.190.21.137] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.21.137/; sid:900716377; rev:1;) alert tcp $HOME_NET any -> [69.1.1.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.1.1.43/; sid:900716375; rev:1;) alert tcp $HOME_NET any -> [78.187.173.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.173.144/; sid:900716374; rev:1;) alert tcp $HOME_NET any -> [110.143.203.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.203.200/; sid:900716242; rev:1;) alert tcp $HOME_NET any -> [12.49.146.218] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.49.146.218/; sid:900716240; rev:1;) alert tcp $HOME_NET any -> [208.105.77.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.105.77.2/; sid:900716237; rev:1;) alert tcp $HOME_NET any -> [201.236.217.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.217.192/; sid:900716223; rev:1;) alert tcp $HOME_NET any -> [91.109.13.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.109.13.64/; sid:900716222; rev:1;) alert tcp $HOME_NET any -> [71.56.132.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.56.132.47/; sid:900716218; rev:1;) alert tcp $HOME_NET any -> [187.163.65.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.65.65/; sid:900716217; rev:1;) alert tcp $HOME_NET any -> [189.236.27.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.27.253/; sid:900716216; rev:1;) alert tcp $HOME_NET any -> [200.236.117.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.117.151/; sid:900716215; rev:1;) alert tcp $HOME_NET any -> [100.33.158.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.33.158.222/; sid:900716214; rev:1;) alert tcp $HOME_NET any -> [99.225.98.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.225.98.242/; sid:900716213; rev:1;) alert tcp $HOME_NET any -> [200.6.168.130] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.168.130/; sid:900716211; rev:1;) alert tcp $HOME_NET any -> [80.149.179.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.149.179.98/; sid:900716210; rev:1;) alert tcp $HOME_NET any -> [187.160.2.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.160.2.73/; sid:900716209; rev:1;) alert tcp $HOME_NET any -> [99.101.106.98] 11892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.101.106.98/; sid:900716208; rev:1;) alert tcp $HOME_NET any -> [97.115.32.101] 25965 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.115.32.101/; sid:900716207; rev:1;) alert tcp $HOME_NET any -> [105.32.101.117] 8307 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.32.101.117/; sid:900716206; rev:1;) alert tcp $HOME_NET any -> [110.114.117.116] 30240 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.114.117.116/; sid:900716205; rev:1;) alert tcp $HOME_NET any -> [104.116.32.44] 8293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.116.32.44/; sid:900716204; rev:1;) alert tcp $HOME_NET any -> [116.115.32.97] 26994 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.115.32.97/; sid:900716203; rev:1;) alert tcp $HOME_NET any -> [216.164.125.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.164.125.225/; sid:900715854; rev:1;) alert tcp $HOME_NET any -> [78.186.23.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.23.245/; sid:900715853; rev:1;) alert tcp $HOME_NET any -> [160.7.252.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.7.252.246/; sid:900715852; rev:1;) alert tcp $HOME_NET any -> [123.51.98.27] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.51.98.27/; sid:900715848; rev:1;) alert tcp $HOME_NET any -> [85.106.1.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.106.1.166/; sid:900715845; rev:1;) alert tcp $HOME_NET any -> [169.0.105.26] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.105.26/; sid:900715839; rev:1;) alert tcp $HOME_NET any -> [190.72.60.232] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.60.232/; sid:900715832; rev:1;) alert tcp $HOME_NET any -> [187.137.103.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.103.63/; sid:900715831; rev:1;) alert tcp $HOME_NET any -> [95.9.136.134] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.136.134/; sid:900715174; rev:1;) alert tcp $HOME_NET any -> [190.18.217.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.217.94/; sid:900715170; rev:1;) alert tcp $HOME_NET any -> [190.108.228.43] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.43/; sid:900715167; rev:1;) alert tcp $HOME_NET any -> [100.7.75.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.7.75.236/; sid:900715161; rev:1;) alert tcp $HOME_NET any -> [173.17.134.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.17.134.231/; sid:900715160; rev:1;) alert tcp $HOME_NET any -> [84.9.29.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.9.29.111/; sid:900715157; rev:1;) alert tcp $HOME_NET any -> [189.253.110.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.110.230/; sid:900715153; rev:1;) alert tcp $HOME_NET any -> [189.180.51.94] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.51.94/; sid:900715152; rev:1;) alert tcp $HOME_NET any -> [50.79.146.13] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.79.146.13/; sid:900715149; rev:1;) alert tcp $HOME_NET any -> [91.236.245.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.236.245.65/; sid:900715147; rev:1;) alert tcp $HOME_NET any -> [186.68.82.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.82.19/; sid:900715146; rev:1;) alert tcp $HOME_NET any -> [128.234.190.116] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.234.190.116/; sid:900715145; rev:1;) alert tcp $HOME_NET any -> [54.39.179.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.179.152/; sid:900715144; rev:1;) alert tcp $HOME_NET any -> [190.171.208.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.208.218/; sid:900715143; rev:1;) alert tcp $HOME_NET any -> [186.149.243.238] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.243.238/; sid:900715142; rev:1;) alert tcp $HOME_NET any -> [114.55.106.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.55.106.210/; sid:900715141; rev:1;) alert tcp $HOME_NET any -> [47.147.11.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.147.11.21/; sid:900715140; rev:1;) alert tcp $HOME_NET any -> [187.220.233.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.220.233.135/; sid:900715139; rev:1;) alert tcp $HOME_NET any -> [98.6.40.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.40.86/; sid:900715138; rev:1;) alert tcp $HOME_NET any -> [217.165.2.133] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.133/; sid:900715137; rev:1;) alert tcp $HOME_NET any -> [37.187.150.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.150.39/; sid:900715133; rev:1;) alert tcp $HOME_NET any -> [119.196.94.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.196.94.222/; sid:900715132; rev:1;) alert tcp $HOME_NET any -> [181.165.31.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.31.120/; sid:900715131; rev:1;) alert tcp $HOME_NET any -> [142.129.161.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.129.161.136/; sid:900715130; rev:1;) alert tcp $HOME_NET any -> [92.48.118.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.48.118.27/; sid:900715126; rev:1;) alert tcp $HOME_NET any -> [96.240.18.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.240.18.23/; sid:900715124; rev:1;) alert tcp $HOME_NET any -> [186.136.75.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.75.37/; sid:900715120; rev:1;) alert tcp $HOME_NET any -> [186.66.12.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.12.10/; sid:900715115; rev:1;) alert tcp $HOME_NET any -> [213.16.213.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.16.213.197/; sid:900715114; rev:1;) alert tcp $HOME_NET any -> [186.109.81.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.81.97/; sid:900715113; rev:1;) alert tcp $HOME_NET any -> [181.118.206.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.206.6/; sid:900715112; rev:1;) alert tcp $HOME_NET any -> [213.159.215.1] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.215.1/; sid:900715109; rev:1;) alert tcp $HOME_NET any -> [79.77.53.46] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.77.53.46/; sid:900715108; rev:1;) alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900715107; rev:1;) alert tcp $HOME_NET any -> [170.84.133.72] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.133.72/; sid:900715106; rev:1;) alert tcp $HOME_NET any -> [47.180.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.65.61/; sid:900715105; rev:1;) alert tcp $HOME_NET any -> [216.146.254.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.146.254.225/; sid:900715104; rev:1;) alert tcp $HOME_NET any -> [109.170.203.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.203.154/; sid:900715103; rev:1;) alert tcp $HOME_NET any -> [190.92.123.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.123.178/; sid:900715102; rev:1;) alert tcp $HOME_NET any -> [24.85.236.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.85.236.47/; sid:900715101; rev:1;) alert tcp $HOME_NET any -> [115.88.75.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.75.245/; sid:900715100; rev:1;) alert tcp $HOME_NET any -> [190.220.69.69] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.69.69/; sid:900715099; rev:1;) alert tcp $HOME_NET any -> [202.91.43.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.43.204/; sid:900714936; rev:1;) alert tcp $HOME_NET any -> [200.204.204.204] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.204.204.204/; sid:900714922; rev:1;) alert tcp $HOME_NET any -> [159.118.53.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.118.53.150/; sid:900712865; rev:1;) alert tcp $HOME_NET any -> [58.108.220.220] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.108.220.220/; sid:900712859; rev:1;) alert tcp $HOME_NET any -> [179.38.83.88] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.38.83.88/; sid:900712857; rev:1;) alert tcp $HOME_NET any -> [104.34.29.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.34.29.60/; sid:900712853; rev:1;) alert tcp $HOME_NET any -> [68.103.38.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.103.38.30/; sid:900712852; rev:1;) alert tcp $HOME_NET any -> [190.171.237.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.136/; sid:900712851; rev:1;) alert tcp $HOME_NET any -> [204.184.25.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.163/; sid:900712850; rev:1;) alert tcp $HOME_NET any -> [134.19.217.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.19.217.70/; sid:900712848; rev:1;) alert tcp $HOME_NET any -> [190.128.82.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.82.61/; sid:900712847; rev:1;) alert tcp $HOME_NET any -> [24.248.202.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.248.202.22/; sid:900712842; rev:1;) alert tcp $HOME_NET any -> [198.136.49.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.136.49.139/; sid:900712841; rev:1;) alert tcp $HOME_NET any -> [79.130.46.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.46.68/; sid:900712840; rev:1;) alert tcp $HOME_NET any -> [98.217.222.167] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.217.222.167/; sid:900712839; rev:1;) alert tcp $HOME_NET any -> [98.175.204.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.204.114/; sid:900712838; rev:1;) alert tcp $HOME_NET any -> [187.138.28.244] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.28.244/; sid:900712837; rev:1;) alert tcp $HOME_NET any -> [95.155.24.108] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.155.24.108/; sid:900712836; rev:1;) alert tcp $HOME_NET any -> [186.4.167.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.167.166/; sid:900712835; rev:1;) alert tcp $HOME_NET any -> [74.79.252.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.79.252.106/; sid:900712834; rev:1;) alert tcp $HOME_NET any -> [71.179.135.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.179.135.10/; sid:900712833; rev:1;) alert tcp $HOME_NET any -> [109.104.79.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.79.48/; sid:900712358; rev:1;) alert tcp $HOME_NET any -> [86.43.125.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.43.125.152/; sid:900712356; rev:1;) alert tcp $HOME_NET any -> [107.184.201.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.184.201.99/; sid:900712354; rev:1;) alert tcp $HOME_NET any -> [92.27.103.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.103.140/; sid:900712350; rev:1;) alert tcp $HOME_NET any -> [138.68.139.