################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2019-03-14 14:24:27 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [86.98.222.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.222.202/; sid:900833571; rev:1;) alert tcp $HOME_NET any -> [31.167.109.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.109.122/; sid:900833565; rev:1;) alert tcp $HOME_NET any -> [201.236.95.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.95.82/; sid:900833562; rev:1;) alert tcp $HOME_NET any -> [47.180.177.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.177.96/; sid:900833554; rev:1;) alert tcp $HOME_NET any -> [190.51.51.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.51.93/; sid:900833551; rev:1;) alert tcp $HOME_NET any -> [73.183.131.231] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.183.131.231/; sid:900833549; rev:1;) alert tcp $HOME_NET any -> [201.212.91.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.91.189/; sid:900833546; rev:1;) alert tcp $HOME_NET any -> [173.177.157.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.177.157.7/; sid:900833537; rev:1;) alert tcp $HOME_NET any -> [189.250.145.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.145.98/; sid:900833533; rev:1;) alert tcp $HOME_NET any -> [190.185.241.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.185.241.151/; sid:900833528; rev:1;) alert tcp $HOME_NET any -> [71.43.73.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.73.58/; sid:900833512; rev:1;) alert tcp $HOME_NET any -> [162.104.1.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.104.1.255/; sid:900833511; rev:1;) alert tcp $HOME_NET any -> [24.137.254.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.137.254.148/; sid:900833510; rev:1;) alert tcp $HOME_NET any -> [71.88.106.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.88.106.124/; sid:900833509; rev:1;) alert tcp $HOME_NET any -> [200.116.26.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.26.234/; sid:900833508; rev:1;) alert tcp $HOME_NET any -> [181.57.193.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.10/; sid:900829846; rev:1;) alert tcp $HOME_NET any -> [70.57.82.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.82.196/; sid:900829845; rev:1;) alert tcp $HOME_NET any -> [80.115.91.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.115.91.222/; sid:900829844; rev:1;) alert tcp $HOME_NET any -> [41.220.119.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.119.246/; sid:900829843; rev:1;) alert tcp $HOME_NET any -> [50.80.248.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.248.108/; sid:900829842; rev:1;) alert tcp $HOME_NET any -> [187.233.152.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.152.78/; sid:900829841; rev:1;) alert tcp $HOME_NET any -> [190.146.214.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.214.85/; sid:900829815; rev:1;) alert tcp $HOME_NET any -> [190.15.198.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.198.47/; sid:900829814; rev:1;) alert tcp $HOME_NET any -> [186.3.188.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.188.74/; sid:900829813; rev:1;) alert tcp $HOME_NET any -> [190.117.206.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.206.153/; sid:900829812; rev:1;) alert tcp $HOME_NET any -> [190.146.86.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.86.180/; sid:900829811; rev:1;) alert tcp $HOME_NET any -> [187.207.188.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.188.248/; sid:900829810; rev:1;) alert tcp $HOME_NET any -> [82.78.228.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.228.57/; sid:900829809; rev:1;) alert tcp $HOME_NET any -> [76.168.149.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.149.66/; sid:900828698; rev:1;) alert tcp $HOME_NET any -> [71.182.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.182.128.166/; sid:900828697; rev:1;) alert tcp $HOME_NET any -> [201.239.154.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.154.191/; sid:900828696; rev:1;) alert tcp $HOME_NET any -> [64.9.43.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.9.43.60/; sid:900828695; rev:1;) alert tcp $HOME_NET any -> [64.46.91.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.46.91.165/; sid:900828694; rev:1;) alert tcp $HOME_NET any -> [67.248.56.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.56.82/; sid:900828693; rev:1;) alert tcp $HOME_NET any -> [189.209.217.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.217.49/; sid:900828692; rev:1;) alert tcp $HOME_NET any -> [160.3.238.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.3.238.131/; sid:900828691; rev:1;) alert tcp $HOME_NET any -> [190.97.219.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.219.241/; sid:900828690; rev:1;) alert tcp $HOME_NET any -> [201.220.152.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.152.101/; sid:900828689; rev:1;) alert tcp $HOME_NET any -> [91.205.215.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.57/; sid:900828452; rev:1;) alert tcp $HOME_NET any -> [109.73.52.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.73.52.242/; sid:900828449; rev:1;) alert tcp $HOME_NET any -> [139.59.19.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.19.157/; sid:900828443; rev:1;) alert tcp $HOME_NET any -> [181.228.211.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.211.100/; sid:900828437; rev:1;) alert tcp $HOME_NET any -> [207.134.207.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.207.44/; sid:900828436; rev:1;) alert tcp $HOME_NET any -> [181.40.122.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.40.122.122/; sid:900828435; rev:1;) alert tcp $HOME_NET any -> [152.171.65.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.65.137/; sid:900828434; rev:1;) alert tcp $HOME_NET any -> [181.198.203.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.150/; sid:900828433; rev:1;) alert tcp $HOME_NET any -> [45.33.49.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.49.124/; sid:900828256; rev:1;) alert tcp $HOME_NET any -> [200.113.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.185.229/; sid:900828255; rev:1;) alert tcp $HOME_NET any -> [185.94.252.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.3/; sid:900828251; rev:1;) alert tcp $HOME_NET any -> [108.188.116.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.188.116.179/; sid:900828246; rev:1;) alert tcp $HOME_NET any -> [90.219.97.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.219.97.38/; sid:900828244; rev:1;) alert tcp $HOME_NET any -> [24.243.101.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.101.134/; sid:900828245; rev:1;) alert tcp $HOME_NET any -> [200.50.185.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.185.54/; sid:900828243; rev:1;) alert tcp $HOME_NET any -> [62.217.133.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.217.133.100/; sid:900828241; rev:1;) alert tcp $HOME_NET any -> [70.184.97.144] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.97.144/; sid:900825790; rev:1;) alert tcp $HOME_NET any -> [190.210.3.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.3.93/; sid:900825789; rev:1;) alert tcp $HOME_NET any -> [71.11.157.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.11.157.249/; sid:900825788; rev:1;) alert tcp $HOME_NET any -> [50.246.45.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.246.45.249/; sid:900825787; rev:1;) alert tcp $HOME_NET any -> [181.197.2.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.252/; sid:900825786; rev:1;) alert tcp $HOME_NET any -> [64.87.26.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.17/; sid:900825544; rev:1;) alert tcp $HOME_NET any -> [94.183.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.129.173/; sid:900825541; rev:1;) alert tcp $HOME_NET any -> [182.180.92.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.92.102/; sid:900825540; rev:1;) alert tcp $HOME_NET any -> [67.209.208.130] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.208.130/; sid:900825539; rev:1;) alert tcp $HOME_NET any -> [187.189.195.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.195.208/; sid:900825538; rev:1;) alert tcp $HOME_NET any -> [103.39.131.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.39.131.88/; sid:900825536; rev:1;) alert tcp $HOME_NET any -> [86.239.117.57] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.239.117.57/; sid:900825537; rev:1;) alert tcp $HOME_NET any -> [45.36.20.17] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.20.17/; sid:900825535; rev:1;) alert tcp $HOME_NET any -> [201.192.156.113] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.156.113/; sid:900823324; rev:1;) alert tcp $HOME_NET any -> [187.188.83.52] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.83.52/; sid:900823303; rev:1;) alert tcp $HOME_NET any -> [186.179.80.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.99/; sid:900823302; rev:1;) alert tcp $HOME_NET any -> [69.2.162.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.2.162.139/; sid:900823301; rev:1;) alert tcp $HOME_NET any -> [27.72.113.79] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.113.79/; sid:900823300; rev:1;) alert tcp $HOME_NET any -> [70.15.236.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.236.247/; sid:900823299; rev:1;) alert tcp $HOME_NET any -> [58.171.215.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.215.214/; sid:900823298; rev:1;) alert tcp $HOME_NET any -> [211.63.34.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.34.183/; sid:900823297; rev:1;) alert tcp $HOME_NET any -> [174.56.47.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.47.59/; sid:900823296; rev:1;) alert tcp $HOME_NET any -> [201.253.238.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.253.238.50/; sid:900823295; rev:1;) alert tcp $HOME_NET any -> [213.107.110.253] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.253/; sid:900823268; rev:1;) alert tcp $HOME_NET any -> [105.224.170.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.35/; sid:900823267; rev:1;) alert tcp $HOME_NET any -> [190.85.38.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.38.226/; sid:900823266; rev:1;) alert tcp $HOME_NET any -> [190.92.48.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.48.253/; sid:900823265; rev:1;) alert tcp $HOME_NET any -> [186.15.83.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.83.52/; sid:900823264; rev:1;) alert tcp $HOME_NET any -> [190.193.141.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.141.52/; sid:900823263; rev:1;) alert tcp $HOME_NET any -> [181.61.221.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.221.146/; sid:900813557; rev:1;) alert tcp $HOME_NET any -> [70.57.24.230] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.24.230/; sid:900813556; rev:1;) alert tcp $HOME_NET any -> [89.211.193.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.193.18/; sid:900813555; rev:1;) alert tcp $HOME_NET any -> [70.28.22.105] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.22.105/; sid:900813554; rev:1;) alert tcp $HOME_NET any -> [178.78.64.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.78.64.80/; sid:900813553; rev:1;) alert tcp $HOME_NET any -> [87.106.139.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.139.101/; sid:900813379; rev:1;) alert tcp $HOME_NET any -> [64.13.225.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.13.225.150/; sid:900813371; rev:1;) alert tcp $HOME_NET any -> [187.176.44.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.44.226/; sid:900813367; rev:1;) alert tcp $HOME_NET any -> [85.104.59.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.59.244/; sid:900813366; rev:1;) alert tcp $HOME_NET any -> [175.107.228.236] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.228.236/; sid:900813365; rev:1;) alert tcp $HOME_NET any -> [206.53.93.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.53.93.6/; sid:900813364; rev:1;) alert tcp $HOME_NET any -> [186.43.57.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.57.143/; sid:900813363; rev:1;) alert tcp $HOME_NET any -> [62.151.17.5] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.5/; sid:900813362; rev:1;) alert tcp $HOME_NET any -> [186.4.234.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.234.27/; sid:900813361; rev:1;) alert tcp $HOME_NET any -> [189.151.39.229] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.39.229/; sid:900810453; rev:1;) alert tcp $HOME_NET any -> [24.234.249.226] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.249.226/; sid:900810452; rev:1;) alert tcp $HOME_NET any -> [200.51.94.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.51.94.251/; sid:900810451; rev:1;) alert tcp $HOME_NET any -> [186.177.30.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.30.6/; sid:900810450; rev:1;) alert tcp $HOME_NET any -> [190.108.216.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.216.107/; sid:900810229; rev:1;) alert tcp $HOME_NET any -> [103.209.65.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.65.42/; sid:900810228; rev:1;) alert tcp $HOME_NET any -> [24.61.139.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.61.139.70/; sid:900810227; rev:1;) alert tcp $HOME_NET any -> [110.172.188.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.120/; sid:900810226; rev:1;) alert tcp $HOME_NET any -> [41.57.104.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.104.182/; sid:900810225; rev:1;) alert tcp $HOME_NET any -> [201.220.83.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.83.133/; sid:900806095; rev:1;) alert tcp $HOME_NET any -> [75.104.218.201] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.104.218.201/; sid:900806091; rev:1;) alert tcp $HOME_NET any -> [187.142.0.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.0.234/; sid:900806089; rev:1;) alert tcp $HOME_NET any -> [177.242.51.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.51.8/; sid:900806080; rev:1;) alert tcp $HOME_NET any -> [186.43.207.22] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.207.22/; sid:900806074; rev:1;) alert tcp $HOME_NET any -> [186.113.255.229] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.255.229/; sid:900806073; rev:1;) alert tcp $HOME_NET any -> [189.156.39.161] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.39.161/; sid:900806072; rev:1;) alert tcp $HOME_NET any -> [187.209.46.240] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.46.240/; sid:900806071; rev:1;) alert tcp $HOME_NET any -> [189.153.60.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.60.187/; sid:900806070; rev:1;) alert tcp $HOME_NET any -> [199.36.199.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.36.199.104/; sid:900806069; rev:1;) alert tcp $HOME_NET any -> [40.134.64.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.64.58/; sid:900806068; rev:1;) alert tcp $HOME_NET any -> [186.86.199.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.199.79/; sid:900806067; rev:1;) alert tcp $HOME_NET any -> [181.209.169.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.209.169.123/; sid:900806066; rev:1;) alert tcp $HOME_NET any -> [190.46.30.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.46.30.14/; sid:900806065; rev:1;) alert tcp $HOME_NET any -> [71.224.174.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.224.174.17/; sid:900805958; rev:1;) alert tcp $HOME_NET any -> [182.184.72.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.72.199/; sid:900805956; rev:1;) alert tcp $HOME_NET any -> [133.242.156.30] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.156.30/; sid:900805948; rev:1;) alert tcp $HOME_NET any -> [203.143.86.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.143.86.111/; sid:900805947; rev:1;) alert tcp $HOME_NET any -> [213.191.168.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.168.93/; sid:900805946; rev:1;) alert tcp $HOME_NET any -> [88.225.223.211] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.223.211/; sid:900805945; rev:1;) alert tcp $HOME_NET any -> [189.141.175.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.175.53/; sid:900805944; rev:1;) alert tcp $HOME_NET any -> [201.119.12.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.119.12.225/; sid:900805943; rev:1;) alert tcp $HOME_NET any -> [189.154.126.105] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.126.105/; sid:900805942; rev:1;) alert tcp $HOME_NET any -> [94.200.157.