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.139.199/; sid:900712346; rev:1;) alert tcp $HOME_NET any -> [209.112.181.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.112.181.206/; sid:900712345; rev:1;) alert tcp $HOME_NET any -> [135.19.206.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.19.206.30/; sid:900712342; rev:1;) alert tcp $HOME_NET any -> [200.52.75.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.75.212/; sid:900712340; rev:1;) alert tcp $HOME_NET any -> [98.188.200.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.188.200.74/; sid:900712339; rev:1;) alert tcp $HOME_NET any -> [216.221.68.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.68.35/; sid:900712337; rev:1;) alert tcp $HOME_NET any -> [181.228.204.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.204.125/; sid:900712336; rev:1;) alert tcp $HOME_NET any -> [98.5.163.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.5.163.186/; sid:900712335; rev:1;) alert tcp $HOME_NET any -> [201.196.89.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.196.89.80/; sid:900712334; rev:1;) alert tcp $HOME_NET any -> [192.237.251.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.237.251.185/; sid:900712332; rev:1;) alert tcp $HOME_NET any -> [189.157.235.122] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.235.122/; sid:900712331; rev:1;) alert tcp $HOME_NET any -> [189.210.114.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.114.18/; sid:900712330; rev:1;) alert tcp $HOME_NET any -> [190.96.22.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.22.93/; sid:900712329; rev:1;) alert tcp $HOME_NET any -> [81.213.63.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.63.109/; sid:900712328; rev:1;) alert tcp $HOME_NET any -> [186.23.189.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.189.192/; sid:900712327; rev:1;) alert tcp $HOME_NET any -> [23.25.165.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.165.74/; sid:900712326; rev:1;) alert tcp $HOME_NET any -> [200.60.71.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.60.71.194/; sid:900712325; rev:1;) alert tcp $HOME_NET any -> [187.155.234.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.234.215/; sid:900712324; rev:1;) alert tcp $HOME_NET any -> [189.155.54.228] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.54.228/; sid:900712323; rev:1;) alert tcp $HOME_NET any -> [162.252.103.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.252.103.78/; sid:900712322; rev:1;) alert tcp $HOME_NET any -> [71.179.46.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.179.46.252/; sid:900711459; rev:1;) alert tcp $HOME_NET any -> [202.51.181.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.181.50/; sid:900711457; rev:1;) alert tcp $HOME_NET any -> [73.6.157.159] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.6.157.159/; sid:900711456; rev:1;) alert tcp $HOME_NET any -> [190.41.82.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.41.82.177/; sid:900711450; rev:1;) alert tcp $HOME_NET any -> [178.95.247.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.95.247.58/; sid:900711449; rev:1;) alert tcp $HOME_NET any -> [50.33.155.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.33.155.172/; sid:900711441; rev:1;) alert tcp $HOME_NET any -> [202.91.43.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.43.74/; sid:900711440; rev:1;) alert tcp $HOME_NET any -> [200.23.18.172] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.23.18.172/; sid:900711438; rev:1;) alert tcp $HOME_NET any -> [68.58.185.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.58.185.8/; sid:900711435; rev:1;) alert tcp $HOME_NET any -> [173.209.178.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.209.178.228/; sid:900711434; rev:1;) alert tcp $HOME_NET any -> [71.240.202.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.240.202.243/; sid:900711433; rev:1;) alert tcp $HOME_NET any -> [69.125.80.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.125.80.135/; sid:900711432; rev:1;) alert tcp $HOME_NET any -> [71.237.186.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.237.186.212/; sid:900711431; rev:1;) alert tcp $HOME_NET any -> [67.204.50.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.204.50.87/; sid:900711430; rev:1;) alert tcp $HOME_NET any -> [97.83.88.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.88.72/; sid:900710501; rev:1;) alert tcp $HOME_NET any -> [42.119.105.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.119.105.64/; sid:900710496; rev:1;) alert tcp $HOME_NET any -> [187.153.56.134] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.56.134/; sid:900710494; rev:1;) alert tcp $HOME_NET any -> [173.241.126.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.241.126.78/; sid:900710486; rev:1;) alert tcp $HOME_NET any -> [41.75.1.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.1.16/; sid:900710484; rev:1;) alert tcp $HOME_NET any -> [88.247.124.152] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.124.152/; sid:900710482; rev:1;) alert tcp $HOME_NET any -> [121.181.5.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.181.5.53/; sid:900710481; rev:1;) alert tcp $HOME_NET any -> [24.186.203.66] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.186.203.66/; sid:900710480; rev:1;) alert tcp $HOME_NET any -> [174.109.80.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.109.80.223/; sid:900710479; rev:1;) alert tcp $HOME_NET any -> [107.190.203.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.190.203.165/; sid:900710474; rev:1;) alert tcp $HOME_NET any -> [187.190.105.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.105.150/; sid:900710473; rev:1;) alert tcp $HOME_NET any -> [174.87.45.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.87.45.161/; sid:900710472; rev:1;) alert tcp $HOME_NET any -> [181.188.128.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.128.192/; sid:900710034; rev:1;) alert tcp $HOME_NET any -> [101.37.20.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.37.20.145/; sid:900710033; rev:1;) alert tcp $HOME_NET any -> [200.85.110.240] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.85.110.240/; sid:900710030; rev:1;) alert tcp $HOME_NET any -> [74.115.246.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.115.246.21/; sid:900710026; rev:1;) alert tcp $HOME_NET any -> [186.4.128.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.128.45/; sid:900710023; rev:1;) alert tcp $HOME_NET any -> [200.46.206.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.46.206.236/; sid:900710021; rev:1;) alert tcp $HOME_NET any -> [27.100.25.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.100.25.77/; sid:900710019; rev:1;) alert tcp $HOME_NET any -> [24.193.15.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.193.15.39/; sid:900710012; rev:1;) alert tcp $HOME_NET any -> [96.69.89.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.69.89.156/; sid:900710011; rev:1;) alert tcp $HOME_NET any -> [77.30.225.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.30.225.123/; sid:900710008; rev:1;) alert tcp $HOME_NET any -> [86.162.241.81] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.162.241.81/; sid:900710007; rev:1;) alert tcp $HOME_NET any -> [139.130.164.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.164.236/; sid:900710006; rev:1;) alert tcp $HOME_NET any -> [169.0.126.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.126.23/; sid:900710005; rev:1;) alert tcp $HOME_NET any -> [192.141.209.252] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.141.209.252/; sid:900710004; rev:1;) alert tcp $HOME_NET any -> [75.74.153.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.74.153.103/; sid:900710002; rev:1;) alert tcp $HOME_NET any -> [108.189.168.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.189.168.117/; sid:900710001; rev:1;) alert tcp $HOME_NET any -> [216.198.175.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.198.175.99/; sid:900710000; rev:1;) alert tcp $HOME_NET any -> [198.0.36.237] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.36.237/; sid:900709999; rev:1;) alert tcp $HOME_NET any -> [68.15.200.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.15.200.175/; sid:900709781; rev:1;) alert tcp $HOME_NET any -> [97.68.187.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.68.187.74/; sid:900709777; rev:1;) alert tcp $HOME_NET any -> [196.210.29.196] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.29.196/; sid:900709769; rev:1;) alert tcp $HOME_NET any -> [72.38.88.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.38.88.118/; sid:900709767; rev:1;) alert tcp $HOME_NET any -> [59.24.156.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.24.156.97/; sid:900709766; rev:1;) alert tcp $HOME_NET any -> [50.100.125.251] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.100.125.251/; sid:900709763; rev:1;) alert tcp $HOME_NET any -> [71.200.12.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.200.12.22/; sid:900709761; rev:1;) alert tcp $HOME_NET any -> [186.71.54.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.54.74/; sid:900709759; rev:1;) alert tcp $HOME_NET any -> [187.163.127.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.127.20/; sid:900708721; rev:1;) alert tcp $HOME_NET any -> [200.58.78.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.77/; sid:900708720; rev:1;) alert tcp $HOME_NET any -> [184.6.79.105] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.6.79.105/; sid:900708718; rev:1;) alert tcp $HOME_NET any -> [181.129.130.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.130.82/; sid:900708717; rev:1;) alert tcp $HOME_NET any -> [202.53.94.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.53.94.4/; sid:900708716; rev:1;) alert tcp $HOME_NET any -> [190.2.43.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.2.43.237/; sid:900708707; rev:1;) alert tcp $HOME_NET any -> [128.92.54.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.92.54.20/; sid:900708706; rev:1;) alert tcp $HOME_NET any -> [201.145.151.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.151.91/; sid:900708705; rev:1;) alert tcp $HOME_NET any -> [187.218.236.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.218.236.242/; sid:900708703; rev:1;) alert tcp $HOME_NET any -> [107.11.23.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.11.23.236/; sid:900708702; rev:1;) alert tcp $HOME_NET any -> [177.224.87.110] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.224.87.110/; sid:900708698; rev:1;) alert tcp $HOME_NET any -> [186.20.225.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.225.65/; sid:900708697; rev:1;) alert tcp $HOME_NET any -> [190.191.88.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.88.126/; sid:900708696; rev:1;) alert tcp $HOME_NET any -> [181.60.228.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.228.203/; sid:900708695; rev:1;) alert tcp $HOME_NET any -> [209.182.216.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.182.216.177/; sid:900708694; rev:1;) alert tcp $HOME_NET any -> [181.193.115.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.193.115.50/; sid:900708693; rev:1;) alert tcp $HOME_NET any -> [81.18.134.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.18.134.18/; sid:900708692; rev:1;) alert tcp $HOME_NET any -> [75.161.71.124] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.161.71.124/; sid:900708691; rev:1;) alert tcp $HOME_NET any -> [50.74.56.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.74.56.147/; sid:900708690; rev:1;) alert tcp $HOME_NET any -> [79.129.42.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.42.122/; sid:900708689; rev:1;) alert tcp $HOME_NET any -> [71.255.224.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.255.224.174/; sid:900708654; rev:1;) alert tcp $HOME_NET any -> [73.202.198.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.202.198.23/; sid:900708650; rev:1;) alert tcp $HOME_NET any -> [175.140.190.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.140.190.9/; sid:900708646; rev:1;) alert tcp $HOME_NET any -> [74.99.65.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.99.65.165/; sid:900708644; rev:1;) alert tcp $HOME_NET any -> [197.211.225.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.225.149/; sid:900708642; rev:1;) alert tcp $HOME_NET any -> [97.68.7.204] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.68.7.204/; sid:900708641; rev:1;) alert tcp $HOME_NET any -> [75.139.212.