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.157.250/; sid:900805941; rev:1;) alert tcp $HOME_NET any -> [66.115.86.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.86.249/; sid:900805940; rev:1;) alert tcp $HOME_NET any -> [70.119.86.15] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.86.15/; sid:900805939; rev:1;) alert tcp $HOME_NET any -> [103.101.59.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.59.2/; sid:900805938; rev:1;) alert tcp $HOME_NET any -> [189.142.143.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.142.143.187/; sid:900805937; rev:1;) alert tcp $HOME_NET any -> [200.55.136.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.136.2/; sid:900805913; rev:1;) alert tcp $HOME_NET any -> [23.240.26.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.240.26.210/; sid:900805909; rev:1;) alert tcp $HOME_NET any -> [190.117.51.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.51.248/; sid:900805908; rev:1;) alert tcp $HOME_NET any -> [181.16.4.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.4.180/; sid:900805907; rev:1;) alert tcp $HOME_NET any -> [164.77.138.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.77.138.194/; sid:900805906; rev:1;) alert tcp $HOME_NET any -> [104.33.204.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.204.83/; sid:900805905; rev:1;) alert tcp $HOME_NET any -> [80.167.67.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.167.67.247/; sid:900804195; rev:1;) alert tcp $HOME_NET any -> [110.93.230.101] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.230.101/; sid:900804194; rev:1;) alert tcp $HOME_NET any -> [118.32.221.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.32.221.23/; sid:900803752; rev:1;) alert tcp $HOME_NET any -> [78.188.105.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.105.159/; sid:900803749; rev:1;) alert tcp $HOME_NET any -> [41.87.168.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.87.168.158/; sid:900803744; rev:1;) alert tcp $HOME_NET any -> [42.115.105.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.105.246/; sid:900803738; rev:1;) alert tcp $HOME_NET any -> [103.107.27.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.27.129/; sid:900803737; rev:1;) alert tcp $HOME_NET any -> [59.103.164.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.103.164.174/; sid:900803736; rev:1;) alert tcp $HOME_NET any -> [103.224.157.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.157.244/; sid:900803735; rev:1;) alert tcp $HOME_NET any -> [103.53.44.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.20/; sid:900803734; rev:1;) alert tcp $HOME_NET any -> [111.91.71.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.91.71.164/; sid:900803733; rev:1;) alert tcp $HOME_NET any -> [217.165.127.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.223/; sid:900803732; rev:1;) alert tcp $HOME_NET any -> [71.91.105.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.105.254/; sid:900803731; rev:1;) alert tcp $HOME_NET any -> [97.123.191.36] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.123.191.36/; sid:900803730; rev:1;) alert tcp $HOME_NET any -> [189.188.140.179] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.188.140.179/; sid:900803618; rev:1;) alert tcp $HOME_NET any -> [186.23.186.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.186.99/; sid:900803610; rev:1;) alert tcp $HOME_NET any -> [143.0.245.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.245.169/; sid:900803609; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900803608; rev:1;) alert tcp $HOME_NET any -> [190.111.215.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.2/; sid:900803607; rev:1;) alert tcp $HOME_NET any -> [201.213.72.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.72.74/; sid:900803606; rev:1;) alert tcp $HOME_NET any -> [190.188.207.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.207.72/; sid:900803605; rev:1;) alert tcp $HOME_NET any -> [201.251.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.12.153/; sid:900803604; rev:1;) alert tcp $HOME_NET any -> [201.184.224.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.224.178/; sid:900803603; rev:1;) alert tcp $HOME_NET any -> [95.44.198.249] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.44.198.249/; sid:900803602; rev:1;) alert tcp $HOME_NET any -> [74.56.155.43] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.155.43/; sid:900803601; rev:1;) alert tcp $HOME_NET any -> [190.117.202.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.202.39/; sid:900801075; rev:1;) alert tcp $HOME_NET any -> [201.233.19.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.233.19.23/; sid:900801070; rev:1;) alert tcp $HOME_NET any -> [209.217.209.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.217.209.214/; sid:900801067; rev:1;) alert tcp $HOME_NET any -> [75.149.91.249] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.149.91.249/; sid:900801063; rev:1;) alert tcp $HOME_NET any -> [181.140.37.228] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.37.228/; sid:900801057; rev:1;) alert tcp $HOME_NET any -> [201.231.209.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.209.16/; sid:900801056; rev:1;) alert tcp $HOME_NET any -> [216.8.171.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.171.214/; sid:900801055; rev:1;) alert tcp $HOME_NET any -> [117.218.17.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.17.6/; sid:900801054; rev:1;) alert tcp $HOME_NET any -> [190.47.158.127] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.158.127/; sid:900801053; rev:1;) alert tcp $HOME_NET any -> [200.116.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.70.135/; sid:900801052; rev:1;) alert tcp $HOME_NET any -> [60.254.45.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.45.78/; sid:900801051; rev:1;) alert tcp $HOME_NET any -> [96.20.94.194] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.94.194/; sid:900801050; rev:1;) alert tcp $HOME_NET any -> [181.175.60.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.60.255/; sid:900801049; rev:1;) alert tcp $HOME_NET any -> [152.168.211.207] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.211.207/; sid:900801048; rev:1;) alert tcp $HOME_NET any -> [190.131.155.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.155.107/; sid:900795350; rev:1;) alert tcp $HOME_NET any -> [87.75.117.133] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.75.117.133/; sid:900795346; rev:1;) alert tcp $HOME_NET any -> [85.164.23.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.164.23.34/; sid:900795340; rev:1;) alert tcp $HOME_NET any -> [116.58.22.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.22.75/; sid:900795334; rev:1;) alert tcp $HOME_NET any -> [200.125.28.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.28.214/; sid:900795329; rev:1;) alert tcp $HOME_NET any -> [192.250.16.124] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.250.16.124/; sid:900795328; rev:1;) alert tcp $HOME_NET any -> [98.144.73.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.73.193/; sid:900795327; rev:1;) alert tcp $HOME_NET any -> [187.163.222.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.222.244/; sid:900795326; rev:1;) alert tcp $HOME_NET any -> [190.77.126.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.77.126.30/; sid:900795325; rev:1;) alert tcp $HOME_NET any -> [74.95.133.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.95.133.5/; sid:900795324; rev:1;) alert tcp $HOME_NET any -> [2.50.177.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.177.244/; sid:900795323; rev:1;) alert tcp $HOME_NET any -> [190.219.182.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.182.18/; sid:900795322; rev:1;) alert tcp $HOME_NET any -> [186.71.61.92] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.92/; sid:900795321; rev:1;) alert tcp $HOME_NET any -> [108.58.73.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.58.73.115/; sid:900795320; rev:1;) alert tcp $HOME_NET any -> [104.220.134.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.134.222/; sid:900795095; rev:1;) alert tcp $HOME_NET any -> [104.58.17.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.58.17.163/; sid:900795093; rev:1;) alert tcp $HOME_NET any -> [173.164.202.129] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.164.202.129/; sid:900795092; rev:1;) alert tcp $HOME_NET any -> [74.195.15.29] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.195.15.29/; sid:900795091; rev:1;) alert tcp $HOME_NET any -> [71.215.247.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.215.247.43/; sid:900795090; rev:1;) alert tcp $HOME_NET any -> [108.51.109.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.109.34/; sid:900795088; rev:1;) alert tcp $HOME_NET any -> [50.192.4.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.4.161/; sid:900795086; rev:1;) alert tcp $HOME_NET any -> [206.15.68.84] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.15.68.84/; sid:900795081; rev:1;) alert tcp $HOME_NET any -> [72.91.227.119] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.91.227.119/; sid:900795079; rev:1;) alert tcp $HOME_NET any -> [181.61.253.171] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.171/; sid:900795077; rev:1;) alert tcp $HOME_NET any -> [108.183.160.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.183.160.57/; sid:900795076; rev:1;) alert tcp $HOME_NET any -> [70.100.118.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.100.118.224/; sid:900795073; rev:1;) alert tcp $HOME_NET any -> [75.109.110.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.110.102/; sid:900795072; rev:1;) alert tcp $HOME_NET any -> [24.209.31.102] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.209.31.102/; sid:900795070; rev:1;) alert tcp $HOME_NET any -> [70.91.215.57] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.91.215.57/; sid:900795071; rev:1;) alert tcp $HOME_NET any -> [104.129.188.170] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.188.170/; sid:900795069; rev:1;) alert tcp $HOME_NET any -> [67.42.71.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.42.71.66/; sid:900795068; rev:1;) alert tcp $HOME_NET any -> [70.119.159.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.159.214/; sid:900795067; rev:1;) alert tcp $HOME_NET any -> [148.103.9.108] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.9.108/; sid:900795066; rev:1;) alert tcp $HOME_NET any -> [187.188.148.16] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.148.16/; sid:900795065; rev:1;) alert tcp $HOME_NET any -> [39.61.49.128] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.49.128/; sid:900795064; rev:1;) alert tcp $HOME_NET any -> [76.73.184.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.73.184.103/; sid:900792660; rev:1;) alert tcp $HOME_NET any -> [70.168.116.204] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.116.204/; sid:900792658; rev:1;) alert tcp $HOME_NET any -> [96.64.59.185] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.59.185/; sid:900792655; rev:1;) alert tcp $HOME_NET any -> [66.57.47.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.47.2/; sid:900792652; rev:1;) alert tcp $HOME_NET any -> [96.56.206.155] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.206.155/; sid:900792653; rev:1;) alert tcp $HOME_NET any -> [88.249.85.118] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.85.118/; sid:900792651; rev:1;) alert tcp $HOME_NET any -> [47.50.17.78] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.17.78/; sid:900792650; rev:1;) alert tcp $HOME_NET any -> [72.132.106.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.132.106.183/; sid:900792649; rev:1;) alert tcp $HOME_NET any -> [73.185.67.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.185.67.141/; sid:900792648; rev:1;) alert tcp $HOME_NET any -> [70.118.9.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.9.166/; sid:900792646; rev:1;) alert tcp $HOME_NET any -> [71.175.108.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.175.108.209/; sid:900792644; rev:1;) alert tcp $HOME_NET any -> [189.236.80.172] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.80.172/; sid:900792641; rev:1;) alert tcp $HOME_NET any -> [192.186.96.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.124/; sid:900792640; rev:1;) alert tcp $HOME_NET any -> [66.115.89.239] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.89.239/; sid:900792639; rev:1;) alert tcp $HOME_NET any -> [189.166.121.19] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.121.19/; sid:900792638; rev:1;) alert tcp $HOME_NET any -> [67.238.131.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.238.131.194/; sid:900792637; rev:1;) alert tcp $HOME_NET any -> [24.232.118.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.118.175/; sid:900792636; rev:1;) alert tcp $HOME_NET any -> [190.47.64.245] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.64.245/; sid:900792635; rev:1;) alert tcp $HOME_NET any -> [24.189.222.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.189.222.181/; sid:900792634; rev:1;) alert tcp $HOME_NET any -> [71.78.24.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.24.146/; sid:900792633; rev:1;) alert tcp $HOME_NET any -> [216.119.181.170] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.119.181.170/; sid:900792632; rev:1;) alert tcp $HOME_NET any -> [70.45.30.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.30.28/; sid:900792183; rev:1;) alert tcp $HOME_NET any -> [132.248.18.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.18.45/; sid:900792182; rev:1;) alert tcp $HOME_NET any -> [70.24.147.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.203/; sid:900792181; rev:1;) alert tcp $HOME_NET any -> [190.110.239.130] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.239.130/; sid:900792177; rev:1;) alert tcp $HOME_NET any -> [68.149.151.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.149.151.102/; sid:900792176; rev:1;) alert tcp $HOME_NET any -> [216.81.19.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.81.19.67/; sid:900792173; rev:1;) alert tcp $HOME_NET any -> [181.39.66.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.66.29/; sid:900792171; rev:1;) alert tcp $HOME_NET any -> [101.187.168.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.168.2/; sid:900792170; rev:1;) alert tcp $HOME_NET any -> [84.45.230.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.45.230.228/; sid:900792169; rev:1;) alert tcp $HOME_NET any -> [181.164.241.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.241.251/; sid:900792168; rev:1;) alert tcp $HOME_NET any -> [187.208.214.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.214.53/; sid:900792167; rev:1;) alert tcp $HOME_NET any -> [187.232.31.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.31.68/; sid:900792166; rev:1;) alert tcp $HOME_NET any -> [187.153.217.39] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.217.39/; sid:900792165; rev:1;) alert tcp $HOME_NET any -> [189.236.96.21] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.96.21/; sid:900792161; rev:1;) alert tcp $HOME_NET any -> [105.227.228.7] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.228.7/; sid:900792160; rev:1;) alert tcp $HOME_NET any -> [187.209.66.50] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.66.50/; sid:900792159; rev:1;) alert tcp $HOME_NET any -> [181.30.61.163] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900792158; rev:1;) alert tcp $HOME_NET any -> [190.47.153.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.153.46/; sid:900792157; rev:1;) alert tcp $HOME_NET any -> [187.146.243.126] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.243.126/; sid:900792156; rev:1;) alert tcp $HOME_NET any -> [189.135.82.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.82.225/; sid:900792155; rev:1;) alert tcp $HOME_NET any -> [197.232.52.