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.212.33/; sid:900708637; rev:1;) alert tcp $HOME_NET any -> [101.187.14.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.14.253/; sid:900708634; rev:1;) alert tcp $HOME_NET any -> [99.88.232.81] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.88.232.81/; sid:900708631; rev:1;) alert tcp $HOME_NET any -> [222.154.224.251] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.154.224.251/; sid:900708628; rev:1;) alert tcp $HOME_NET any -> [165.227.191.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.191.145/; sid:900708626; rev:1;) alert tcp $HOME_NET any -> [187.172.8.56] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.8.56/; sid:900708625; rev:1;) alert tcp $HOME_NET any -> [162.223.49.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.223.49.226/; sid:900708624; rev:1;) alert tcp $HOME_NET any -> [120.150.236.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.236.64/; sid:900708623; rev:1;) alert tcp $HOME_NET any -> [184.186.219.249] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.219.249/; sid:900708622; rev:1;) alert tcp $HOME_NET any -> [105.186.226.64] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.226.64/; sid:900708621; rev:1;) alert tcp $HOME_NET any -> [50.253.215.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.253.215.97/; sid:900708620; rev:1;) alert tcp $HOME_NET any -> [108.31.30.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.31.30.251/; sid:900708619; rev:1;) alert tcp $HOME_NET any -> [174.106.138.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.138.248/; sid:900708618; rev:1;) alert tcp $HOME_NET any -> [129.89.34.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.34.249/; sid:900708617; rev:1;) alert tcp $HOME_NET any -> [178.134.123.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.123.218/; sid:900708616; rev:1;) alert tcp $HOME_NET any -> [173.61.130.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.130.241/; sid:900707439; rev:1;) alert tcp $HOME_NET any -> [64.168.51.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.168.51.18/; sid:900707438; rev:1;) alert tcp $HOME_NET any -> [120.150.97.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.97.145/; sid:900707426; rev:1;) alert tcp $HOME_NET any -> [186.103.149.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.149.146/; sid:900707425; rev:1;) alert tcp $HOME_NET any -> [190.210.251.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.251.29/; sid:900707424; rev:1;) alert tcp $HOME_NET any -> [86.150.40.102] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.40.102/; sid:900707423; rev:1;) alert tcp $HOME_NET any -> [100.35.142.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.142.37/; sid:900707422; rev:1;) alert tcp $HOME_NET any -> [74.56.138.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.138.57/; sid:900707421; rev:1;) alert tcp $HOME_NET any -> [72.225.197.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.225.197.185/; sid:900707420; rev:1;) alert tcp $HOME_NET any -> [47.32.209.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.209.86/; sid:900707419; rev:1;) alert tcp $HOME_NET any -> [72.48.172.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.48.172.106/; sid:900707417; rev:1;) alert tcp $HOME_NET any -> [98.119.120.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.119.120.11/; sid:900707252; rev:1;) alert tcp $HOME_NET any -> [27.4.100.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.4.100.100/; sid:900707251; rev:1;) alert tcp $HOME_NET any -> [45.47.32.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.47.32.181/; sid:900707238; rev:1;) alert tcp $HOME_NET any -> [12.197.97.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.197.97.250/; sid:900707219; rev:1;) alert tcp $HOME_NET any -> [104.169.46.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.169.46.207/; sid:900707218; rev:1;) alert tcp $HOME_NET any -> [192.173.191.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.173.191.126/; sid:900707217; rev:1;) alert tcp $HOME_NET any -> [78.189.140.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.140.249/; sid:900707215; rev:1;) alert tcp $HOME_NET any -> [24.190.11.79] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.190.11.79/; sid:900707214; rev:1;) alert tcp $HOME_NET any -> [88.235.54.71] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.235.54.71/; sid:900707213; rev:1;) alert tcp $HOME_NET any -> [192.208.165.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.208.165.34/; sid:900707212; rev:1;) alert tcp $HOME_NET any -> [67.216.131.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.216.131.134/; sid:900707211; rev:1;) alert tcp $HOME_NET any -> [98.23.69.69] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.23.69.69/; sid:900707210; rev:1;) alert tcp $HOME_NET any -> [74.91.77.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.91.77.104/; sid:900706195; rev:1;) alert tcp $HOME_NET any -> [201.227.216.3] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.227.216.3/; sid:900706194; rev:1;) alert tcp $HOME_NET any -> [186.176.165.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.165.231/; sid:900706190; rev:1;) alert tcp $HOME_NET any -> [190.8.246.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.8.246.18/; sid:900706180; rev:1;) alert tcp $HOME_NET any -> [97.93.244.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.244.9/; sid:900706175; rev:1;) alert tcp $HOME_NET any -> [203.122.20.90] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.20.90/; sid:900706174; rev:1;) alert tcp $HOME_NET any -> [200.188.143.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.188.143.154/; sid:900706173; rev:1;) alert tcp $HOME_NET any -> [24.227.158.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.227.158.234/; sid:900706170; rev:1;) alert tcp $HOME_NET any -> [98.23.19.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.23.19.218/; sid:900706169; rev:1;) alert tcp $HOME_NET any -> [184.59.116.243] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.59.116.243/; sid:900706168; rev:1;) alert tcp $HOME_NET any -> [162.213.21.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.213.21.254/; sid:900706166; rev:1;) alert tcp $HOME_NET any -> [85.105.203.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.203.77/; sid:900706163; rev:1;) alert tcp $HOME_NET any -> [83.136.245.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.136.245.190/; sid:900706162; rev:1;) alert tcp $HOME_NET any -> [140.207.113.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.207.113.106/; sid:900706161; rev:1;) alert tcp $HOME_NET any -> [69.164.216.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.216.124/; sid:900619607; rev:1;) alert tcp $HOME_NET any -> [190.17.173.56] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.56/; sid:900619583; rev:1;) alert tcp $HOME_NET any -> [172.91.24.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.91.24.153/; sid:900619565; rev:1;) alert tcp $HOME_NET any -> [108.0.186.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.0.186.35/; sid:900705587; rev:1;) alert tcp $HOME_NET any -> [72.94.37.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.94.37.253/; sid:900705586; rev:1;) alert tcp $HOME_NET any -> [24.243.111.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.111.170/; sid:900705585; rev:1;) alert tcp $HOME_NET any -> [67.172.158.76] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.172.158.76/; sid:900705582; rev:1;) alert tcp $HOME_NET any -> [74.194.31.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.194.31.67/; sid:900705581; rev:1;) alert tcp $HOME_NET any -> [71.172.140.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.172.140.77/; sid:900705580; rev:1;) alert tcp $HOME_NET any -> [173.170.84.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.170.84.153/; sid:900705579; rev:1;) alert tcp $HOME_NET any -> [219.94.254.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.94.254.93/; sid:900705509; rev:1;) alert tcp $HOME_NET any -> [144.76.117.247] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.117.247/; sid:900705494; rev:1;) alert tcp $HOME_NET any -> [23.94.123.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.123.231/; sid:900705487; rev:1;) alert tcp $HOME_NET any -> [66.112.88.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.112.88.78/; sid:900705480; rev:1;) alert tcp $HOME_NET any -> [104.136.151.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.136.151.73/; sid:900705479; rev:1;) alert tcp $HOME_NET any -> [24.35.180.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.35.180.220/; sid:900619566; rev:1;) alert tcp $HOME_NET any -> [179.108.106.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.108.106.157/; sid:900705129; rev:1;) alert tcp $HOME_NET any -> [181.49.247.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.247.206/; sid:900705120; rev:1;) alert tcp $HOME_NET any -> [181.188.135.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.135.60/; sid:900705118; rev:1;) alert tcp $HOME_NET any -> [90.63.216.55] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.216.55/; sid:900705116; rev:1;) alert tcp $HOME_NET any -> [181.135.156.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.135.156.96/; sid:900705109; rev:1;) alert tcp $HOME_NET any -> [190.146.222.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.222.35/; sid:900705107; rev:1;) alert tcp $HOME_NET any -> [219.138.20.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.138.20.253/; sid:900705106; rev:1;) alert tcp $HOME_NET any -> [91.117.147.2] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.147.2/; sid:900705100; rev:1;) alert tcp $HOME_NET any -> [80.102.228.132] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.102.228.132/; sid:900705099; rev:1;) alert tcp $HOME_NET any -> [182.180.95.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.95.163/; sid:900705098; rev:1;) alert tcp $HOME_NET any -> [78.182.140.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.140.71/; sid:900705097; rev:1;) alert tcp $HOME_NET any -> [91.126.37.22] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.126.37.22/; sid:900705096; rev:1;) alert tcp $HOME_NET any -> [85.101.154.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.101.154.23/; sid:900705095; rev:1;) alert tcp $HOME_NET any -> [187.207.12.6] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.12.6/; sid:900705056; rev:1;) alert tcp $HOME_NET any -> [201.120.89.60] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.120.89.60/; sid:900705053; rev:1;) alert tcp $HOME_NET any -> [217.36.215.11] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.36.215.11/; sid:900705049; rev:1;) alert tcp $HOME_NET any -> [61.107.76.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.107.76.47/; sid:900705047; rev:1;) alert tcp $HOME_NET any -> [173.178.94.138] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.94.138/; sid:900705041; rev:1;) alert tcp $HOME_NET any -> [200.42.206.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.42.206.134/; sid:900705039; rev:1;) alert tcp $HOME_NET any -> [122.165.134.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.165.134.72/; sid:900705038; rev:1;) alert tcp $HOME_NET any -> [190.92.122.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.122.226/; sid:900705035; rev:1;) alert tcp $HOME_NET any -> [190.85.165.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.165.34/; sid:900705034; rev:1;) alert tcp $HOME_NET any -> [190.188.114.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.114.60/; sid:900705033; rev:1;) alert tcp $HOME_NET any -> [186.150.97.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.97.128/; sid:900705032; rev:1;) alert tcp $HOME_NET any -> [190.194.71.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.71.111/; sid:900705030; rev:1;) alert tcp $HOME_NET any -> [105.224.170.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.204/; sid:900705029; rev:1;) alert tcp $HOME_NET any -> [190.224.107.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.224.107.28/; sid:900705028; rev:1;) alert tcp $HOME_NET any -> [200.54.111.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.111.170/; sid:900705027; rev:1;) alert tcp $HOME_NET any -> [186.159.186.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.186.156/; sid:900705026; rev:1;) alert tcp $HOME_NET any -> [24.202.228.83] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.202.228.83/; sid:900704911; rev:1;) alert tcp $HOME_NET any -> [31.167.15.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.15.93/; sid:900704903; rev:1;) alert tcp $HOME_NET any -> [70.70.184.79] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.70.184.79/; sid:900704901; rev:1;) alert tcp $HOME_NET any -> [217.165.68.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.49/; sid:900704899; rev:1;) alert tcp $HOME_NET any -> [111.95.152.246] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.95.152.246/; sid:900704890; rev:1;) alert tcp $HOME_NET any -> [91.184.13.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.184.13.216/; sid:900619570; rev:1;) alert tcp $HOME_NET any -> [189.170.145.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.170.145.155/; sid:900704721; rev:1;) alert tcp $HOME_NET any -> [144.139.247.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.247.220/; sid:900704720; rev:1;) alert tcp $HOME_NET any -> [165.255.130.181] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.130.181/; sid:900704717; rev:1;) alert tcp $HOME_NET any -> [185.20.104.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.20.104.238/; sid:900704716; rev:1;) alert tcp $HOME_NET any -> [182.176.94.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.94.236/; sid:900704711; rev:1;) alert tcp $HOME_NET any -> [100.42.161.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.161.20/; sid:900704710; rev:1;) alert tcp $HOME_NET any -> [78.188.59.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.59.144/; sid:900704708; rev:1;) alert tcp $HOME_NET any -> [70.164.196.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.196.212/; sid:900704706; rev:1;) alert tcp $HOME_NET any -> [113.161.174.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.161.174.36/; sid:900704704; rev:1;) alert tcp $HOME_NET any -> [73.254.24.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.254.24.122/; sid:900704699; rev:1;) alert tcp $HOME_NET any -> [198.74.58.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.74.58.47/; sid:900704695; rev:1;) alert tcp $HOME_NET any -> [122.174.172.246] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.174.172.246/; sid:900704694; rev:1;) alert tcp $HOME_NET any -> [47.23.101.26] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.101.26/; sid:900704692; rev:1;) alert tcp $HOME_NET any -> [173.167.68.21] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.68.21/; sid:900704691; rev:1;) alert tcp $HOME_NET any -> [85.105.71.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.71.247/; sid:900704690; rev:1;) alert tcp $HOME_NET any -> [178.210.51.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.210.51.222/; sid:900704689; rev:1;) alert tcp $HOME_NET any -> [189.236.60.24] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.60.24/; sid:900704688; rev:1;) alert tcp $HOME_NET any -> [74.143.211.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.143.211.18/; sid:900704687; rev:1;) alert tcp $HOME_NET any -> [54.38.246.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.246.111/; sid:900704686; rev:1;) alert tcp $HOME_NET any -> [98.115.74.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.115.74.17/; sid:900704685; rev:1;) alert tcp $HOME_NET any -> [186.146.1.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.1.36/; sid:900704292; rev:1;) alert tcp $HOME_NET any -> [77.68.30.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.68.30.48/; sid:900704290; rev:1;) alert tcp $HOME_NET any -> [67.79.6.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.6.38/; sid:900704289; rev:1;) alert tcp $HOME_NET any -> [173.242.103.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.242.103.80/; sid:900704288; rev:1;) alert tcp $HOME_NET any -> [190.145.67.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.67.134/; sid:900704284; rev:1;) alert tcp $HOME_NET any -> [190.113.233.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.113.233.4/; sid:900704280; rev:1;) alert tcp $HOME_NET any -> [213.123.212.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.123.212.188/; sid:900704279; rev:1;) alert tcp $HOME_NET any -> [100.34.98.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.34.98.47/; sid:900704278; rev:1;) alert tcp $HOME_NET any -> [190.180.96.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.96.117/; sid:900704276; rev:1;) alert tcp $HOME_NET any -> [216.14.176.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.14.176.17/; sid:900704274; rev:1;) alert tcp $HOME_NET any -> [190.189.16.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.16.174/; sid:900704272; rev:1;) alert tcp $HOME_NET any -> [98.144.133.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.133.221/; sid:900704268; rev:1;) alert tcp $HOME_NET any -> [181.170.212.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.212.29/; sid:900704267; rev:1;) alert tcp $HOME_NET any -> [81.136.248.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.248.12/; sid:900704266; rev:1;) alert tcp $HOME_NET any -> [181.39.66.26] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.66.26/; sid:900704265; rev:1;) alert tcp $HOME_NET any -> [190.16.177.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.177.117/; sid:900704264; rev:1;) alert tcp $HOME_NET any -> [221.120.97.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.120.97.51/; sid:900704263; rev:1;) alert tcp $HOME_NET any -> [65.87.40.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.87.40.115/; sid:900704262; rev:1;) alert tcp $HOME_NET any -> [186.1.6.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.1.6.67/; sid:900704261; rev:1;) alert tcp $HOME_NET any -> [186.64.69.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.69.115/; sid:900704260; rev:1;) alert tcp $HOME_NET any -> [181.143.208.106] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.208.106/; sid:900704259; rev:1;) alert tcp $HOME_NET any -> [47.190.14.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.190.14.57/; sid:900702789; rev:1;) alert tcp $HOME_NET any -> [137.103.118.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.103.118.195/; sid:900702788; rev:1;) alert tcp $HOME_NET any -> [199.71.229.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.71.229.6/; sid:900702784; rev:1;) alert tcp $HOME_NET any -> [190.47.217.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.217.253/; sid:900702782; rev:1;) alert tcp $HOME_NET any -> [95.50.45.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.50.45.218/; sid:900702779; rev:1;) alert tcp $HOME_NET any -> [201.231.78.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.78.22/; sid:900702777; rev:1;) alert tcp $HOME_NET any -> [174.126.163.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.126.163.111/; sid:900702776; rev:1;) alert tcp $HOME_NET any -> [64.250.212.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.250.212.160/; sid:900702774; rev:1;) alert tcp $HOME_NET any -> [81.130.191.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.191.202/; sid:900702772; rev:1;) alert tcp $HOME_NET any -> [181.10.19.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.19.178/; sid:900702770; rev:1;) alert tcp $HOME_NET any -> [189.162.221.160] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.162.221.160/; sid:900702766; rev:1;) alert tcp $HOME_NET any -> [190.27.97.65] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.27.97.65/; sid:900702765; rev:1;) alert tcp $HOME_NET any -> [169.1.71.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.71.44/; sid:900702764; rev:1;) alert tcp $HOME_NET any -> [205.144.211.94] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.144.211.94/; sid:900702763; rev:1;) alert tcp $HOME_NET any -> [109.228.9.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.9.122/; sid:900702762; rev:1;) alert tcp $HOME_NET any -> [201.236.67.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.67.58/; sid:900702761; rev:1;) alert tcp $HOME_NET any -> [208.185.128.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.185.128.234/; sid:900702760; rev:1;) alert tcp $HOME_NET any -> [84.93.152.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.93.152.69/; sid:900702759; rev:1;) alert tcp $HOME_NET any -> [72.46.151.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.46.151.196/; sid:900702758; rev:1;) alert tcp $HOME_NET any -> [24.232.200.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.200.64/; sid:900702757; rev:1;) alert tcp $HOME_NET any -> [125.99.106.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.106.226/; sid:900702354; rev:1;) alert tcp $HOME_NET any -> [80.130.108.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.130.108.23/; sid:900702350; rev:1;) alert tcp $HOME_NET any -> [78.187.72.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.72.87/; sid:900702347; rev:1;) alert tcp $HOME_NET any -> [110.143.57.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.57.109/; sid:900702344; rev:1;) alert tcp $HOME_NET any -> [41.220.0.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.0.26/; sid:900702341; rev:1;) alert tcp $HOME_NET any -> [190.186.70.202] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.70.202/; sid:900702333; rev:1;) alert tcp $HOME_NET any -> [99.199.195.235] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.199.195.235/; sid:900702328; rev:1;) alert tcp $HOME_NET any -> [77.85.44.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.85.44.164/; sid:900702327; rev:1;) alert tcp $HOME_NET any -> [54.37.23.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.23.118/; sid:900702326; rev:1;) alert tcp $HOME_NET any -> [47.189.188.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.189.188.195/; sid:900702325; rev:1;) alert tcp $HOME_NET any -> [153.101.7.207] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.101.7.207/; sid:900702324; rev:1;) alert tcp $HOME_NET any -> [70.27.207.164] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.207.164/; sid:900702323; rev:1;) alert tcp $HOME_NET any -> [24.223.109.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.223.109.139/; sid:900702240; rev:1;) alert tcp $HOME_NET any -> [24.249.35.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.249.35.69/; sid:900702237; rev:1;) alert tcp $HOME_NET any -> [192.24.7.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.24.7.148/; sid:900702223; rev:1;) alert tcp $HOME_NET any -> [38.140.147.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.140.147.42/; sid:900702221; rev:1;) alert tcp $HOME_NET any -> [107.13.144.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.144.134/; sid:900702220; rev:1;) alert tcp $HOME_NET any -> [173.233.167.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.233.167.240/; sid:900702219; rev:1;) alert tcp $HOME_NET any -> [75.112.62.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.112.62.42/; sid:900702217; rev:1;) alert tcp $HOME_NET any -> [212.227.135.224] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.135.224/; sid:900619574; rev:1;) alert tcp $HOME_NET any -> [98.144.143.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.143.194/; sid:900619571; rev:1;) alert tcp $HOME_NET any -> [76.73.213.148] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.73.213.148/; sid:900619573; rev:1;) alert tcp $HOME_NET any -> [86.12.247.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.12.247.149/; sid:900701344; rev:1;) alert tcp $HOME_NET any -> [173.160.205.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.160.205.162/; sid:900701343; rev:1;) alert tcp $HOME_NET any -> [81.86.197.52] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.197.52/; sid:900701338; rev:1;) alert tcp $HOME_NET any -> [138.207.150.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.150.46/; sid:900701337; rev:1;) alert tcp $HOME_NET any -> [24.201.79.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.79.34/; sid:900701334; rev:1;) alert tcp $HOME_NET any -> [205.185.187.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.187.190/; sid:900701332; rev:1;) alert tcp $HOME_NET any -> [109.170.209.165] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.209.165/; sid:900701331; rev:1;) alert tcp $HOME_NET any -> [71.163.171.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.163.171.106/; sid:900701328; rev:1;) alert tcp $HOME_NET any -> [160.36.66.221] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.36.66.221/; sid:900701327; rev:1;) alert tcp $HOME_NET any -> [173.160.205.161] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.160.205.161/; sid:900701326; rev:1;) alert tcp $HOME_NET any -> [189.134.18.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.18.141/; sid:900701322; rev:1;) alert tcp $HOME_NET any -> [173.19.73.