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.52.70/; sid:900792154; rev:1;) alert tcp $HOME_NET any -> [190.159.143.96] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.159.143.96/; sid:900792153; rev:1;) alert tcp $HOME_NET any -> [201.142.199.76] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.199.76/; sid:900792152; rev:1;) alert tcp $HOME_NET any -> [173.76.44.152] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.76.44.152/; sid:900790999; rev:1;) alert tcp $HOME_NET any -> [181.143.53.227] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.53.227/; sid:900790998; rev:1;) alert tcp $HOME_NET any -> [24.11.67.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.11.67.222/; sid:900790997; rev:1;) alert tcp $HOME_NET any -> [74.80.16.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.80.16.10/; sid:900790996; rev:1;) alert tcp $HOME_NET any -> [73.124.73.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.124.73.90/; sid:900790995; rev:1;) alert tcp $HOME_NET any -> [172.114.175.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.175.156/; sid:900790994; rev:1;) alert tcp $HOME_NET any -> [154.72.75.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.72.75.82/; sid:900790988; rev:1;) alert tcp $HOME_NET any -> [189.234.165.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.165.149/; sid:900790987; rev:1;) alert tcp $HOME_NET any -> [98.157.215.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.215.153/; sid:900790985; rev:1;) alert tcp $HOME_NET any -> [181.119.30.27] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.27/; sid:900790983; rev:1;) alert tcp $HOME_NET any -> [216.49.114.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.49.114.172/; sid:900790981; rev:1;) alert tcp $HOME_NET any -> [69.136.227.134] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.136.227.134/; sid:900790980; rev:1;) alert tcp $HOME_NET any -> [190.215.53.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.215.53.85/; sid:900790977; rev:1;) alert tcp $HOME_NET any -> [71.240.202.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.240.202.13/; sid:900790976; rev:1;) alert tcp $HOME_NET any -> [186.179.243.7] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.243.7/; sid:900790975; rev:1;) alert tcp $HOME_NET any -> [5.107.161.71] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.161.71/; sid:900790974; rev:1;) alert tcp $HOME_NET any -> [50.224.156.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.224.156.190/; sid:900790973; rev:1;) alert tcp $HOME_NET any -> [5.107.250.192] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.250.192/; sid:900790972; rev:1;) alert tcp $HOME_NET any -> [187.233.136.39] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.136.39/; sid:900790971; rev:1;) alert tcp $HOME_NET any -> [175.101.79.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.79.120/; sid:900790970; rev:1;) alert tcp $HOME_NET any -> [70.164.196.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.196.211/; sid:900790969; rev:1;) alert tcp $HOME_NET any -> [71.91.161.118] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.161.118/; sid:900790968; rev:1;) alert tcp $HOME_NET any -> [182.76.6.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.76.6.2/; sid:900790070; rev:1;) alert tcp $HOME_NET any -> [46.197.87.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.197.87.227/; sid:900790065; rev:1;) alert tcp $HOME_NET any -> [181.39.51.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.242/; sid:900790061; rev:1;) alert tcp $HOME_NET any -> [78.189.143.75] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.143.75/; sid:900790053; rev:1;) alert tcp $HOME_NET any -> [213.119.28.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.119.28.126/; sid:900790052; rev:1;) alert tcp $HOME_NET any -> [190.220.33.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.33.82/; sid:900790049; rev:1;) alert tcp $HOME_NET any -> [51.77.108.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.108.93/; sid:900790047; rev:1;) alert tcp $HOME_NET any -> [50.45.208.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.45.208.50/; sid:900790045; rev:1;) alert tcp $HOME_NET any -> [173.21.26.90] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.26.90/; sid:900790044; rev:1;) alert tcp $HOME_NET any -> [201.239.126.253] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.126.253/; sid:900789846; rev:1;) alert tcp $HOME_NET any -> [117.218.253.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.253.157/; sid:900789845; rev:1;) alert tcp $HOME_NET any -> [47.157.230.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.230.41/; sid:900789841; rev:1;) alert tcp $HOME_NET any -> [66.228.228.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.228.211/; sid:900789835; rev:1;) alert tcp $HOME_NET any -> [208.189.3.60] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.189.3.60/; sid:900789832; rev:1;) alert tcp $HOME_NET any -> [70.30.252.174] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.30.252.174/; sid:900789831; rev:1;) alert tcp $HOME_NET any -> [117.4.245.5] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.245.5/; sid:900789828; rev:1;) alert tcp $HOME_NET any -> [201.156.42.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.156.42.238/; sid:900789826; rev:1;) alert tcp $HOME_NET any -> [189.154.100.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.100.228/; sid:900789820; rev:1;) alert tcp $HOME_NET any -> [97.121.198.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.121.198.2/; sid:900789819; rev:1;) alert tcp $HOME_NET any -> [190.248.133.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.248.133.18/; sid:900789818; rev:1;) alert tcp $HOME_NET any -> [190.144.66.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.66.30/; sid:900789814; rev:1;) alert tcp $HOME_NET any -> [189.208.239.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.239.98/; sid:900789808; rev:1;) alert tcp $HOME_NET any -> [186.138.205.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.205.189/; sid:900789793; rev:1;) alert tcp $HOME_NET any -> [173.248.147.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.248.147.186/; sid:900789792; rev:1;) alert tcp $HOME_NET any -> [184.161.177.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.161.177.223/; sid:900789791; rev:1;) alert tcp $HOME_NET any -> [105.225.179.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.179.102/; sid:900789790; rev:1;) alert tcp $HOME_NET any -> [186.96.198.72] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.198.72/; sid:900789789; rev:1;) alert tcp $HOME_NET any -> [70.28.3.120] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.3.120/; sid:900789788; rev:1;) alert tcp $HOME_NET any -> [201.220.140.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.140.190/; sid:900789787; rev:1;) alert tcp $HOME_NET any -> [190.171.105.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.105.158/; sid:900789786; rev:1;) alert tcp $HOME_NET any -> [187.201.31.46] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.201.31.46/; sid:900789785; rev:1;) alert tcp $HOME_NET any -> [85.105.215.241] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.215.241/; sid:900789784; rev:1;) alert tcp $HOME_NET any -> [181.164.25.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.25.28/; sid:900787002; rev:1;) alert tcp $HOME_NET any -> [200.116.200.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.200.136/; sid:900787001; rev:1;) alert tcp $HOME_NET any -> [190.186.110.202] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.110.202/; sid:900786999; rev:1;) alert tcp $HOME_NET any -> [50.195.236.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.195.236.117/; sid:900786996; rev:1;) alert tcp $HOME_NET any -> [104.200.80.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.200.80.44/; sid:900786995; rev:1;) alert tcp $HOME_NET any -> [69.170.237.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.170.237.82/; sid:900786991; rev:1;) alert tcp $HOME_NET any -> [187.146.255.151] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.255.151/; sid:900786989; rev:1;) alert tcp $HOME_NET any -> [24.194.252.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.194.252.25/; sid:900786987; rev:1;) alert tcp $HOME_NET any -> [116.58.87.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.87.8/; sid:900786981; rev:1;) alert tcp $HOME_NET any -> [181.15.224.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.224.57/; sid:900786973; rev:1;) alert tcp $HOME_NET any -> [184.101.191.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.101.191.86/; sid:900786972; rev:1;) alert tcp $HOME_NET any -> [108.190.34.69] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.34.69/; sid:900786946; rev:1;) alert tcp $HOME_NET any -> [96.234.162.118] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.162.118/; sid:900786943; rev:1;) alert tcp $HOME_NET any -> [75.97.212.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.97.212.250/; sid:900786937; rev:1;) alert tcp $HOME_NET any -> [107.13.149.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.149.212/; sid:900786933; rev:1;) alert tcp $HOME_NET any -> [47.187.38.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.38.245/; sid:900786917; rev:1;) alert tcp $HOME_NET any -> [2.96.48.32] 56056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.96.48.32/; sid:900784987; rev:1;) alert tcp $HOME_NET any -> [208.82.45.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.82.45.8/; sid:900781563; rev:1;) alert tcp $HOME_NET any -> [72.214.54.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.214.54.39/; sid:900781553; rev:1;) alert tcp $HOME_NET any -> [201.151.157.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.151.157.61/; sid:900781552; rev:1;) alert tcp $HOME_NET any -> [71.7.15.240] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.7.15.240/; sid:900781541; rev:1;) alert tcp $HOME_NET any -> [208.107.52.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.52.29/; sid:900781540; rev:1;) alert tcp $HOME_NET any -> [189.225.165.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.165.11/; sid:900781537; rev:1;) alert tcp $HOME_NET any -> [97.100.88.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.100.88.65/; sid:900781533; rev:1;) alert tcp $HOME_NET any -> [24.173.121.154] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.173.121.154/; sid:900781532; rev:1;) alert tcp $HOME_NET any -> [174.96.7.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.7.155/; sid:900781530; rev:1;) alert tcp $HOME_NET any -> [169.0.85.74] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.85.74/; sid:900781528; rev:1;) alert tcp $HOME_NET any -> [50.80.9.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.9.93/; sid:900781526; rev:1;) alert tcp $HOME_NET any -> [187.151.226.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.151.226.219/; sid:900781522; rev:1;) alert tcp $HOME_NET any -> [64.87.26.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.16/; sid:900781517; rev:1;) alert tcp $HOME_NET any -> [174.79.240.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.79.240.46/; sid:900781515; rev:1;) alert tcp $HOME_NET any -> [70.55.70.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.230/; sid:900781514; rev:1;) alert tcp $HOME_NET any -> [189.163.137.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.137.10/; sid:900781513; rev:1;) alert tcp $HOME_NET any -> [68.192.249.20] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.192.249.20/; sid:900780601; rev:1;) alert tcp $HOME_NET any -> [75.69.2.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.69.2.222/; sid:900780600; rev:1;) alert tcp $HOME_NET any -> [190.40.100.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.40.100.7/; sid:900780594; rev:1;) alert tcp $HOME_NET any -> [189.222.174.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.174.85/; sid:900780591; rev:1;) alert tcp $HOME_NET any -> [66.57.212.114] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.212.114/; sid:900780589; rev:1;) alert tcp $HOME_NET any -> [207.119.180.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.119.180.154/; sid:900780588; rev:1;) alert tcp $HOME_NET any -> [184.186.222.145] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.222.145/; sid:900780586; rev:1;) alert tcp $HOME_NET any -> [75.164.190.148] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.164.190.148/; sid:900780575; rev:1;) alert tcp $HOME_NET any -> [138.94.252.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.94.252.226/; sid:900780574; rev:1;) alert tcp $HOME_NET any -> [64.17.83.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.17.83.46/; sid:900780569; rev:1;) alert tcp $HOME_NET any -> [108.16.93.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.93.238/; sid:900780549; rev:1;) alert tcp $HOME_NET any -> [187.137.106.175] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.106.175/; sid:900780547; rev:1;) alert tcp $HOME_NET any -> [54.36.119.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.119.105/; sid:900780548; rev:1;) alert tcp $HOME_NET any -> [189.156.244.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.244.117/; sid:900780546; rev:1;) alert tcp $HOME_NET any -> [201.110.114.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.114.161/; sid:900780545; rev:1;) alert tcp $HOME_NET any -> [75.132.60.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.132.60.192/; sid:900780544; rev:1;) alert tcp $HOME_NET any -> [190.180.44.175] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.44.175/; sid:900780543; rev:1;) alert tcp $HOME_NET any -> [201.143.123.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.123.254/; sid:900780542; rev:1;) alert tcp $HOME_NET any -> [184.188.136.215] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.136.215/; sid:900780541; rev:1;) alert tcp $HOME_NET any -> [189.252.59.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.59.243/; sid:900780540; rev:1;) alert tcp $HOME_NET any -> [173.167.83.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.83.97/; sid:900780534; rev:1;) alert tcp $HOME_NET any -> [75.99.239.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.239.150/; sid:900780532; rev:1;) alert tcp $HOME_NET any -> [71.244.183.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.183.150/; sid:900780526; rev:1;) alert tcp $HOME_NET any -> [201.137.255.80] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.255.80/; sid:900780347; rev:1;) alert tcp $HOME_NET any -> [65.29.214.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.214.70/; sid:900780343; rev:1;) alert tcp $HOME_NET any -> [201.137.254.209] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.254.209/; sid:900780341; rev:1;) alert tcp $HOME_NET any -> [47.204.55.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.204.55.229/; sid:900780340; rev:1;) alert tcp $HOME_NET any -> [201.164.251.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.164.251.76/; sid:900780339; rev:1;) alert tcp $HOME_NET any -> [190.194.4.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.4.221/; sid:900780338; rev:1;) alert tcp $HOME_NET any -> [24.201.132.122] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.132.122/; sid:900780337; rev:1;) alert tcp $HOME_NET any -> [181.168.123.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.123.241/; sid:900779931; rev:1;) alert tcp $HOME_NET any -> [72.137.188.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.137.188.42/; sid:900779926; rev:1;) alert tcp $HOME_NET any -> [73.115.132.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.115.132.124/; sid:900779916; rev:1;) alert tcp $HOME_NET any -> [189.130.56.200] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.56.200/; sid:900779910; rev:1;) alert tcp $HOME_NET any -> [186.137.133.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.133.132/; sid:900779909; rev:1;) alert tcp $HOME_NET any -> [186.176.27.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.27.230/; sid:900779908; rev:1;) alert tcp $HOME_NET any -> [24.219.3.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.156/; sid:900779907; rev:1;) alert tcp $HOME_NET any -> [200.27.55.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.27.55.100/; sid:900779906; rev:1;) alert tcp $HOME_NET any -> [71.183.45.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.183.45.61/; sid:900779905; rev:1;) alert tcp $HOME_NET any -> [183.87.87.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.87.73/; sid:900779904; rev:1;) alert tcp $HOME_NET any -> [186.103.141.