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.19.73.104/; sid:900701321; rev:1;) alert tcp $HOME_NET any -> [76.65.158.121] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.158.121/; sid:900701320; rev:1;) alert tcp $HOME_NET any -> [200.127.55.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.55.5/; sid:900701319; rev:1;) alert tcp $HOME_NET any -> [186.18.236.83] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.236.83/; sid:900701318; rev:1;) alert tcp $HOME_NET any -> [173.11.47.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.11.47.169/; sid:900701317; rev:1;) alert tcp $HOME_NET any -> [12.222.134.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.222.134.10/; sid:900701316; rev:1;) alert tcp $HOME_NET any -> [189.244.86.184] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.86.184/; sid:900701315; rev:1;) alert tcp $HOME_NET any -> [177.242.156.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.156.119/; sid:900701314; rev:1;) alert tcp $HOME_NET any -> [50.78.167.65] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.78.167.65/; sid:900701313; rev:1;) alert tcp $HOME_NET any -> [81.149.110.194] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.149.110.194/; sid:900701294; rev:1;) alert tcp $HOME_NET any -> [24.76.123.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.76.123.171/; sid:900701283; rev:1;) alert tcp $HOME_NET any -> [104.229.109.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.229.109.97/; sid:900701282; rev:1;) alert tcp $HOME_NET any -> [67.254.71.72] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.71.72/; sid:900701281; rev:1;) alert tcp $HOME_NET any -> [24.234.221.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.221.236/; sid:900701280; rev:1;) alert tcp $HOME_NET any -> [24.166.75.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.166.75.5/; sid:900701279; rev:1;) alert tcp $HOME_NET any -> [24.176.53.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.176.53.106/; sid:900619554; rev:1;) alert tcp $HOME_NET any -> [139.162.157.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.157.8/; sid:900619593; rev:1;) alert tcp $HOME_NET any -> [117.215.4.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.215.4.29/; sid:900700809; rev:1;) alert tcp $HOME_NET any -> [82.117.238.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.117.238.3/; sid:900700808; rev:1;) alert tcp $HOME_NET any -> [85.105.250.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.250.128/; sid:900700803; rev:1;) alert tcp $HOME_NET any -> [183.82.124.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.124.191/; sid:900700802; rev:1;) alert tcp $HOME_NET any -> [64.19.32.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.32.70/; sid:900700801; rev:1;) alert tcp $HOME_NET any -> [125.63.116.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.63.116.242/; sid:900700799; rev:1;) alert tcp $HOME_NET any -> [178.21.66.250] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.21.66.250/; sid:900700797; rev:1;) alert tcp $HOME_NET any -> [58.65.180.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.180.67/; sid:900700796; rev:1;) alert tcp $HOME_NET any -> [105.225.244.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.244.118/; sid:900700793; rev:1;) alert tcp $HOME_NET any -> [173.62.175.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.62.175.98/; sid:900700784; rev:1;) alert tcp $HOME_NET any -> [111.125.87.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.87.100/; sid:900700783; rev:1;) alert tcp $HOME_NET any -> [5.35.242.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.35.242.34/; sid:900700780; rev:1;) alert tcp $HOME_NET any -> [184.149.17.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.17.62/; sid:900700779; rev:1;) alert tcp $HOME_NET any -> [31.148.221.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.221.34/; sid:900700778; rev:1;) alert tcp $HOME_NET any -> [75.110.190.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.190.86/; sid:900700777; rev:1;) alert tcp $HOME_NET any -> [24.220.80.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.220.80.37/; sid:900700776; rev:1;) alert tcp $HOME_NET any -> [73.91.16.130] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.91.16.130/; sid:900700775; rev:1;) alert tcp $HOME_NET any -> [71.71.126.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.71.126.201/; sid:900700774; rev:1;) alert tcp $HOME_NET any -> [68.102.169.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.102.169.43/; sid:900700773; rev:1;) alert tcp $HOME_NET any -> [69.112.171.184] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.112.171.184/; sid:900700772; rev:1;) alert tcp $HOME_NET any -> [73.32.166.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.32.166.189/; sid:900700771; rev:1;) alert tcp $HOME_NET any -> [83.110.100.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.100.209/; sid:900700770; rev:1;) alert tcp $HOME_NET any -> [72.47.209.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.209.128/; sid:900619562; rev:1;) alert tcp $HOME_NET any -> [151.229.95.237] 65490 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.229.95.237/; sid:900698820; rev:1;) alert tcp $HOME_NET any -> [165.166.247.200] 48631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.166.247.200/; sid:900698819; rev:1;) alert tcp $HOME_NET any -> [186.31.103.65] 64666 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.31.103.65/; sid:900698818; rev:1;) alert tcp $HOME_NET any -> [190.126.34.209] 17925 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.126.34.209/; sid:900698817; rev:1;) alert tcp $HOME_NET any -> [93.84.15.233] 2471 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.84.15.233/; sid:900698816; rev:1;) alert tcp $HOME_NET any -> [79.78.142.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.142.70/; sid:900698810; rev:1;) alert tcp $HOME_NET any -> [24.67.53.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.67.53.23/; sid:900698809; rev:1;) alert tcp $HOME_NET any -> [41.215.127.30] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.127.30/; sid:900698792; rev:1;) alert tcp $HOME_NET any -> [93.109.229.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.109.229.250/; sid:900698790; rev:1;) alert tcp $HOME_NET any -> [195.123.212.139] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.212.139/; sid:900621604; rev:1;) alert tcp $HOME_NET any -> [24.216.53.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.216.53.12/; sid:900619521; rev:1;) alert tcp $HOME_NET any -> [105.247.100.215] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.100.215/; sid:900698176; rev:1;) alert tcp $HOME_NET any -> [206.174.187.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.174.187.58/; sid:900698166; rev:1;) alert tcp $HOME_NET any -> [24.176.58.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.176.58.106/; sid:900698154; rev:1;) alert tcp $HOME_NET any -> [86.98.71.86] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.86/; sid:900698151; rev:1;) alert tcp $HOME_NET any -> [50.96.217.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.96.217.247/; sid:900698150; rev:1;) alert tcp $HOME_NET any -> [64.183.104.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.183.104.2/; sid:900698146; rev:1;) alert tcp $HOME_NET any -> [172.248.199.224] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.199.224/; sid:900698145; rev:1;) alert tcp $HOME_NET any -> [72.26.54.182] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.26.54.182/; sid:900698144; rev:1;) alert tcp $HOME_NET any -> [67.43.253.189] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.43.253.189/; sid:900698143; rev:1;) alert tcp $HOME_NET any -> [66.66.196.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.66.196.79/; sid:900698142; rev:1;) alert tcp $HOME_NET any -> [104.15.149.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.15.149.209/; sid:900698141; rev:1;) alert tcp $HOME_NET any -> [24.206.17.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.206.17.102/; sid:900698140; rev:1;) alert tcp $HOME_NET any -> [70.77.68.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.77.68.255/; sid:900698139; rev:1;) alert tcp $HOME_NET any -> [12.139.46.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.139.46.57/; sid:900698138; rev:1;) alert tcp $HOME_NET any -> [173.34.90.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.34.90.245/; sid:900698137; rev:1;) alert tcp $HOME_NET any -> [186.64.140.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.140.213/; sid:900619313; rev:1;) alert tcp $HOME_NET any -> [98.100.134.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.100.134.133/; sid:900697591; rev:1;) alert tcp $HOME_NET any -> [47.14.41.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.14.41.119/; sid:900697586; rev:1;) alert tcp $HOME_NET any -> [72.84.82.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.82.20/; sid:900697581; rev:1;) alert tcp $HOME_NET any -> [76.90.224.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.90.224.32/; sid:900697580; rev:1;) alert tcp $HOME_NET any -> [24.3.178.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.3.178.228/; sid:900697579; rev:1;) alert tcp $HOME_NET any -> [120.150.206.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.206.156/; sid:900697578; rev:1;) alert tcp $HOME_NET any -> [208.180.149.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.149.228/; sid:900697577; rev:1;) alert tcp $HOME_NET any -> [73.57.148.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.57.148.230/; sid:900697576; rev:1;) alert tcp $HOME_NET any -> [69.8.25.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.8.25.109/; sid:900697575; rev:1;) alert tcp $HOME_NET any -> [181.27.126.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.126.228/; sid:900697571; rev:1;) alert tcp $HOME_NET any -> [104.5.49.54] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.5.49.54/; sid:900697569; rev:1;) alert tcp $HOME_NET any -> [181.229.155.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.229.155.11/; sid:900697566; rev:1;) alert tcp $HOME_NET any -> [186.15.60.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.60.167/; sid:900697564; rev:1;) alert tcp $HOME_NET any -> [107.10.139.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.139.119/; sid:900697563; rev:1;) alert tcp $HOME_NET any -> [148.69.94.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.69.94.166/; sid:900697562; rev:1;) alert tcp $HOME_NET any -> [67.237.41.34] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.237.41.34/; sid:900697561; rev:1;) alert tcp $HOME_NET any -> [189.130.50.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.50.85/; sid:900697555; rev:1;) alert tcp $HOME_NET any -> [216.251.1.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.1.1/; sid:900697554; rev:1;) alert tcp $HOME_NET any -> [77.44.98.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.98.67/; sid:900697552; rev:1;) alert tcp $HOME_NET any -> [187.207.72.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.72.201/; sid:900697549; rev:1;) alert tcp $HOME_NET any -> [187.163.49.123] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.49.123/; sid:900697548; rev:1;) alert tcp $HOME_NET any -> [96.246.206.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.246.206.16/; sid:900697547; rev:1;) alert tcp $HOME_NET any -> [5.32.65.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.65.50/; sid:900697546; rev:1;) alert tcp $HOME_NET any -> [216.176.21.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.176.21.143/; sid:900697545; rev:1;) alert tcp $HOME_NET any -> [118.69.186.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.186.155/; sid:900697544; rev:1;) alert tcp $HOME_NET any -> [50.21.147.8] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.147.8/; sid:900697543; rev:1;) alert tcp $HOME_NET any -> [207.255.59.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.59.231/; sid:900697542; rev:1;) alert tcp $HOME_NET any -> [70.60.50.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.60.50.60/; sid:900697541; rev:1;) alert tcp $HOME_NET any -> [187.163.174.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.174.149/; sid:900697540; rev:1;) alert tcp $HOME_NET any -> [201.171.29.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.29.119/; sid:900619125; rev:1;) alert tcp $HOME_NET any -> [51.38.45.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.45.245/; sid:900619066; rev:1;) alert tcp $HOME_NET any -> [207.204.127.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.204.127.50/; sid:900619068; rev:1;) alert tcp $HOME_NET any -> [45.42.31.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.42.31.50/; sid:900696930; rev:1;) alert tcp $HOME_NET any -> [75.128.237.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.128.237.42/; sid:900696908; rev:1;) alert tcp $HOME_NET any -> [72.73.221.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.73.221.66/; sid:900696907; rev:1;) alert tcp $HOME_NET any -> [39.112.243.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.112.243.65/; sid:900696906; rev:1;) alert tcp $HOME_NET any -> [174.70.176.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.70.176.45/; sid:900696905; rev:1;) alert tcp $HOME_NET any -> [199.188.66.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.188.66.157/; sid:900696904; rev:1;) alert tcp $HOME_NET any -> [45.59.204.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.59.204.133/; sid:900696903; rev:1;) alert tcp $HOME_NET any -> [67.177.71.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.71.77/; sid:900696902; rev:1;) alert tcp $HOME_NET any -> [182.180.77.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.77.215/; sid:900696901; rev:1;) alert tcp $HOME_NET any -> [72.255.128.229] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.255.128.229/; sid:900696826; rev:1;) alert tcp $HOME_NET any -> [96.67.83.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.67.83.134/; sid:900696822; rev:1;) alert tcp $HOME_NET any -> [200.194.26.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.194.26.234/; sid:900696819; rev:1;) alert tcp $HOME_NET any -> [104.205.121.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.205.121.6/; sid:900696815; rev:1;) alert tcp $HOME_NET any -> [73.31.237.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.31.237.56/; sid:900696814; rev:1;) alert tcp $HOME_NET any -> [190.92.37.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.37.171/; sid:900696812; rev:1;) alert tcp $HOME_NET any -> [160.2.24.88] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.2.24.88/; sid:900696811; rev:1;) alert tcp $HOME_NET any -> [98.102.182.2] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.102.182.2/; sid:900696806; rev:1;) alert tcp $HOME_NET any -> [189.190.61.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.61.232/; sid:900696805; rev:1;) alert tcp $HOME_NET any -> [24.59.228.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.59.228.182/; sid:900696804; rev:1;) alert tcp $HOME_NET any -> [70.50.196.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.196.234/; sid:900696801; rev:1;) alert tcp $HOME_NET any -> [149.167.86.174] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.167.86.174/; sid:900696800; rev:1;) alert tcp $HOME_NET any -> [69.55.255.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.55.255.159/; sid:900696799; rev:1;) alert tcp $HOME_NET any -> [174.55.139.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.55.139.78/; sid:900696798; rev:1;) alert tcp $HOME_NET any -> [37.211.34.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.34.12/; sid:900696797; rev:1;) alert tcp $HOME_NET any -> [71.167.178.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.167.178.19/; sid:900696796; rev:1;) alert tcp $HOME_NET any -> [79.69.254.176] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.69.254.176/; sid:900696795; rev:1;) alert tcp $HOME_NET any -> [24.199.56.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.199.56.122/; sid:900618677; rev:1;) alert tcp $HOME_NET any -> [198.1.83.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.83.100/; sid:900618676; rev:1;) alert tcp $HOME_NET any -> [50.121.220.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.121.220.115/; sid:900618672; rev:1;) alert tcp $HOME_NET any -> [47.157.181.81] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.181.81/; sid:900618652; rev:1;) alert tcp $HOME_NET any -> [24.37.218.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.37.218.86/; sid:900696714; rev:1;) alert tcp $HOME_NET any -> [45.73.110.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.110.62/; sid:900696713; rev:1;) alert tcp $HOME_NET any -> [186.20.217.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.217.236/; sid:900696712; rev:1;) alert tcp $HOME_NET any -> [24.117.165.162] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.117.165.162/; sid:900696711; rev:1;) alert tcp $HOME_NET any -> [201.111.74.224] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.74.224/; sid:900696709; rev:1;) alert tcp $HOME_NET any -> [81.214.108.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.108.10/; sid:900696708; rev:1;) alert tcp $HOME_NET any -> [5.9.128.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.128.163/; sid:900696706; rev:1;) alert tcp $HOME_NET any -> [148.103.7.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.7.242/; sid:900696705; rev:1;) alert tcp $HOME_NET any -> [159.65.76.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.76.245/; sid:900696704; rev:1;) alert tcp $HOME_NET any -> [81.20.87.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.20.87.205/; sid:900696702; rev:1;) alert tcp $HOME_NET any -> [190.90.100.228] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.90.100.228/; sid:900696701; rev:1;) alert tcp $HOME_NET any -> [200.21.90.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.90.6/; sid:900696700; rev:1;) alert tcp $HOME_NET any -> [210.2.86.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.86.72/; sid:900696697; rev:1;) alert tcp $HOME_NET any -> [190.124.166.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.124.166.113/; sid:900696696; rev:1;) alert tcp $HOME_NET any -> [90.75.137.228] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.75.137.228/; sid:900696695; rev:1;) alert tcp $HOME_NET any -> [190.17.44.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.44.48/; sid:900696694; rev:1;) alert tcp $HOME_NET any -> [76.65.166.252] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.166.252/; sid:900696693; rev:1;) alert tcp $HOME_NET any -> [186.10.17.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.17.186/; sid:900696692; rev:1;) alert tcp $HOME_NET any -> [217.35.82.190] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.35.82.190/; sid:900696691; rev:1;) alert tcp $HOME_NET any -> [213.48.239.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.48.239.192/; sid:900696690; rev:1;) alert tcp $HOME_NET any -> [128.193.56.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.169/; sid:900696689; rev:1;) alert tcp $HOME_NET any -> [47.225.131.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.225.131.10/; sid:900696688; rev:1;) alert tcp $HOME_NET any -> [47.34.43.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.34.43.223/; sid:900696687; rev:1;) alert tcp $HOME_NET any -> [24.161.14.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.161.14.157/; sid:900618666; rev:1;) alert tcp $HOME_NET any -> [138.68.67.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.67.4/; sid:900618669; rev:1;) alert tcp $HOME_NET any -> [70.183.100.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.100.148/; sid:900618691; rev:1;) alert tcp $HOME_NET any -> [70.15.114.168] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.114.168/; sid:900618667; rev:1;) alert tcp $HOME_NET any -> [50.100.215.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.100.215.149/; sid:900618678; rev:1;) alert tcp $HOME_NET any -> [74.7.77.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.7.77.254/; sid:900618665; rev:1;) alert tcp $HOME_NET any -> [27.115.72.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.115.72.254/; sid:900696579; rev:1;) alert tcp $HOME_NET any -> [187.152.105.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.152.105.220/; sid:900696577; rev:1;) alert tcp $HOME_NET any -> [118.179.60.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.179.60.230/; sid:900696576; rev:1;) alert tcp $HOME_NET any -> [118.174.64.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.64.159/; sid:900696574; rev:1;) alert tcp $HOME_NET any -> [66.131.231.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.131.231.98/; sid:900696572; rev:1;) alert tcp $HOME_NET any -> [83.222.124.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.222.124.62/; sid:900696568; rev:1;) alert tcp $HOME_NET any -> [195.38.182.139] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.38.182.139/; sid:900696563; rev:1;) alert tcp $HOME_NET any -> [67.205.149.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.149.117/; sid:900696560; rev:1;) alert tcp $HOME_NET any -> [103.203.94.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.203.94.133/; sid:900696559; rev:1;) alert tcp $HOME_NET any -> [136.56.103.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.56.103.201/; sid:900696558; rev:1;) alert tcp $HOME_NET any -> [124.43.28.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.43.28.44/; sid:900696557; rev:1;) alert tcp $HOME_NET any -> [114.109.132.191] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.132.191/; sid:900696556; rev:1;) alert tcp $HOME_NET any -> [139.162.151.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.151.141/; sid:900696555; rev:1;) alert tcp $HOME_NET any -> [45.123.3.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.3.54/; sid:900696554; rev:1;) alert tcp $HOME_NET any -> [47.16.224.137] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.224.137/; sid:900696552; rev:1;) alert tcp $HOME_NET any -> [88.247.140.215] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.140.215/; sid:900696551; rev:1;) alert tcp $HOME_NET any -> [1.221.157.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.221.157.205/; sid:900696550; rev:1;) alert tcp $HOME_NET any -> [27.96.91.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.225/; sid:900696549; rev:1;) alert tcp $HOME_NET any -> [47.32.248.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.248.75/; sid:900696548; rev:1;) alert tcp $HOME_NET any -> [47.157.211.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.211.140/; sid:900696547; rev:1;) alert tcp $HOME_NET any -> [71.43.33.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.33.210/; sid:900696546; rev:1;) alert tcp $HOME_NET any -> [86.42.249.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.249.122/; sid:900696545; rev:1;) alert tcp $HOME_NET any -> [113.178.35.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.178.35.63/; sid:900696544; rev:1;) alert tcp $HOME_NET any -> [37.139.27.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.27.102/; sid:900618689; rev:1;) alert tcp $HOME_NET any -> [24.102.228.56] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.102.228.56/; sid:900694690; rev:1;) alert tcp $HOME_NET any -> [99.228.176.38] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.228.176.38/; sid:900694689; rev:1;) alert tcp $HOME_NET any -> [204.238.8.44] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.238.8.44/; sid:900694685; rev:1;) alert tcp $HOME_NET any -> [62.151.17.7] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.7/; sid:900694684; rev:1;) alert tcp $HOME_NET any -> [96.60.95.243] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.60.95.243/; sid:900694680; rev:1;) alert tcp $HOME_NET any -> [198.53.61.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.53.61.32/; sid:900694672; rev:1;) alert tcp $HOME_NET any -> [187.192.4.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.4.54/; sid:900694671; rev:1;) alert tcp $HOME_NET any -> [5.2.198.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.198.201/; sid:900694670; rev:1;) alert tcp $HOME_NET any -> [108.16.29.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.29.240/; sid:900694668; rev:1;) alert tcp $HOME_NET any -> [92.51.129.249] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.51.129.249/; sid:900694667; rev:1;) alert tcp $HOME_NET any -> [95.169.195.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.169.195.202/; sid:900694666; rev:1;) alert tcp $HOME_NET any -> [47.182.89.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.182.89.31/; sid:900694665; rev:1;) alert tcp $HOME_NET any -> [70.119.44.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.44.97/; sid:900694664; rev:1;) alert tcp $HOME_NET any -> [137.119.162.95] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.119.162.95/; sid:900694663; rev:1;) alert tcp $HOME_NET any -> [69.125.21.63] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.125.21.63/; sid:900694662; rev:1;) alert tcp $HOME_NET any -> [66.220.109.