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.141.250/; sid:900779903; rev:1;) alert tcp $HOME_NET any -> [41.60.202.26] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.202.26/; sid:900779902; rev:1;) alert tcp $HOME_NET any -> [74.59.106.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.106.11/; sid:900779901; rev:1;) alert tcp $HOME_NET any -> [187.153.90.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.90.98/; sid:900779898; rev:1;) alert tcp $HOME_NET any -> [110.36.217.66] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.217.66/; sid:900779880; rev:1;) alert tcp $HOME_NET any -> [12.154.104.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.154.104.17/; sid:900779879; rev:1;) alert tcp $HOME_NET any -> [197.245.16.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.16.149/; sid:900779878; rev:1;) alert tcp $HOME_NET any -> [173.8.8.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.8.73/; sid:900779876; rev:1;) alert tcp $HOME_NET any -> [187.138.90.97] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.90.97/; sid:900779875; rev:1;) alert tcp $HOME_NET any -> [12.235.180.10] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.235.180.10/; sid:900779874; rev:1;) alert tcp $HOME_NET any -> [167.114.210.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.210.191/; sid:900779873; rev:1;) alert tcp $HOME_NET any -> [147.135.210.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.135.210.39/; sid:900779872; rev:1;) alert tcp $HOME_NET any -> [82.65.72.67] 21075 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.65.72.67/; sid:900779167; rev:1;) alert tcp $HOME_NET any -> [67.69.80.83] 16713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.69.80.83/; sid:900779166; rev:1;) alert tcp $HOME_NET any -> [67.166.132.100] 1293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.166.132.100/; sid:900779165; rev:1;) alert tcp $HOME_NET any -> [4.110.106.248] 27424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.248/; sid:900779164; rev:1;) alert tcp $HOME_NET any -> [4.110.106.168] 27344 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.168/; sid:900779163; rev:1;) alert tcp $HOME_NET any -> [4.110.106.88] 27264 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.88/; sid:900779162; rev:1;) alert tcp $HOME_NET any -> [4.110.106.8] 27184 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.8/; sid:900779161; rev:1;) alert tcp $HOME_NET any -> [4.110.105.184] 27104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.105.184/; sid:900779160; rev:1;) alert tcp $HOME_NET any -> [72.22.5.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.22.5.242/; sid:900776791; rev:1;) alert tcp $HOME_NET any -> [50.249.129.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.129.30/; sid:900776789; rev:1;) alert tcp $HOME_NET any -> [78.188.44.240] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.44.240/; sid:900776786; rev:1;) alert tcp $HOME_NET any -> [166.78.243.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.78.243.43/; sid:900776784; rev:1;) alert tcp $HOME_NET any -> [66.169.58.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.169.58.13/; sid:900776783; rev:1;) alert tcp $HOME_NET any -> [24.120.175.91] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.120.175.91/; sid:900776782; rev:1;) alert tcp $HOME_NET any -> [190.83.219.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.83.219.98/; sid:900776778; rev:1;) alert tcp $HOME_NET any -> [172.221.195.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.221.195.97/; sid:900776777; rev:1;) alert tcp $HOME_NET any -> [81.21.87.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.87.18/; sid:900776776; rev:1;) alert tcp $HOME_NET any -> [97.106.81.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.106.81.243/; sid:900776774; rev:1;) alert tcp $HOME_NET any -> [69.124.216.247] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.124.216.247/; sid:900776773; rev:1;) alert tcp $HOME_NET any -> [85.96.199.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.199.181/; sid:900776772; rev:1;) alert tcp $HOME_NET any -> [50.82.84.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.82.84.35/; sid:900776771; rev:1;) alert tcp $HOME_NET any -> [97.76.139.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.76.139.138/; sid:900776770; rev:1;) alert tcp $HOME_NET any -> [69.248.153.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.248.153.50/; sid:900776769; rev:1;) alert tcp $HOME_NET any -> [181.16.135.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.135.40/; sid:900776768; rev:1;) alert tcp $HOME_NET any -> [24.146.210.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.210.108/; sid:900776767; rev:1;) alert tcp $HOME_NET any -> [95.10.12.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.10.12.151/; sid:900775606; rev:1;) alert tcp $HOME_NET any -> [96.60.95.245] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.60.95.245/; sid:900775585; rev:1;) alert tcp $HOME_NET any -> [189.131.93.44] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.93.44/; sid:900775583; rev:1;) alert tcp $HOME_NET any -> [96.47.92.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.47.92.60/; sid:900775581; rev:1;) alert tcp $HOME_NET any -> [216.201.162.158] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900775580; rev:1;) alert tcp $HOME_NET any -> [67.249.245.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.249.245.159/; sid:900775579; rev:1;) alert tcp $HOME_NET any -> [98.0.245.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.245.234/; sid:900775578; rev:1;) alert tcp $HOME_NET any -> [82.14.53.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.14.53.90/; sid:900775577; rev:1;) alert tcp $HOME_NET any -> [66.216.234.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.216.234.131/; sid:900775576; rev:1;) alert tcp $HOME_NET any -> [51.77.109.38] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.109.38/; sid:900775415; rev:1;) alert tcp $HOME_NET any -> [190.34.215.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.215.74/; sid:900775413; rev:1;) alert tcp $HOME_NET any -> [78.186.71.119] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.71.119/; sid:900775411; rev:1;) alert tcp $HOME_NET any -> [75.139.212.94] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.212.94/; sid:900775410; rev:1;) alert tcp $HOME_NET any -> [187.167.66.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.66.31/; sid:900775407; rev:1;) alert tcp $HOME_NET any -> [187.243.193.143] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.193.143/; sid:900775401; rev:1;) alert tcp $HOME_NET any -> [187.153.108.92] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.108.92/; sid:900775399; rev:1;) alert tcp $HOME_NET any -> [189.249.2.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.249.2.181/; sid:900775398; rev:1;) alert tcp $HOME_NET any -> [181.164.188.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.188.27/; sid:900775396; rev:1;) alert tcp $HOME_NET any -> [187.178.89.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.89.60/; sid:900775393; rev:1;) alert tcp $HOME_NET any -> [179.62.226.22] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.226.22/; sid:900775391; rev:1;) alert tcp $HOME_NET any -> [190.55.118.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.118.192/; sid:900775390; rev:1;) alert tcp $HOME_NET any -> [187.137.46.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.46.18/; sid:900775389; rev:1;) alert tcp $HOME_NET any -> [71.174.233.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.174.233.71/; sid:900775388; rev:1;) alert tcp $HOME_NET any -> [200.110.85.138] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.110.85.138/; sid:900775387; rev:1;) alert tcp $HOME_NET any -> [64.32.70.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.32.70.194/; sid:900775386; rev:1;) alert tcp $HOME_NET any -> [187.131.137.216] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.137.216/; sid:900775385; rev:1;) alert tcp $HOME_NET any -> [174.84.250.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.84.250.37/; sid:900775384; rev:1;) alert tcp $HOME_NET any -> [190.183.39.78] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.39.78/; sid:900774805; rev:1;) alert tcp $HOME_NET any -> [118.130.116.170] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.130.116.170/; sid:900774803; rev:1;) alert tcp $HOME_NET any -> [50.93.34.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.93.34.66/; sid:900774802; rev:1;) alert tcp $HOME_NET any -> [61.76.180.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.76.180.18/; sid:900774790; rev:1;) alert tcp $HOME_NET any -> [71.42.166.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.166.139/; sid:900774788; rev:1;) alert tcp $HOME_NET any -> [174.56.183.132] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.183.132/; sid:900774787; rev:1;) alert tcp $HOME_NET any -> [182.23.3.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.3.227/; sid:900774780; rev:1;) alert tcp $HOME_NET any -> [155.186.224.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.186.224.38/; sid:900774777; rev:1;) alert tcp $HOME_NET any -> [67.254.13.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.13.154/; sid:900774776; rev:1;) alert tcp $HOME_NET any -> [115.97.108.67] 115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.97.108.67/; sid:900773687; rev:1;) alert tcp $HOME_NET any -> [173.68.169.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.169.16/; sid:900773518; rev:1;) alert tcp $HOME_NET any -> [201.137.6.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.6.108/; sid:900773502; rev:1;) alert tcp $HOME_NET any -> [186.10.76.19] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.76.19/; sid:900773501; rev:1;) alert tcp $HOME_NET any -> [201.184.67.10] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.67.10/; sid:900773500; rev:1;) alert tcp $HOME_NET any -> [187.163.204.187] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.204.187/; sid:900773499; rev:1;) alert tcp $HOME_NET any -> [210.79.77.131] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.79.77.131/; sid:900773498; rev:1;) alert tcp $HOME_NET any -> [186.42.119.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.119.26/; sid:900773497; rev:1;) alert tcp $HOME_NET any -> [100.35.190.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.190.8/; sid:900772596; rev:1;) alert tcp $HOME_NET any -> [204.197.152.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.197.152.162/; sid:900772594; rev:1;) alert tcp $HOME_NET any -> [38.27.109.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.27.109.250/; sid:900772582; rev:1;) alert tcp $HOME_NET any -> [70.123.237.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.237.77/; sid:900772576; rev:1;) alert tcp $HOME_NET any -> [173.63.66.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.66.10/; sid:900772575; rev:1;) alert tcp $HOME_NET any -> [159.118.77.61] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.118.77.61/; sid:900772574; rev:1;) alert tcp $HOME_NET any -> [86.98.45.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.45.135/; sid:900772573; rev:1;) alert tcp $HOME_NET any -> [67.20.236.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.20.236.21/; sid:900772567; rev:1;) alert tcp $HOME_NET any -> [96.37.137.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.137.42/; sid:900771318; rev:1;) alert tcp $HOME_NET any -> [40.132.40.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.132.40.83/; sid:900771316; rev:1;) alert tcp $HOME_NET any -> [97.96.130.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.96.130.176/; sid:900771315; rev:1;) alert tcp $HOME_NET any -> [24.228.124.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.228.124.151/; sid:900771314; rev:1;) alert tcp $HOME_NET any -> [79.75.233.224] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.75.233.224/; sid:900771311; rev:1;) alert tcp $HOME_NET any -> [184.54.110.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.54.110.31/; sid:900771307; rev:1;) alert tcp $HOME_NET any -> [12.195.47.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.195.47.98/; sid:900771306; rev:1;) alert tcp $HOME_NET any -> [76.94.226.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.226.173/; sid:900771302; rev:1;) alert tcp $HOME_NET any -> [181.1.124.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.1.124.16/; sid:900771301; rev:1;) alert tcp $HOME_NET any -> [98.175.156.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.156.154/; sid:900771296; rev:1;) alert tcp $HOME_NET any -> [47.224.42.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.224.42.17/; sid:900771295; rev:1;) alert tcp $HOME_NET any -> [24.155.49.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.155.49.236/; sid:900771294; rev:1;) alert tcp $HOME_NET any -> [104.228.227.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.228.227.210/; sid:900771293; rev:1;) alert tcp $HOME_NET any -> [50.245.173.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.245.173.58/; sid:900771292; rev:1;) alert tcp $HOME_NET any -> [189.236.235.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.235.73/; sid:900771291; rev:1;) alert tcp $HOME_NET any -> [76.113.130.72] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.113.130.72/; sid:900771290; rev:1;) alert tcp $HOME_NET any -> [63.227.80.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.227.80.10/; sid:900771289; rev:1;) alert tcp $HOME_NET any -> [98.31.4.186] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.31.4.186/; sid:900771288; rev:1;) alert tcp $HOME_NET any -> [70.184.86.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.86.103/; sid:900771287; rev:1;) alert tcp $HOME_NET any -> [110.105.32.115] 24950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.32.115/; sid:900771028; rev:1;) alert tcp $HOME_NET any -> [97.32.111.116] 25443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.111.116/; sid:900771027; rev:1;) alert tcp $HOME_NET any -> [32.115.101.104] 29281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.115.101.104/; sid:900770898; rev:1;) alert tcp $HOME_NET any -> [32.121.116.112] 24941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.121.116.112/; sid:900770897; rev:1;) alert tcp $HOME_NET any -> [104.99.116.97] 28448 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.99.116.97/; sid:900770895; rev:1;) alert tcp $HOME_NET any -> [46.116.99.101] 2570 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.116.99.101/; sid:900770896; rev:1;) alert tcp $HOME_NET any -> [115.110.114.117] 24864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.110.114.117/; sid:900770894; rev:1;) alert tcp $HOME_NET any -> [114.111.116.97] 29216 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.111.116.97/; sid:900770893; rev:1;) alert tcp $HOME_NET any -> [32.101.104.116] 29801 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.104.116/; sid:900770892; rev:1;) alert tcp $HOME_NET any -> [116.97.109.32] 26723 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.97.109.32/; sid:900770891; rev:1;) alert tcp $HOME_NET any -> [32.114.111.70] 24933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.114.111.70/; sid:900770890; rev:1;) alert tcp $HOME_NET any -> [32.32.32.32] 8224 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.32.32.32/; sid:900770888; rev:1;) alert tcp $HOME_NET any -> [110.105.114.116] 11879 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.114.116/; sid:900770889; rev:1;) alert tcp $HOME_NET any -> [116.32.110.105] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.32.110.105/; sid:900770887; rev:1;) alert tcp $HOME_NET any -> [99.116.97.109] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.116.97.109/; sid:900770886; rev:1;) alert tcp $HOME_NET any -> [112.112.97.108] 28265 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.112.97.108/; sid:900770885; rev:1;) alert tcp $HOME_NET any -> [196.131.2.96] 33548 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.2.96/; sid:900770756; rev:1;) alert tcp $HOME_NET any -> [80.82.81.88] 5631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.81.88/; sid:900770755; rev:1;) alert tcp $HOME_NET any -> [200.114.142.