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.220.109.128/; sid:900694661; rev:1;) alert tcp $HOME_NET any -> [108.189.186.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.189.186.218/; sid:900694660; rev:1;) alert tcp $HOME_NET any -> [199.195.213.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.213.142/; sid:900694659; rev:1;) alert tcp $HOME_NET any -> [54.39.181.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.181.130/; sid:900694658; rev:1;) alert tcp $HOME_NET any -> [118.130.4.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.130.4.226/; sid:900694657; rev:1;) alert tcp $HOME_NET any -> [190.53.52.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.52.53/; sid:900694656; rev:1;) alert tcp $HOME_NET any -> [211.228.237.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.228.237.11/; sid:900618653; rev:1;) alert tcp $HOME_NET any -> [186.178.203.146] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.178.203.146/; sid:900618649; rev:1;) alert tcp $HOME_NET any -> [87.106.243.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.243.118/; sid:900618648; rev:1;) alert tcp $HOME_NET any -> [202.175.188.154] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.175.188.154/; sid:900618647; rev:1;) alert tcp $HOME_NET any -> [217.13.106.160] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.13.106.160/; sid:900691195; rev:1;) alert tcp $HOME_NET any -> [5.230.147.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.230.147.179/; sid:900691194; rev:1;) alert tcp $HOME_NET any -> [98.142.208.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.208.27/; sid:900691193; rev:1;) alert tcp $HOME_NET any -> [46.39.85.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.39.85.115/; sid:900691188; rev:1;) alert tcp $HOME_NET any -> [115.71.233.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.71.233.127/; sid:900691186; rev:1;) alert tcp $HOME_NET any -> [189.115.39.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.115.39.197/; sid:900691185; rev:1;) alert tcp $HOME_NET any -> [186.29.23.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.29.23.32/; sid:900691184; rev:1;) alert tcp $HOME_NET any -> [24.178.179.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.179.66/; sid:900691183; rev:1;) alert tcp $HOME_NET any -> [189.153.58.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.58.174/; sid:900691182; rev:1;) alert tcp $HOME_NET any -> [47.156.115.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.115.109/; sid:900691181; rev:1;) alert tcp $HOME_NET any -> [77.44.44.210] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.44.210/; sid:900691180; rev:1;) alert tcp $HOME_NET any -> [190.117.126.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.126.169/; sid:900691179; rev:1;) alert tcp $HOME_NET any -> [209.164.190.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.164.190.57/; sid:900691176; rev:1;) alert tcp $HOME_NET any -> [74.70.203.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.70.203.70/; sid:900691173; rev:1;) alert tcp $HOME_NET any -> [46.163.76.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.163.76.187/; sid:900691171; rev:1;) alert tcp $HOME_NET any -> [78.186.236.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.236.127/; sid:900691170; rev:1;) alert tcp $HOME_NET any -> [212.98.190.217] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.98.190.217/; sid:900691169; rev:1;) alert tcp $HOME_NET any -> [169.255.36.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.36.46/; sid:900691168; rev:1;) alert tcp $HOME_NET any -> [91.144.154.247] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.144.154.247/; sid:900691167; rev:1;) alert tcp $HOME_NET any -> [72.16.212.107] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.16.212.107/; sid:900691166; rev:1;) alert tcp $HOME_NET any -> [67.52.165.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.52.165.190/; sid:900691165; rev:1;) alert tcp $HOME_NET any -> [85.73.11.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.73.11.253/; sid:900691164; rev:1;) alert tcp $HOME_NET any -> [23.25.70.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.70.209/; sid:900691163; rev:1;) alert tcp $HOME_NET any -> [216.253.195.42] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.253.195.42/; sid:900691162; rev:1;) alert tcp $HOME_NET any -> [96.254.126.140] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.254.126.140/; sid:900691161; rev:1;) alert tcp $HOME_NET any -> [186.68.80.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.80.34/; sid:900609515; rev:1;) alert tcp $HOME_NET any -> [189.155.149.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.149.148/; sid:900691058; rev:1;) alert tcp $HOME_NET any -> [192.155.90.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.155.90.90/; sid:900691055; rev:1;) alert tcp $HOME_NET any -> [186.4.4.147] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.147/; sid:900691051; rev:1;) alert tcp $HOME_NET any -> [51.148.64.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.148.64.92/; sid:900691050; rev:1;) alert tcp $HOME_NET any -> [200.32.61.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.32.61.210/; sid:900691049; rev:1;) alert tcp $HOME_NET any -> [137.119.145.212] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.119.145.212/; sid:900691047; rev:1;) alert tcp $HOME_NET any -> [70.50.214.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.214.6/; sid:900691045; rev:1;) alert tcp $HOME_NET any -> [54.38.244.30] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.244.30/; sid:900691044; rev:1;) alert tcp $HOME_NET any -> [23.254.203.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.203.51/; sid:900691043; rev:1;) alert tcp $HOME_NET any -> [165.227.213.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.213.173/; sid:900691042; rev:1;) alert tcp $HOME_NET any -> [170.233.232.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.232.6/; sid:900691041; rev:1;) alert tcp $HOME_NET any -> [81.130.149.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.149.80/; sid:900691040; rev:1;) alert tcp $HOME_NET any -> [105.224.74.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.74.57/; sid:900691039; rev:1;) alert tcp $HOME_NET any -> [105.226.215.238] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.215.238/; sid:900609488; rev:1;) alert tcp $HOME_NET any -> [45.33.48.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.48.217/; sid:900691036; rev:1;) alert tcp $HOME_NET any -> [134.228.64.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.228.64.144/; sid:900691035; rev:1;) alert tcp $HOME_NET any -> [81.86.211.196] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.211.196/; sid:900691034; rev:1;) alert tcp $HOME_NET any -> [200.83.137.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.137.65/; sid:900691033; rev:1;) alert tcp $HOME_NET any -> [198.246.28.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.246.28.128/; sid:900691032; rev:1;) alert tcp $HOME_NET any -> [96.18.67.178] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.18.67.178/; sid:900691031; rev:1;) alert tcp $HOME_NET any -> [198.37.249.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.37.249.160/; sid:900691030; rev:1;) alert tcp $HOME_NET any -> [75.75.150.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.75.150.219/; sid:900691029; rev:1;) alert tcp $HOME_NET any -> [95.9.124.227] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.124.227/; sid:900691028; rev:1;) alert tcp $HOME_NET any -> [128.193.56.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.6/; sid:900691027; rev:1;) alert tcp $HOME_NET any -> [94.173.10.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.173.10.64/; sid:900691026; rev:1;) alert tcp $HOME_NET any -> [174.71.204.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.71.204.179/; sid:900609514; rev:1;) alert tcp $HOME_NET any -> [201.103.80.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.80.52/; sid:900691020; rev:1;) alert tcp $HOME_NET any -> [201.142.155.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.155.203/; sid:900690988; rev:1;) alert tcp $HOME_NET any -> [85.104.56.247] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.56.247/; sid:900690841; rev:1;) alert tcp $HOME_NET any -> [165.228.249.93] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.249.93/; sid:900690832; rev:1;) alert tcp $HOME_NET any -> [117.2.133.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.133.44/; sid:900690822; rev:1;) alert tcp $HOME_NET any -> [108.56.190.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.56.190.155/; sid:900690821; rev:1;) alert tcp $HOME_NET any -> [63.230.212.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.230.212.128/; sid:900690820; rev:1;) alert tcp $HOME_NET any -> [106.243.65.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.65.250/; sid:900690818; rev:1;) alert tcp $HOME_NET any -> [216.137.249.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.137.249.154/; sid:900690817; rev:1;) alert tcp $HOME_NET any -> [197.87.130.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.130.229/; sid:900690816; rev:1;) alert tcp $HOME_NET any -> [24.205.231.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.205.231.46/; sid:900690671; rev:1;) alert tcp $HOME_NET any -> [105.229.147.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.229.147.33/; sid:900690659; rev:1;) alert tcp $HOME_NET any -> [12.196.65.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.196.65.34/; sid:900690656; rev:1;) alert tcp $HOME_NET any -> [88.225.226.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.226.41/; sid:900690654; rev:1;) alert tcp $HOME_NET any -> [54.38.43.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.43.230/; sid:900609176; rev:1;) alert tcp $HOME_NET any -> [70.32.91.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.91.58/; sid:900609173; rev:1;) alert tcp $HOME_NET any -> [216.144.99.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.144.99.249/; sid:900609175; rev:1;) alert tcp $HOME_NET any -> [70.62.224.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.62.224.226/; sid:900609177; rev:1;) alert tcp $HOME_NET any -> [176.9.151.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.151.108/; sid:900609174; rev:1;) alert tcp $HOME_NET any -> [98.191.228.168] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.191.228.168/; sid:900690373; rev:1;) alert tcp $HOME_NET any -> [111.119.215.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.119.215.225/; sid:900690368; rev:1;) alert tcp $HOME_NET any -> [71.176.211.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.176.211.86/; sid:900690365; rev:1;) alert tcp $HOME_NET any -> [109.107.235.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.235.152/; sid:900690359; rev:1;) alert tcp $HOME_NET any -> [68.8.238.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.8.238.86/; sid:900690358; rev:1;) alert tcp $HOME_NET any -> [209.239.105.18] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.105.18/; sid:900690357; rev:1;) alert tcp $HOME_NET any -> [203.163.231.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.163.231.123/; sid:900690355; rev:1;) alert tcp $HOME_NET any -> [12.154.10.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.154.10.186/; sid:900690353; rev:1;) alert tcp $HOME_NET any -> [204.184.24.82] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.24.82/; sid:900690349; rev:1;) alert tcp $HOME_NET any -> [83.110.138.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.138.177/; sid:900690348; rev:1;) alert tcp $HOME_NET any -> [67.160.28.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.160.28.237/; sid:900690347; rev:1;) alert tcp $HOME_NET any -> [173.195.204.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.195.204.36/; sid:900690346; rev:1;) alert tcp $HOME_NET any -> [105.227.80.43] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.80.43/; sid:900690345; rev:1;) alert tcp $HOME_NET any -> [189.152.53.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.53.248/; sid:900690344; rev:1;) alert tcp $HOME_NET any -> [75.148.213.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.148.213.233/; sid:900690343; rev:1;) alert tcp $HOME_NET any -> [184.176.4.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.4.162/; sid:900690342; rev:1;) alert tcp $HOME_NET any -> [200.57.229.