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.15/; sid:900770110; rev:1;) alert tcp $HOME_NET any -> [98.238.127.216] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.238.127.216/; sid:900770103; rev:1;) alert tcp $HOME_NET any -> [201.124.46.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.46.8/; sid:900770092; rev:1;) alert tcp $HOME_NET any -> [186.15.180.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.180.71/; sid:900770091; rev:1;) alert tcp $HOME_NET any -> [162.247.42.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.42.61/; sid:900770090; rev:1;) alert tcp $HOME_NET any -> [201.183.238.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.238.18/; sid:900770089; rev:1;) alert tcp $HOME_NET any -> [70.24.147.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.245/; sid:900770087; rev:1;) alert tcp $HOME_NET any -> [189.251.40.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.251.40.71/; sid:900770086; rev:1;) alert tcp $HOME_NET any -> [208.180.246.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.246.147/; sid:900770085; rev:1;) alert tcp $HOME_NET any -> [88.225.226.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.226.91/; sid:900770084; rev:1;) alert tcp $HOME_NET any -> [179.62.48.123] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.48.123/; sid:900770083; rev:1;) alert tcp $HOME_NET any -> [82.218.163.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.218.163.254/; sid:900769510; rev:1;) alert tcp $HOME_NET any -> [71.40.213.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.40.213.82/; sid:900769505; rev:1;) alert tcp $HOME_NET any -> [168.226.35.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.226.35.218/; sid:900769503; rev:1;) alert tcp $HOME_NET any -> [174.96.202.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.202.70/; sid:900769500; rev:1;) alert tcp $HOME_NET any -> [190.85.8.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.155/; sid:900769495; rev:1;) alert tcp $HOME_NET any -> [190.191.218.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.218.44/; sid:900769494; rev:1;) alert tcp $HOME_NET any -> [98.189.192.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.189.192.183/; sid:900769484; rev:1;) alert tcp $HOME_NET any -> [70.118.28.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.28.174/; sid:900769483; rev:1;) alert tcp $HOME_NET any -> [189.147.12.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.12.211/; sid:900769482; rev:1;) alert tcp $HOME_NET any -> [190.92.58.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.58.150/; sid:900769481; rev:1;) alert tcp $HOME_NET any -> [94.155.113.12] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.155.113.12/; sid:900769480; rev:1;) alert tcp $HOME_NET any -> [190.154.155.34] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.155.34/; sid:900769479; rev:1;) alert tcp $HOME_NET any -> [129.24.37.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.24.37.8/; sid:900769475; rev:1;) alert tcp $HOME_NET any -> [87.106.210.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.210.123/; sid:900769472; rev:1;) alert tcp $HOME_NET any -> [50.198.42.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.198.42.246/; sid:900769463; rev:1;) alert tcp $HOME_NET any -> [86.98.217.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.217.63/; sid:900769455; rev:1;) alert tcp $HOME_NET any -> [181.119.30.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.36/; sid:900769454; rev:1;) alert tcp $HOME_NET any -> [181.119.30.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.28/; sid:900769453; rev:1;) alert tcp $HOME_NET any -> [63.116.14.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.116.14.206/; sid:900769452; rev:1;) alert tcp $HOME_NET any -> [216.255.17.231] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.255.17.231/; sid:900769450; rev:1;) alert tcp $HOME_NET any -> [64.19.74.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.74.49/; sid:900769448; rev:1;) alert tcp $HOME_NET any -> [201.122.94.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.122.94.84/; sid:900768773; rev:1;) alert tcp $HOME_NET any -> [186.10.243.34] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.34/; sid:900768772; rev:1;) alert tcp $HOME_NET any -> [123.168.4.66] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.168.4.66/; sid:900768769; rev:1;) alert tcp $HOME_NET any -> [187.148.77.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.77.84/; sid:900768767; rev:1;) alert tcp $HOME_NET any -> [181.56.165.97] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.165.97/; sid:900768765; rev:1;) alert tcp $HOME_NET any -> [186.68.100.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.100.2/; sid:900768764; rev:1;) alert tcp $HOME_NET any -> [209.159.244.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.159.244.240/; sid:900768763; rev:1;) alert tcp $HOME_NET any -> [23.233.240.77] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.240.77/; sid:900768761; rev:1;) alert tcp $HOME_NET any -> [190.117.226.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.226.104/; sid:900768758; rev:1;) alert tcp $HOME_NET any -> [194.154.80.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.154.80.106/; sid:900768752; rev:1;) alert tcp $HOME_NET any -> [201.204.44.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.204.44.101/; sid:900768751; rev:1;) alert tcp $HOME_NET any -> [184.15.10.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.15.10.139/; sid:900768750; rev:1;) alert tcp $HOME_NET any -> [70.114.194.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.114.194.228/; sid:900768749; rev:1;) alert tcp $HOME_NET any -> [189.166.103.82] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.103.82/; sid:900768748; rev:1;) alert tcp $HOME_NET any -> [70.177.115.200] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.177.115.200/; sid:900768747; rev:1;) alert tcp $HOME_NET any -> [74.62.89.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.89.170/; sid:900768746; rev:1;) alert tcp $HOME_NET any -> [173.94.53.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.53.3/; sid:900768745; rev:1;) alert tcp $HOME_NET any -> [181.29.214.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.214.233/; sid:900768744; rev:1;) alert tcp $HOME_NET any -> [212.83.51.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.51.248/; sid:900768743; rev:1;) alert tcp $HOME_NET any -> [64.228.72.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.72.40/; sid:900768739; rev:1;) alert tcp $HOME_NET any -> [72.84.179.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.179.218/; sid:900768738; rev:1;) alert tcp $HOME_NET any -> [138.201.140.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.140.110/; sid:900768736; rev:1;) alert tcp $HOME_NET any -> [70.115.70.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.70.154/; sid:900768729; rev:1;) alert tcp $HOME_NET any -> [99.139.140.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.139.140.129/; sid:900768728; rev:1;) alert tcp $HOME_NET any -> [96.20.172.107] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.172.107/; sid:900768726; rev:1;) alert tcp $HOME_NET any -> [68.195.129.139] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.195.129.139/; sid:900768720; rev:1;) alert tcp $HOME_NET any -> [172.98.243.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.98.243.40/; sid:900768719; rev:1;) alert tcp $HOME_NET any -> [24.243.160.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.160.247/; sid:900768718; rev:1;) alert tcp $HOME_NET any -> [66.193.130.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.193.130.13/; sid:900768717; rev:1;) alert tcp $HOME_NET any -> [70.116.68.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.116.68.186/; sid:900768716; rev:1;) alert tcp $HOME_NET any -> [191.92.83.137] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.83.137/; sid:900768715; rev:1;) alert tcp $HOME_NET any -> [71.41.68.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.41.68.158/; sid:900768714; rev:1;) alert tcp $HOME_NET any -> [189.150.140.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.140.28/; sid:900768713; rev:1;) alert tcp $HOME_NET any -> [107.10.49.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.49.252/; sid:900768712; rev:1;) alert tcp $HOME_NET any -> [24.151.31.150] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.151.31.150/; sid:900768711; rev:1;) alert tcp $HOME_NET any -> [187.145.0.129] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.145.0.129/; sid:900768710; rev:1;) alert tcp $HOME_NET any -> [201.212.113.14] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.113.14/; sid:900768708; rev:1;) alert tcp $HOME_NET any -> [90.63.245.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.245.70/; sid:900768707; rev:1;) alert tcp $HOME_NET any -> [66.209.69.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.209.69.165/; sid:900768705; rev:1;) alert tcp $HOME_NET any -> [80.15.172.81] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.172.81/; sid:900768703; rev:1;) alert tcp $HOME_NET any -> [76.94.36.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.36.57/; sid:900768701; rev:1;) alert tcp $HOME_NET any -> [189.173.176.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.176.115/; sid:900768700; rev:1;) alert tcp $HOME_NET any -> [189.183.68.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.68.180/; sid:900768698; rev:1;) alert tcp $HOME_NET any -> [190.96.172.225] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.172.225/; sid:900768695; rev:1;) alert tcp $HOME_NET any -> [75.110.229.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.229.201/; sid:900768692; rev:1;) alert tcp $HOME_NET any -> [74.62.52.222] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.52.222/; sid:900768690; rev:1;) alert tcp $HOME_NET any -> [186.72.205.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.72.205.234/; sid:900768689; rev:1;) alert tcp $HOME_NET any -> [12.6.183.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.6.183.21/; sid:900768688; rev:1;) alert tcp $HOME_NET any -> [74.45.170.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.45.170.110/; sid:900768687; rev:1;) alert tcp $HOME_NET any -> [192.163.199.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.199.254/; sid:900768683; rev:1;) alert tcp $HOME_NET any -> [51.255.50.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.50.164/; sid:900768682; rev:1;) alert tcp $HOME_NET any -> [181.167.251.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.251.10/; sid:900768681; rev:1;) alert tcp $HOME_NET any -> [64.40.163.8] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.163.8/; sid:900768680; rev:1;) alert tcp $HOME_NET any -> [189.178.109.181] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.109.181/; sid:900768679; rev:1;) alert tcp $HOME_NET any -> [99.242.223.226] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.242.223.226/; sid:900768677; rev:1;) alert tcp $HOME_NET any -> [70.64.76.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.76.71/; sid:900768676; rev:1;) alert tcp $HOME_NET any -> [192.92.6.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.92.6.125/; sid:900768674; rev:1;) alert tcp $HOME_NET any -> [24.123.39.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.39.18/; sid:900768671; rev:1;) alert tcp $HOME_NET any -> [24.185.185.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.185.185.187/; sid:900768670; rev:1;) alert tcp $HOME_NET any -> [184.176.38.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.38.146/; sid:900768669; rev:1;) alert tcp $HOME_NET any -> [24.153.169.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.153.169.62/; sid:900768666; rev:1;) alert tcp $HOME_NET any -> [62.75.187.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.187.192/; sid:900768664; rev:1;) alert tcp $HOME_NET any -> [75.99.7.18] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.7.18/; sid:900768662; rev:1;) alert tcp $HOME_NET any -> [133.242.164.31] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.164.31/; sid:900768658; rev:1;) alert tcp $HOME_NET any -> [173.255.250.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.250.241/; sid:900768657; rev:1;) alert tcp $HOME_NET any -> [24.243.123.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.123.25/; sid:900768656; rev:1;) alert tcp $HOME_NET any -> [187.198.33.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.33.171/; sid:900768655; rev:1;) alert tcp $HOME_NET any -> [58.252.57.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.252.57.205/; sid:900768654; rev:1;) alert tcp $HOME_NET any -> [187.137.179.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.179.93/; sid:900768653; rev:1;) alert tcp $HOME_NET any -> [47.23.77.70] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.77.70/; sid:900768652; rev:1;) alert tcp $HOME_NET any -> [137.27.168.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.27.168.194/; sid:900768651; rev:1;) alert tcp $HOME_NET any -> [172.248.21.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.21.6/; sid:900768650; rev:1;) alert tcp $HOME_NET any -> [173.21.116.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.116.239/; sid:900768649; rev:1;) alert tcp $HOME_NET any -> [73.194.61.246] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.194.61.246/; sid:900768648; rev:1;) alert tcp $HOME_NET any -> [73.186.92.178] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.186.92.178/; sid:900768647; rev:1;) alert tcp $HOME_NET any -> [69.34.13.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.34.13.8/; sid:900766417; rev:1;) alert tcp $HOME_NET any -> [50.192.66.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.66.204/; sid:900766416; rev:1;) alert tcp $HOME_NET any -> [71.42.6.29] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.6.29/; sid:900766415; rev:1;) alert tcp $HOME_NET any -> [47.182.88.196] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.182.88.196/; sid:900766414; rev:1;) alert tcp $HOME_NET any -> [70.110.29.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.110.29.159/; sid:900766413; rev:1;) alert tcp $HOME_NET any -> [174.80.166.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.80.166.76/; sid:900766412; rev:1;) alert tcp $HOME_NET any -> [184.21.176.126] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.21.176.126/; sid:900766411; rev:1;) alert tcp $HOME_NET any -> [173.73.83.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.73.83.146/; sid:900766410; rev:1;) alert tcp $HOME_NET any -> [190.75.114.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.114.47/; sid:900765939; rev:1;) alert tcp $HOME_NET any -> [201.192.163.160] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.163.160/; sid:900765938; rev:1;) alert tcp $HOME_NET any -> [181.120.220.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.220.100/; sid:900765937; rev:1;) alert tcp $HOME_NET any -> [190.181.58.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.181.58.202/; sid:900765935; rev:1;) alert tcp $HOME_NET any -> [80.209.136.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.209.136.169/; sid:900765934; rev:1;) alert tcp $HOME_NET any -> [186.4.127.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.127.72/; sid:900765933; rev:1;) alert tcp $HOME_NET any -> [187.147.145.48] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.145.48/; sid:900765932; rev:1;) alert tcp $HOME_NET any -> [189.237.155.109] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.155.109/; sid:900765928; rev:1;) alert tcp $HOME_NET any -> [190.147.42.32] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.42.32/; sid:900765926; rev:1;) alert tcp $HOME_NET any -> [187.153.104.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.104.216/; sid:900765925; rev:1;) alert tcp $HOME_NET any -> [92.27.88.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.88.150/; sid:900765924; rev:1;) alert tcp $HOME_NET any -> [197.83.195.16] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.195.16/; sid:900765921; rev:1;) alert tcp $HOME_NET any -> [5.102.165.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.102.165.159/; sid:900765920; rev:1;) alert tcp $HOME_NET any -> [181.143.18.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.18.91/; sid:900765919; rev:1;) alert tcp $HOME_NET any -> [201.252.219.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.252.219.139/; sid:900765918; rev:1;) alert tcp $HOME_NET any -> [190.201.26.83] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.26.83/; sid:900765916; rev:1;) alert tcp $HOME_NET any -> [187.176.75.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.75.99/; sid:900765915; rev:1;) alert tcp $HOME_NET any -> [189.186.65.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.65.188/; sid:900765912; rev:1;) alert tcp $HOME_NET any -> [201.152.106.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.106.10/; sid:900765911; rev:1;) alert tcp $HOME_NET any -> [181.171.12.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.12.139/; sid:900765909; rev:1;) alert tcp $HOME_NET any -> [200.114.155.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.155.143/; sid:900765910; rev:1;) alert tcp $HOME_NET any -> [201.212.149.191] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.149.191/; sid:900765908; rev:1;) alert tcp $HOME_NET any -> [190.85.71.218] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.71.218/; sid:900765907; rev:1;) alert tcp $HOME_NET any -> [190.96.217.129] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.217.129/; sid:900765905; rev:1;) alert tcp $HOME_NET any -> [157.100.238.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.100.238.225/; sid:900765904; rev:1;) alert tcp $HOME_NET any -> [201.235.149.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.149.157/; sid:900765903; rev:1;) alert tcp $HOME_NET any -> [200.236.100.14] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.100.14/; sid:900765902; rev:1;) alert tcp $HOME_NET any -> [186.138.14.44] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.14.44/; sid:900765899; rev:1;) alert tcp $HOME_NET any -> [78.32.147.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.32.147.100/; sid:900765901; rev:1;) alert tcp $HOME_NET any -> [189.252.169.43] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.169.43/; sid:900765898; rev:1;) alert tcp $HOME_NET any -> [186.146.235.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.235.8/; sid:900765897; rev:1;) alert tcp $HOME_NET any -> [187.162.172.254] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.172.254/; sid:900765896; rev:1;) alert tcp $HOME_NET any -> [181.45.185.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.185.68/; sid:900765895; rev:1;) alert tcp $HOME_NET any -> [189.137.139.190] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.137.139.190/; sid:900765891; rev:1;) alert tcp $HOME_NET any -> [200.77.120.234] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.77.120.234/; sid:900765890; rev:1;) alert tcp $HOME_NET any -> [200.127.229.182] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.229.182/; sid:900765889; rev:1;) alert tcp $HOME_NET any -> [187.207.114.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.114.26/; sid:900765888; rev:1;) alert tcp $HOME_NET any -> [86.4.88.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.4.88.6/; sid:900765887; rev:1;) alert tcp $HOME_NET any -> [201.153.98.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.98.202/; sid:900765886; rev:1;) alert tcp $HOME_NET any -> [201.103.128.207] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.128.207/; sid:900765885; rev:1;) alert tcp $HOME_NET any -> [201.175.70.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.175.70.250/; sid:900765884; rev:1;) alert tcp $HOME_NET any -> [187.207.97.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.97.27/; sid:900765883; rev:1;) alert tcp $HOME_NET any -> [181.143.99.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.99.26/; sid:900765882; rev:1;) alert tcp $HOME_NET any -> [66.130.129.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.130.129.10/; sid:900765591; rev:1;) alert tcp $HOME_NET any -> [2.50.144.32] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.144.32/; sid:900765589; rev:1;) alert tcp $HOME_NET any -> [189.237.108.33] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.108.33/; sid:900765585; rev:1;) alert tcp $HOME_NET any -> [94.76.200.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.76.200.114/; sid:900765579; rev:1;) alert tcp $HOME_NET any -> [212.25.55.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.25.55.70/; sid:900765578; rev:1;) alert tcp $HOME_NET any -> [179.159.20.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.159.20.70/; sid:900765575; rev:1;) alert tcp $HOME_NET any -> [114.143.192.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.192.242/; sid:900765574; rev:1;) alert tcp $HOME_NET any -> [197.44.171.13] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.44.171.13/; sid:900765573; rev:1;) alert tcp $HOME_NET any -> [152.170.155.182] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.155.182/; sid:900765572; rev:1;) alert tcp $HOME_NET any -> [190.213.249.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.213.249.250/; sid:900765569; rev:1;) alert tcp $HOME_NET any -> [2.50.57.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.57.180/; sid:900765570; rev:1;) alert tcp $HOME_NET any -> [83.110.100.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.100.150/; sid:900765568; rev:1;) alert tcp $HOME_NET any -> [181.119.30.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.26/; sid:900765567; rev:1;) alert tcp $HOME_NET any -> [2.50.148.99] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.148.99/; sid:900765565; rev:1;) alert tcp $HOME_NET any -> [152.231.88.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.88.114/; sid:900765564; rev:1;) alert tcp $HOME_NET any -> [105.247.123.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.123.133/; sid:900765562; rev:1;) alert tcp $HOME_NET any -> [187.144.192.126] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.192.126/; sid:900765558; rev:1;) alert tcp $HOME_NET any -> [91.74.62.86] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.62.86/; sid:900765557; rev:1;) alert tcp $HOME_NET any -> [67.223.128.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.223.128.207/; sid:900765552; rev:1;) alert tcp $HOME_NET any -> [189.141.224.222] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.224.222/; sid:900765551; rev:1;) alert tcp $HOME_NET any -> [2.50.28.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.28.190/; sid:900765550; rev:1;) alert tcp $HOME_NET any -> [111.93.37.6] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.93.37.6/; sid:900765547; rev:1;) alert tcp $HOME_NET any -> [187.152.81.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.152.81.36/; sid:900765546; rev:1;) alert tcp $HOME_NET any -> [189.232.16.132] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.232.16.132/; sid:900765545; rev:1;) alert tcp $HOME_NET any -> [153.121.36.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.121.36.202/; sid:900765543; rev:1;) alert tcp $HOME_NET any -> [148.101.130.84] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.101.130.84/; sid:900765542; rev:1;) alert tcp $HOME_NET any -> [181.129.16.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.16.82/; sid:900765541; rev:1;) alert tcp $HOME_NET any -> [189.234.6.229] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.6.229/; sid:900765540; rev:1;) alert tcp $HOME_NET any -> [201.137.4.91] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.4.91/; sid:900765538; rev:1;) alert tcp $HOME_NET any -> [85.105.145.205] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.145.205/; sid:900765539; rev:1;) alert tcp $HOME_NET any -> [189.190.83.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.83.34/; sid:900765537; rev:1;) alert tcp $HOME_NET any -> [187.240.45.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.240.45.54/; sid:900765536; rev:1;) alert tcp $HOME_NET any -> [201.183.239.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.239.117/; sid:900765535; rev:1;) alert tcp $HOME_NET any -> [187.207.136.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.122/; sid:900765534; rev:1;) alert tcp $HOME_NET any -> [191.98.77.181] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.77.181/; sid:900765533; rev:1;) alert tcp $HOME_NET any -> [189.131.147.21] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.147.21/; sid:900763840; rev:1;) alert tcp $HOME_NET any -> [181.129.44.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.44.226/; sid:900763829; rev:1;) alert tcp $HOME_NET any -> [201.103.250.229] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.250.229/; sid:900763825; rev:1;) alert tcp $HOME_NET any -> [187.207.31.55] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.31.55/; sid:900763822; rev:1;) alert tcp $HOME_NET any -> [187.202.255.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.202.255.212/; sid:900763809; rev:1;) alert tcp $HOME_NET any -> [187.135.41.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.41.161/; sid:900763799; rev:1;) alert tcp $HOME_NET any -> [190.84.42.113] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.42.113/; sid:900763798; rev:1;) alert tcp $HOME_NET any -> [201.153.129.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.129.173/; sid:900763797; rev:1;) alert tcp $HOME_NET any -> [185.53.134.131] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.134.131/; sid:900763796; rev:1;) alert tcp $HOME_NET any -> [2.50.178.247] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.178.247/; sid:900763795; rev:1;) alert tcp $HOME_NET any -> [37.98.114.178] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.98.114.178/; sid:900763794; rev:1;) alert tcp $HOME_NET any -> [189.228.229.106] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.229.106/; sid:900763793; rev:1;) alert tcp $HOME_NET any -> [187.132.35.20] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.132.35.20/; sid:900763792; rev:1;) alert tcp $HOME_NET any -> [200.239.37.237] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.239.37.237/; sid:900763791; rev:1;) alert tcp $HOME_NET any -> [189.170.20.198] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.170.20.198/; sid:900763790; rev:1;) alert tcp $HOME_NET any -> [181.49.96.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.96.250/; sid:900763734; rev:1;) alert tcp $HOME_NET any -> [190.25.54.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.54.18/; sid:900763733; rev:1;) alert tcp $HOME_NET any -> [148.240.70.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.70.74/; sid:900763732; rev:1;) alert tcp $HOME_NET any -> [138.122.96.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.96.100/; sid:900763730; rev:1;) alert tcp $HOME_NET any -> [189.205.123.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.123.101/; sid:900763729; rev:1;) alert tcp $HOME_NET any -> [181.49.236.174] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.236.174/; sid:900763728; rev:1;) alert tcp $HOME_NET any -> [190.160.8.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.160.8.4/; sid:900763725; rev:1;) alert tcp $HOME_NET any -> [181.175.23.114] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.23.114/; sid:900763721; rev:1;) alert tcp $HOME_NET any -> [167.0.166.227] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.0.166.227/; sid:900763720; rev:1;) alert tcp $HOME_NET any -> [190.26.98.130] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.26.98.130/; sid:900763718; rev:1;) alert tcp $HOME_NET any -> [138.59.18.169] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.18.169/; sid:900763716; rev:1;) alert tcp $HOME_NET any -> [184.68.59.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.59.166/; sid:900763715; rev:1;) alert tcp $HOME_NET any -> [200.111.255.89] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.255.89/; sid:900763714; rev:1;) alert tcp $HOME_NET any -> [200.105.211.46] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.211.46/; sid:900763713; rev:1;) alert tcp $HOME_NET any -> [190.154.42.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.42.107/; sid:900763711; rev:1;) alert tcp $HOME_NET any -> [45.45.77.43] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.45.77.43/; sid:900763709; rev:1;) alert tcp $HOME_NET any -> [200.117.244.36] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.117.244.36/; sid:900763706; rev:1;) alert tcp $HOME_NET any -> [69.70.238.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.238.170/; sid:900763702; rev:1;) alert tcp $HOME_NET any -> [186.70.105.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.105.27/; sid:900763701; rev:1;) alert tcp $HOME_NET any -> [24.146.61.59] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.61.59/; sid:900763700; rev:1;) alert tcp $HOME_NET any -> [190.158.241.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.241.119/; sid:900763698; rev:1;) alert tcp $HOME_NET any -> [190.128.27.233] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.27.233/; sid:900763697; rev:1;) alert tcp $HOME_NET any -> [69.70.236.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.236.34/; sid:900763696; rev:1;) alert tcp $HOME_NET any -> [96.21.235.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.235.163/; sid:900763695; rev:1;) alert tcp $HOME_NET any -> [142.46.245.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.46.245.2/; sid:900763694; rev:1;) alert tcp $HOME_NET any -> [189.223.4.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.4.181/; sid:900763691; rev:1;) alert tcp $HOME_NET any -> [186.71.23.165] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.23.165/; sid:900763690; rev:1;) alert tcp $HOME_NET any -> [201.146.215.137] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.215.137/; sid:900763689; rev:1;) alert tcp $HOME_NET any -> [24.66.53.180] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.66.53.180/; sid:900763687; rev:1;) alert tcp $HOME_NET any -> [148.240.65.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.65.44/; sid:900763686; rev:1;) alert tcp $HOME_NET any -> [187.155.130.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.130.72/; sid:900763685; rev:1;) alert tcp $HOME_NET any -> [190.183.58.190] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.190/; sid:900763684; rev:1;) alert tcp $HOME_NET any -> [81.82.203.76] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.82.203.76/; sid:900763683; rev:1;) alert tcp $HOME_NET any -> [201.194.127.211] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.194.127.211/; sid:900763682; rev:1;) alert tcp $HOME_NET any -> [186.75.241.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.241.230/; sid:900761674; rev:1;) alert tcp $HOME_NET any -> [186.19.202.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.202.88/; sid:900761664; rev:1;) alert tcp $HOME_NET any -> [179.8.99.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.99.239/; sid:900761657; rev:1;) alert tcp $HOME_NET any -> [119.235.90.232] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.235.90.232/; sid:900761654; rev:1;) alert tcp $HOME_NET any -> [152.231.224.62] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.224.62/; sid:900761644; rev:1;) alert tcp $HOME_NET any -> [85.99.247.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.247.228/; sid:900761636; rev:1;) alert tcp $HOME_NET any -> [201.130.123.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.123.206/; sid:900761620; rev:1;) alert tcp $HOME_NET any -> [189.149.181.61] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.181.61/; sid:900761619; rev:1;) alert tcp $HOME_NET any -> [187.233.137.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.137.90/; sid:900761618; rev:1;) alert tcp $HOME_NET any -> [190.57.232.244] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.232.244/; sid:900760781; rev:1;) alert tcp $HOME_NET any -> [201.180.46.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.180.46.22/; sid:900760779; rev:1;) alert tcp $HOME_NET any -> [186.114.207.82] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.207.82/; sid:900760777; rev:1;) alert tcp $HOME_NET any -> [181.129.30.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.30.82/; sid:900760775; rev:1;) alert tcp $HOME_NET any -> [181.225.14.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.225.14.209/; sid:900760771; rev:1;) alert tcp $HOME_NET any -> [186.120.159.