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.57.229.27/; sid:900690341; rev:1;) alert tcp $HOME_NET any -> [186.69.3.154] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.69.3.154/; sid:900690131; rev:1;) alert tcp $HOME_NET any -> [195.13.188.82] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.13.188.82/; sid:900690128; rev:1;) alert tcp $HOME_NET any -> [175.138.83.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.138.83.138/; sid:900690127; rev:1;) alert tcp $HOME_NET any -> [114.109.170.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.170.114/; sid:900690126; rev:1;) alert tcp $HOME_NET any -> [200.57.102.71] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.57.102.71/; sid:900690120; rev:1;) alert tcp $HOME_NET any -> [186.101.74.154] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.74.154/; sid:900690118; rev:1;) alert tcp $HOME_NET any -> [197.92.225.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.225.116/; sid:900690117; rev:1;) alert tcp $HOME_NET any -> [186.151.52.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.151.52.187/; sid:900690115; rev:1;) alert tcp $HOME_NET any -> [201.211.46.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.46.151/; sid:900690114; rev:1;) alert tcp $HOME_NET any -> [108.51.155.120] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.155.120/; sid:900690110; rev:1;) alert tcp $HOME_NET any -> [181.44.169.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.169.132/; sid:900690109; rev:1;) alert tcp $HOME_NET any -> [186.68.82.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.82.18/; sid:900690108; rev:1;) alert tcp $HOME_NET any -> [91.19.104.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.19.104.33/; sid:900690107; rev:1;) alert tcp $HOME_NET any -> [200.118.241.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.118.241.21/; sid:900690106; rev:1;) alert tcp $HOME_NET any -> [189.250.171.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.171.115/; sid:900690105; rev:1;) alert tcp $HOME_NET any -> [187.192.232.16] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.232.16/; sid:900690104; rev:1;) alert tcp $HOME_NET any -> [76.170.143.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.170.143.9/; sid:900690103; rev:1;) alert tcp $HOME_NET any -> [72.241.162.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.241.162.229/; sid:900690102; rev:1;) alert tcp $HOME_NET any -> [74.89.23.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.89.23.180/; sid:900690101; rev:1;) alert tcp $HOME_NET any -> [172.113.215.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.113.215.132/; sid:900608921; rev:1;) alert tcp $HOME_NET any -> [107.182.34.241] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.182.34.241/; sid:900608920; rev:1;) alert tcp $HOME_NET any -> [24.203.4.40] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.203.4.40/; sid:900608970; rev:1;) alert tcp $HOME_NET any -> [190.140.187.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.140.187.200/; sid:900689869; rev:1;) alert tcp $HOME_NET any -> [81.21.12.6] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.12.6/; sid:900689851; rev:1;) alert tcp $HOME_NET any -> [177.231.255.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.255.134/; sid:900689849; rev:1;) alert tcp $HOME_NET any -> [46.17.209.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.209.164/; sid:900689848; rev:1;) alert tcp $HOME_NET any -> [186.101.81.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.81.10/; sid:900689846; rev:1;) alert tcp $HOME_NET any -> [88.225.230.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.230.70/; sid:900689845; rev:1;) alert tcp $HOME_NET any -> [89.145.200.162] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.145.200.162/; sid:900689842; rev:1;) alert tcp $HOME_NET any -> [88.250.185.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.185.242/; sid:900689841; rev:1;) alert tcp $HOME_NET any -> [31.166.244.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.166.244.172/; sid:900689840; rev:1;) alert tcp $HOME_NET any -> [24.42.51.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.42.51.139/; sid:900689839; rev:1;) alert tcp $HOME_NET any -> [69.118.64.136] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.118.64.136/; sid:900689838; rev:1;) alert tcp $HOME_NET any -> [101.187.255.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.255.122/; sid:900689837; rev:1;) alert tcp $HOME_NET any -> [173.94.9.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.9.21/; sid:900689835; rev:1;) alert tcp $HOME_NET any -> [199.26.184.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.26.184.82/; sid:900689834; rev:1;) alert tcp $HOME_NET any -> [68.84.221.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.84.221.138/; sid:900689833; rev:1;) alert tcp $HOME_NET any -> [69.23.76.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.23.76.217/; sid:900689768; rev:1;) alert tcp $HOME_NET any -> [190.180.8.85] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.8.85/; sid:900689767; rev:1;) alert tcp $HOME_NET any -> [181.120.189.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.189.184/; sid:900689763; rev:1;) alert tcp $HOME_NET any -> [190.151.62.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.62.234/; sid:900689761; rev:1;) alert tcp $HOME_NET any -> [186.22.50.195] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.22.50.195/; sid:900689760; rev:1;) alert tcp $HOME_NET any -> [187.188.44.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.44.32/; sid:900689758; rev:1;) alert tcp $HOME_NET any -> [12.44.127.26] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.44.127.26/; sid:900689757; rev:1;) alert tcp $HOME_NET any -> [77.122.237.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.122.237.72/; sid:900689756; rev:1;) alert tcp $HOME_NET any -> [75.108.22.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.108.22.7/; sid:900689754; rev:1;) alert tcp $HOME_NET any -> [187.237.79.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.237.79.91/; sid:900689753; rev:1;) alert tcp $HOME_NET any -> [190.131.63.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.63.204/; sid:900689751; rev:1;) alert tcp $HOME_NET any -> [75.109.200.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.200.232/; sid:900689747; rev:1;) alert tcp $HOME_NET any -> [181.134.174.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.134.174.38/; sid:900689746; rev:1;) alert tcp $HOME_NET any -> [186.15.64.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.64.141/; sid:900689745; rev:1;) alert tcp $HOME_NET any -> [189.180.223.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.223.221/; sid:900689744; rev:1;) alert tcp $HOME_NET any -> [181.39.233.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.233.139/; sid:900689743; rev:1;) alert tcp $HOME_NET any -> [187.147.147.127] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.147.127/; sid:900689742; rev:1;) alert tcp $HOME_NET any -> [64.237.68.70] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.68.70/; sid:900689741; rev:1;) alert tcp $HOME_NET any -> [97.93.216.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.216.75/; sid:900689740; rev:1;) alert tcp $HOME_NET any -> [200.49.145.116] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.49.145.116/; sid:900689739; rev:1;) alert tcp $HOME_NET any -> [80.249.92.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.92.41/; sid:900689738; rev:1;) alert tcp $HOME_NET any -> [157.7.163.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.163.144/; sid:900608653; rev:1;) alert tcp $HOME_NET any -> [67.158.239.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.158.239.210/; sid:900689512; rev:1;) alert tcp $HOME_NET any -> [103.51.20.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.51.20.167/; sid:900689510; rev:1;) alert tcp $HOME_NET any -> [50.76.83.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.76.83.231/; sid:900689508; rev:1;) alert tcp $HOME_NET any -> [180.234.214.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.234.214.54/; sid:900689507; rev:1;) alert tcp $HOME_NET any -> [110.36.142.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.142.186/; sid:900689504; rev:1;) alert tcp $HOME_NET any -> [217.165.230.123] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.230.123/; sid:900689497; rev:1;) alert tcp $HOME_NET any -> [66.212.220.245] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.212.220.245/; sid:900689494; rev:1;) alert tcp $HOME_NET any -> [203.122.32.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.32.74/; sid:900689493; rev:1;) alert tcp $HOME_NET any -> [184.160.6.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.160.6.6/; sid:900689490; rev:1;) alert tcp $HOME_NET any -> [2.50.30.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.30.73/; sid:900689484; rev:1;) alert tcp $HOME_NET any -> [198.0.31.189] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.31.189/; sid:900689475; rev:1;) alert tcp $HOME_NET any -> [128.193.56.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.101/; sid:900689472; rev:1;) alert tcp $HOME_NET any -> [67.215.49.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.215.49.234/; sid:900689468; rev:1;) alert tcp $HOME_NET any -> [105.186.73.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.73.91/; sid:900689465; rev:1;) alert tcp $HOME_NET any -> [70.91.98.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.91.98.181/; sid:900689464; rev:1;) alert tcp $HOME_NET any -> [190.15.180.250] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.180.250/; sid:900689463; rev:1;) alert tcp $HOME_NET any -> [88.250.223.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.223.190/; sid:900689462; rev:1;) alert tcp $HOME_NET any -> [184.188.108.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.108.62/; sid:900689461; rev:1;) alert tcp $HOME_NET any -> [197.245.79.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.79.109/; sid:900689458; rev:1;) alert tcp $HOME_NET any -> [187.190.117.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.117.226/; sid:900689455; rev:1;) alert tcp $HOME_NET any -> [71.209.36.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.209.36.231/; sid:900689454; rev:1;) alert tcp $HOME_NET any -> [190.210.38.253] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.38.253/; sid:900689453; rev:1;) alert tcp $HOME_NET any -> [190.97.15.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.15.75/; sid:900689452; rev:1;) alert tcp $HOME_NET any -> [181.143.108.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.108.91/; sid:900689451; rev:1;) alert tcp $HOME_NET any -> [190.12.14.75] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.12.14.75/; sid:900689450; rev:1;) alert tcp $HOME_NET any -> [65.128.138.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.128.138.30/; sid:900689449; rev:1;) alert tcp $HOME_NET any -> [70.31.145.1] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.31.145.1/; sid:900689448; rev:1;) alert tcp $HOME_NET any -> [206.255.201.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.255.201.213/; sid:900689447; rev:1;) alert tcp $HOME_NET any -> [87.66.13.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.66.13.80/; sid:900689446; rev:1;) alert tcp $HOME_NET any -> [203.198.147.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.198.147.4/; sid:900689361; rev:1;) alert tcp $HOME_NET any -> [97.94.31.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.94.31.251/; sid:900689274; rev:1;) alert tcp $HOME_NET any -> [86.1.201.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.1.201.59/; sid:900689268; rev:1;) alert tcp $HOME_NET any -> [203.163.247.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.163.247.170/; sid:900689261; rev:1;) alert tcp $HOME_NET any -> [203.130.17.11] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.17.11/; sid:900689257; rev:1;) alert tcp $HOME_NET any -> [85.140.41.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.140.41.130/; sid:900689254; rev:1;) alert tcp $HOME_NET any -> [182.75.161.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.75.161.42/; sid:900689252; rev:1;) alert tcp $HOME_NET any -> [183.82.104.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.104.189/; sid:900689249; rev:1;) alert tcp $HOME_NET any -> [119.161.96.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.161.96.149/; sid:900689248; rev:1;) alert tcp $HOME_NET any -> [85.105.127.131] 8090 (msg:"Feodo Tra