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.159.140/; sid:900760770; rev:1;) alert tcp $HOME_NET any -> [51.148.59.233] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.148.59.233/; sid:900760768; rev:1;) alert tcp $HOME_NET any -> [201.190.204.249] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.204.249/; sid:900760766; rev:1;) alert tcp $HOME_NET any -> [186.137.145.245] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.145.245/; sid:900760765; rev:1;) alert tcp $HOME_NET any -> [175.205.73.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.205.73.49/; sid:900760764; rev:1;) alert tcp $HOME_NET any -> [148.103.82.211] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.82.211/; sid:900760763; rev:1;) alert tcp $HOME_NET any -> [24.48.215.63] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.48.215.63/; sid:900760762; rev:1;) alert tcp $HOME_NET any -> [190.72.239.156] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.239.156/; sid:900760761; rev:1;) alert tcp $HOME_NET any -> [89.211.147.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.147.250/; sid:900760760; rev:1;) alert tcp $HOME_NET any -> [109.121.205.213] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.121.205.213/; sid:900760759; rev:1;) alert tcp $HOME_NET any -> [190.97.63.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.63.104/; sid:900760757; rev:1;) alert tcp $HOME_NET any -> [190.247.62.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.247.62.93/; sid:900760756; rev:1;) alert tcp $HOME_NET any -> [207.167.7.141] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.167.7.141/; sid:900760754; rev:1;) alert tcp $HOME_NET any -> [190.98.58.170] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.98.58.170/; sid:900760753; rev:1;) alert tcp $HOME_NET any -> [86.56.233.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.56.233.166/; sid:900760750; rev:1;) alert tcp $HOME_NET any -> [181.189.212.120] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.212.120/; sid:900760749; rev:1;) alert tcp $HOME_NET any -> [186.108.174.175] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.108.174.175/; sid:900760744; rev:1;) alert tcp $HOME_NET any -> [186.113.19.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.170/; sid:900760743; rev:1;) alert tcp $HOME_NET any -> [191.92.81.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.81.199/; sid:900760742; rev:1;) alert tcp $HOME_NET any -> [184.149.7.49] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.7.49/; sid:900760741; rev:1;) alert tcp $HOME_NET any -> [190.183.58.155] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.155/; sid:900760740; rev:1;) alert tcp $HOME_NET any -> [186.118.161.100] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.118.161.100/; sid:900760738; rev:1;) alert tcp $HOME_NET any -> [190.24.243.186] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.24.243.186/; sid:900760736; rev:1;) alert tcp $HOME_NET any -> [201.212.241.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.241.162/; sid:900760735; rev:1;) alert tcp $HOME_NET any -> [186.94.231.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.94.231.146/; sid:900760733; rev:1;) alert tcp $HOME_NET any -> [181.58.47.34] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.58.47.34/; sid:900760732; rev:1;) alert tcp $HOME_NET any -> [148.103.7.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.7.35/; sid:900760730; rev:1;) alert tcp $HOME_NET any -> [137.74.173.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.173.19/; sid:900760728; rev:1;) alert tcp $HOME_NET any -> [41.32.82.216] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.32.82.216/; sid:900760727; rev:1;) alert tcp $HOME_NET any -> [41.202.77.180] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.202.77.180/; sid:900760726; rev:1;) alert tcp $HOME_NET any -> [217.86.203.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.86.203.2/; sid:900760725; rev:1;) alert tcp $HOME_NET any -> [86.42.254.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.254.71/; sid:900760724; rev:1;) alert tcp $HOME_NET any -> [193.239.235.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.209/; sid:900760723; rev:1;) alert tcp $HOME_NET any -> [189.253.39.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.39.50/; sid:900760721; rev:1;) alert tcp $HOME_NET any -> [128.234.43.30] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.234.43.30/; sid:900760720; rev:1;) alert tcp $HOME_NET any -> [206.248.110.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.248.110.184/; sid:900760719; rev:1;) alert tcp $HOME_NET any -> [182.180.170.72] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.170.72/; sid:900760718; rev:1;) alert tcp $HOME_NET any -> [187.163.60.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.60.63/; sid:900760660; rev:1;) alert tcp $HOME_NET any -> [170.83.53.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.83.53.71/; sid:900760659; rev:1;) alert tcp $HOME_NET any -> [182.72.25.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.72.25.180/; sid:900760658; rev:1;) alert tcp $HOME_NET any -> [78.189.109.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.109.123/; sid:900760656; rev:1;) alert tcp $HOME_NET any -> [190.104.191.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.191.159/; sid:900760655; rev:1;) alert tcp $HOME_NET any -> [191.99.120.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.120.221/; sid:900760654; rev:1;) alert tcp $HOME_NET any -> [187.188.41.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.41.242/; sid:900760651; rev:1;) alert tcp $HOME_NET any -> [99.234.216.14] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.234.216.14/; sid:900760650; rev:1;) alert tcp $HOME_NET any -> [186.136.185.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.185.11/; sid:900760647; rev:1;) alert tcp $HOME_NET any -> [190.44.204.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.204.143/; sid:900760646; rev:1;) alert tcp $HOME_NET any -> [77.44.120.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.120.62/; sid:900760644; rev:1;) alert tcp $HOME_NET any -> [186.68.199.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.199.71/; sid:900760643; rev:1;) alert tcp $HOME_NET any -> [187.228.133.187] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.133.187/; sid:900760642; rev:1;) alert tcp $HOME_NET any -> [54.37.5.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.5.200/; sid:900760640; rev:1;) alert tcp $HOME_NET any -> [94.73.197.123] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.73.197.123/; sid:900760639; rev:1;) alert tcp $HOME_NET any -> [200.43.231.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.231.60/; sid:900760638; rev:1;) alert tcp $HOME_NET any -> [189.252.30.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.30.160/; sid:900760634; rev:1;) alert tcp $HOME_NET any -> [190.57.130.142] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.130.142/; sid:900760633; rev:1;) alert tcp $HOME_NET any -> [187.206.202.129] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.206.202.129/; sid:900760630; rev:1;) alert tcp $HOME_NET any -> [51.77.111.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.111.116/; sid:900760629; rev:1;) alert tcp $HOME_NET any -> [200.58.78.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.78/; sid:900760628; rev:1;) alert tcp $HOME_NET any -> [88.253.236.157] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.236.157/; sid:900760626; rev:1;) alert tcp $HOME_NET any -> [190.179.117.181] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.179.117.181/; sid:900760624; rev:1;) alert tcp $HOME_NET any -> [181.114.107.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.107.154/; sid:900760622; rev:1;) alert tcp $HOME_NET any -> [181.59.253.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.59.253.20/; sid:900760621; rev:1;) alert tcp $HOME_NET any -> [189.228.123.79] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.123.79/; sid:900760620; rev:1;) alert tcp $HOME_NET any -> [109.170.141.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.141.120/; sid:900760619; rev:1;) alert tcp $HOME_NET any -> [179.62.18.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.18.56/; sid:900760618; rev:1;) alert tcp $HOME_NET any -> [158.174.130.145] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.174.130.145/; sid:900760617; rev:1;) alert tcp $HOME_NET any -> [198.46.157.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.157.252/; sid:900760614; rev:1;) alert tcp $HOME_NET any -> [96.20.46.60] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.46.60/; sid:900760613; rev:1;) alert tcp $HOME_NET any -> [181.13.229.35] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.229.35/; sid:900760612; rev:1;) alert tcp $HOME_NET any -> [186.19.62.24] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.62.24/; sid:900760611; rev:1;) alert tcp $HOME_NET any -> [189.250.153.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.153.215/; sid:900760610; rev:1;) alert tcp $HOME_NET any -> [200.68.61.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.61.242/; sid:900760609; rev:1;) alert tcp $HOME_NET any -> [186.176.25.133] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.25.133/; sid:900760608; rev:1;) alert tcp $HOME_NET any -> [75.159.115.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.115.228/; sid:900760607; rev:1;) alert tcp $HOME_NET any -> [190.216.238.62] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.216.238.62/; sid:900760606; rev:1;) alert tcp $HOME_NET any -> [200.125.113.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.113.60/; sid:900760605; rev:1;) alert tcp $HOME_NET any -> [105.210.6.67] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.210.6.67/; sid:900760604; rev:1;) alert tcp $HOME_NET any -> [74.58.188.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.188.22/; sid:900759365; rev:1;) alert tcp $HOME_NET any -> [182.184.108.234] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.108.234/; sid:900759364; rev:1;) alert tcp $HOME_NET any -> [106.51.0.205] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.0.205/; sid:900759361; rev:1;) alert tcp $HOME_NET any -> [5.239.240.88] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.239.240.88/; sid:900759360; rev:1;) alert tcp $HOME_NET any -> [101.229.131.245] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.229.131.245/; sid:900759359; rev:1;) alert tcp $HOME_NET any -> [27.0.180.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.180.40/; sid:900759356; rev:1;) alert tcp $HOME_NET any -> [114.79.134.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.49/; sid:900759355; rev:1;) alert tcp $HOME_NET any -> [50.99.132.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.99.132.7/; sid:900759351; rev:1;) alert tcp $HOME_NET any -> [176.74.89.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.74.89.66/; sid:900759350; rev:1;) alert tcp $HOME_NET any -> [85.99.124.9] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.124.9/; sid:900759349; rev:1;) alert tcp $HOME_NET any -> [203.213.236.70] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.236.70/; sid:900759348; rev:1;) alert tcp $HOME_NET any -> [111.235.148.46] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.148.46/; sid:900759346; rev:1;) alert tcp $HOME_NET any -> [83.110.212.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.212.100/; sid:900759345; rev:1;) alert tcp $HOME_NET any -> [175.101.89.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.89.66/; sid:900759344; rev:1;) alert tcp $HOME_NET any -> [179.13.73.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.73.220/; sid:900759340; rev:1;) alert tcp $HOME_NET any -> [175.32.123.78] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.32.123.78/; sid:900759338; rev:1;) alert tcp $HOME_NET any -> [83.110.108.213] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.108.213/; sid:900759336; rev:1;) alert tcp $HOME_NET any -> [5.128.151.213] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.128.151.213/; sid:900759335; rev:1;) alert tcp $HOME_NET any -> [187.199.129.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.129.111/; sid:900759334; rev:1;) alert tcp $HOME_NET any -> [105.174.6.174] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.174.6.174/; sid:900759333; rev:1;) alert tcp $HOME_NET any -> [113.193.254.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.254.82/; sid:900759330; rev:1;) alert tcp $HOME_NET any -> [14.192.144.194] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.144.194/; sid:900759328; rev:1;) alert tcp $HOME_NET any -> [211.138.24.144] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.138.24.144/; sid:900759326; rev:1;) alert tcp $HOME_NET any -> [197.83.236.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.236.18/; sid:900759325; rev:1;) alert tcp $HOME_NET any -> [190.147.44.151] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.44.151/; sid:900759323; rev:1;) alert tcp $HOME_NET any -> [58.239.33.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.239.33.5/; sid:900759321; rev:1;) alert tcp $HOME_NET any -> [185.129.92.210] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.92.210/; sid:900759320; rev:1;) alert tcp $HOME_NET any -> [50.31.0.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.0.160/; sid:900759318; rev:1;) alert tcp $HOME_NET any -> [189.252.174.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.174.81/; sid:900759317; rev:1;) alert tcp $HOME_NET any -> [180.232.133.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.232.133.50/; sid:900759316; rev:1;) alert tcp $HOME_NET any -> [103.108.204.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.204.93/; sid:900759315; rev:1;) alert tcp $HOME_NET any -> [70.81.33.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.81.33.80/; sid:900759314; rev:1;) alert tcp $HOME_NET any -> [179.53.156.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.53.156.88/; sid:900759313; rev:1;) alert tcp $HOME_NET any -> [187.192.58.207] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.58.207/; sid:900759312; rev:1;) alert tcp $HOME_NET any -> [93.107.126.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.107.126.157/; sid:900759311; rev:1;) alert tcp $HOME_NET any -> [41.216.165.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.216.165.122/; sid:900759310; rev:1;) alert tcp $HOME_NET any -> [100.42.20.148] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.20.148/; sid:900759309; rev:1;) alert tcp $HOME_NET any -> [182.176.106.43] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.106.43/; sid:900759308; rev:1;) alert tcp $HOME_NET any -> [101.0.108.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.0.108.0/; sid:900759092; rev:1;) alert tcp $HOME_NET any -> [116.0.115.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.115.0/; sid:900759091; rev:1;) alert tcp $HOME_NET any -> [32.0.110.0] 26880 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.0.110.0/; sid:900759090; rev:1;) alert tcp $HOME_NET any -> [98.0.32.0] 25856 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.32.0/; sid:900759089; rev:1;) alert tcp $HOME_NET any -> [97.0.101.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.101.0/; sid:900759088; rev:1;) alert tcp $HOME_NET any -> [97.0.32.0] 27648 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.32.0/; sid:900759087; rev:1;) alert tcp $HOME_NET any -> [104.0.32.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.0.32.0/; sid:900759086; rev:1;) alert tcp $HOME_NET any -> [116.0.105.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.105.0/; sid:900759085; rev:1;) alert tcp $HOME_NET any -> [109.0.32.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.0.32.0/; sid:900759084; rev:1;) alert tcp $HOME_NET any -> [105.0.114.0] 28160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.0.114.0/; sid:900759083; rev:1;) alert tcp $HOME_NET any -> [100.0.101.0] 8192 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.101.0/; sid:900759082; rev:1;) alert tcp $HOME_NET any -> [12.36.68.139] 19595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.68.139/; sid:900757216; rev:1;) alert tcp $HOME_NET any -> [181.171.28.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.28.140/; sid:900756111; rev:1;) alert tcp $HOME_NET any -> [86.122.149.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.122.149.86/; sid:900756110; rev:1;) alert tcp $HOME_NET any -> [200.24.248.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.194/; sid:900756108; rev:1;) alert tcp $HOME_NET any -> [78.186.26.189] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.26.189/; sid:900756107; rev:1;) alert tcp $HOME_NET any -> [200.50.177.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.177.218/; sid:900756105; rev:1;) alert tcp $HOME_NET any -> [94.63.172.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.63.172.7/; sid:900756104; rev:1;) alert tcp $HOME_NET any -> [217.145.83.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.145.83.44/; sid:900756098; rev:1;) alert tcp $HOME_NET any -> [105.225.161.70] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.161.70/; sid:900756096; rev:1;) alert tcp $HOME_NET any -> [87.201.127.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.201.127.70/; sid:900756093; rev:1;) alert tcp $HOME_NET any -> [187.247.125.144] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.247.125.144/; sid:900756091; rev:1;) alert tcp $HOME_NET any -> [86.98.71.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.253/; sid:900756090; rev:1;) alert tcp $HOME_NET any -> [45.224.52.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.52.174/; sid:900756088; rev:1;) alert tcp $HOME_NET any -> [197.88.29.182] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.29.182/; sid:900756087; rev:1;) alert tcp $HOME_NET any -> [59.23.248.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.248.48/; sid:900756086; rev:1;) alert tcp $HOME_NET any -> [105.226.195.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.195.36/; sid:900756081; rev:1;) alert tcp $HOME_NET any -> [105.184.219.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.219.102/; sid:900756080; rev:1;) alert tcp $HOME_NET any -> [83.103.164.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.103.164.123/; sid:900756079; rev:1;) alert tcp $HOME_NET any -> [117.197.124.51] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.51/; sid:900756076; rev:1;) alert tcp $HOME_NET any -> [85.54.169.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.169.141/; sid:900756075; rev:1;) alert tcp $HOME_NET any -> [220.123.35.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.123.35.12/; sid:900756073; rev:1;) alert tcp $HOME_NET any -> [194.183.83.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.183.83.82/; sid:900756072; rev:1;) alert tcp $HOME_NET any -> [189.213.205.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.205.70/; sid:900756071; rev:1;) alert tcp $HOME_NET any -> [175.195.100.9] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.195.100.9/; sid:900756070; rev:1;) alert tcp $HOME_NET any -> [194.85.67.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.85.67.180/; sid:900756068; rev:1;) alert tcp $HOME_NET any -> [173.252.33.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.252.33.186/; sid:900756067; rev:1;) alert tcp $HOME_NET any -> [208.78.100.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.100.202/; sid:900756066; rev:1;) alert tcp $HOME_NET any -> [45.63.17.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.17.206/; sid:900756065; rev:1;) alert tcp $HOME_NET any -> [186.46.255.217] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.255.217/; sid:900756064; rev:1;) alert tcp $HOME_NET any -> [24.51.106.145] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.51.106.145/; sid:900756063; rev:1;) alert tcp $HOME_NET any -> [196.210.47.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.47.216/; sid:900756062; rev:1;) alert tcp $HOME_NET any -> [96.22.189.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.22.189.104/; sid:900756061; rev:1;) alert tcp $HOME_NET any -> [118.175.93.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.175.93.254/; sid:900756060; rev:1;) alert tcp $HOME_NET any -> [187.144.78.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.78.190/; sid:900756059; rev:1;) alert tcp $HOME_NET any -> [59.102.162.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.102.162.246/; sid:900756058; rev:1;) alert tcp $HOME_NET any -> [186.67.88.242] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.88.242/; sid:900756057; rev:1;) alert tcp $HOME_NET any -> [189.129.160.167] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.160.167/; sid:900756056; rev:1;) alert tcp $HOME_NET any -> [190.138.221.70] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.221.70/; sid:900756055; rev:1;) alert tcp $HOME_NET any -> [212.81.22.231] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.81.22.231/; sid:900756053; rev:1;) alert tcp $HOME_NET any -> [190.245.10.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.10.162/; sid:900756049; rev:1;) alert tcp $HOME_NET any -> [200.86.246.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.86.246.50/; sid:900756046; rev:1;) alert tcp $HOME_NET any -> [189.208.126.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.126.53/; sid:900756043; rev:1;) alert tcp $HOME_NET any -> [190.195.169.170] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.169.170/; sid:900756035; rev:1;) alert tcp $HOME_NET any -> [190.25.255.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.255.98/; sid:900756030; rev:1;) alert tcp $HOME_NET any -> [187.137.111.0] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.111.0/; sid:900756024; rev:1;) alert tcp $HOME_NET any -> [189.190.40.163] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.40.163/; sid:900756022; rev:1;) alert tcp $HOME_NET any -> [181.54.202.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.202.80/; sid:900756020; rev:1;) alert tcp $HOME_NET any -> [187.192.133.210] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.133.210/; sid:900756017; rev:1;) alert tcp $HOME_NET any -> [31.193.130.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.193.130.187/; sid:900756016; rev:1;) alert tcp $HOME_NET any -> [185.38.216.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.38.216.84/; sid:900756012; rev:1;) alert tcp $HOME_NET any -> [72.47.248.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.248.48/; sid:900756007; rev:1;) alert tcp $HOME_NET any -> [189.173.4.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.4.161/; sid:900756006; rev:1;) alert tcp $HOME_NET any -> [186.129.174.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.129.174.150/; sid:900756005; rev:1;) alert tcp $HOME_NET any -> [189.250.100.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.100.248/; sid:900756004; rev:1;) alert tcp $HOME_NET any -> [186.90.155.228] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.155.228/; sid:900756003; rev:1;) alert tcp $HOME_NET any -> [201.103.81.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.81.129/; sid:900756002; rev:1;) alert tcp $HOME_NET any -> [189.159.119.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.119.242/; sid:900756001; rev:1;) alert tcp $HOME_NET any -> [200.43.114.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.114.10/; sid:900756000; rev:1;) alert tcp $HOME_NET any -> [178.201.186.245] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.201.186.245/; sid:900755999; rev:1;) alert tcp $HOME_NET any -> [190.55.123.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.123.250/; sid:900755998; rev:1;) alert tcp $HOME_NET any -> [190.146.158.142] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.158.142/; sid:900755997; rev:1;) alert tcp $HOME_NET any -> [116.112.111.32] 28521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.112.111.32/; sid:900755705; rev:1;) alert tcp $HOME_NET any -> [46.121.114.97] 21514 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.121.114.97/; sid:900755704; rev:1;) alert tcp $HOME_NET any -> [99.105.100.32] 26996 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.105.100.32/; sid:900755703; rev:1;) alert tcp $HOME_NET any -> [97.32.116.99] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.116.99/; sid:900755702; rev:1;) alert tcp $HOME_NET any -> [32.101.100.111] 25199 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.100.111/; sid:900755701; rev:1;) alert tcp $HOME_NET any -> [122.176.109.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.109.10/; sid:900752888; rev:1;) alert tcp $HOME_NET any -> [117.247.233.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.247.233.82/; sid:900752887; rev:1;) alert tcp $HOME_NET any -> [183.82.112.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.154/; sid:900752882; rev:1;) alert tcp $HOME_NET any -> [217.165.2.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.29/; sid:900752880; rev:1;) alert tcp $HOME_NET any -> [186.90.227.239] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.227.239/; sid:900752879; rev:1;) alert tcp $HOME_NET any -> [58.65.178.100] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.178.100/; sid:900752878; rev:1;) alert tcp $HOME_NET any -> [27.96.91.73] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.73/; sid:900752877; rev:1;) alert tcp $HOME_NET any -> [109.129.2.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.129.2.50/; sid:900752876; rev:1;) alert tcp $HOME_NET any -> [2.50.183.165] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.183.165/; sid:900752875; rev:1;) alert tcp $HOME_NET any -> [211.248.17.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.17.209/; sid:900752873; rev:1;) alert tcp $HOME_NET any -> [190.228.72.180] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.72.180/; sid:900752872; rev:1;) alert tcp $HOME_NET any -> [187.144.76.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.76.174/; sid:900752867; rev:1;) alert tcp $HOME_NET any -> [196.209.233.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.209.233.234/; sid:900752866; rev:1;) alert tcp $HOME_NET any -> [190.147.100.8] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.100.8/; sid:900752865; rev:1;) alert tcp $HOME_NET any -> [123.136.174.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.136.174.52/; sid:900752860; rev:1;) alert tcp $HOME_NET any -> [189.149.3.197] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.3.197/; sid:900752859; rev:1;) alert tcp $HOME_NET any -> [115.93.16.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.93.16.173/; sid:900752858; rev:1;) alert tcp $HOME_NET any -> [121.74.198.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.198.58/; sid:900752857; rev:1;) alert tcp $HOME_NET any -> [190.109.223.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.223.50/; sid:900752853; rev:1;) alert tcp $HOME_NET any -> [118.69.35.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.35.66/; sid:900752852; rev:1;) alert tcp $HOME_NET any -> [27.147.163.188] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.147.163.188/; sid:900752851; rev:1;) alert tcp $HOME_NET any -> [147.83.156.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.156.162/; sid:900752848; rev:1;) alert tcp $HOME_NET any -> [190.0.1.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.1.30/; sid:900752847; rev:1;) alert tcp $HOME_NET any -> [186.4.165.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.165.50/; sid:900752846; rev:1;) alert tcp $HOME_NET any -> [190.94.79.239] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.94.79.239/; sid:900752845; rev:1;) alert tcp $HOME_NET any -> [183.82.120.85] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.120.85/; sid:900752844; rev:1;) alert tcp $HOME_NET any -> [189.194.250.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.250.74/; sid:900752843; rev:1;) alert tcp $HOME_NET any -> [189.230.124.74] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.124.74/; sid:900752842; rev:1;) alert tcp $HOME_NET any -> [181.119.30.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.25/; sid:900752840; rev:1;) alert tcp $HOME_NET any -> [148.243.206.110] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.243.206.110/; sid:900752839; rev:1;) alert tcp $HOME_NET any -> [218.105.184.93] 36275 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.105.184.93/; sid:900752398; rev:1;) alert tcp $HOME_NET any -> [100.231.103.203] 61235 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.231.103.203/; sid:900752397; rev:1;) alert tcp $HOME_NET any -> [201.248.14.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.14.67/; sid:900752289; rev:1;) alert tcp $HOME_NET any -> [125.130.72.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.130.72.105/; sid:900752270; rev:1;) alert tcp $HOME_NET any -> [181.31.246.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.246.152/; sid:900752266; rev:1;) alert tcp $HOME_NET any -> [116.240.3.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.240.3.27/; sid:900752265; rev:1;) alert tcp $HOME_NET any -> [186.150.202.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.202.242/; sid:900752245; rev:1;) alert tcp $HOME_NET any -> [190.190.101.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.101.38/; sid:900752243; rev:1;) alert tcp $HOME_NET any -> [31.53.229.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.229.122/; sid:900752229; rev:1;) alert tcp $HOME_NET any -> [181.45.45.132] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.45.132/; sid:900752228; rev:1;) alert tcp $HOME_NET any -> [181.211.11.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.11.171/; sid:900752227; rev:1;) alert tcp $HOME_NET any -> [190.226.34.8] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.34.8/; sid:900752225; rev:1;) alert tcp $HOME_NET any -> [186.15.66.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.66.98/; sid:900752224; rev:1;) alert tcp $HOME_NET any -> [200.83.21.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.21.5/; sid:900752222; rev:1;) alert tcp $HOME_NET any -> [24.53.3.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.3.10/; sid:900752221; rev:1;) alert tcp $HOME_NET any -> [69.158.10.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.10.125/; sid:900752220; rev:1;) alert tcp $HOME_NET any -> [24.222.22.58] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.22.58/; sid:900752219; rev:1;) alert tcp $HOME_NET any -> [45.73.27.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.27.218/; sid:900752216; rev:1;) alert tcp $HOME_NET any -> [95.9.248.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.248.89/; sid:900752214; rev:1;) alert tcp $HOME_NET any -> [66.50.57.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.57.73/; sid:900752210; rev:1;) alert tcp $HOME_NET any -> [189.225.146.180] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.146.180/; sid:900752209; rev:1;) alert tcp $HOME_NET any -> [189.129.134.124] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.134.124/; sid:900752208; rev:1;) alert tcp $HOME_NET any -> [200.54.18.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.18.162/; sid:900752207; rev:1;) alert tcp $HOME_NET any -> [181.164.8.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.8/; sid:900752206; rev:1;) alert tcp $HOME_NET any -> [187.163.177.194] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.177.194/; sid:900752205; rev:1;) alert tcp $HOME_NET any -> [216.244.228.62] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.228.62/; sid:900752204; rev:1;) alert tcp $HOME_NET any -> [189.146.157.111] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.157.111/; sid:900752203; rev:1;) alert tcp $HOME_NET any -> [190.10.220.92] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.220.92/; sid:900752202; rev:1;) alert tcp $HOME_NET any -> [187.158.112.43] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.158.112.43/; sid:900752201; rev:1;) alert tcp $HOME_NET any -> [201.245.184.16] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.184.16/; sid:900749547; rev:1;) alert tcp $HOME_NET any -> [80.44.121.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.121.62/; sid:900749546; rev:1;) alert tcp $HOME_NET any -> [45.167.12.22] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.12.22/; sid:900749542; rev:1;) alert tcp $HOME_NET any -> [105.184.237.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.237.83/; sid:900749535; rev:1;) alert tcp $HOME_NET any -> [78.189.173.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.173.217/; sid:900749534; rev:1;) alert tcp $HOME_NET any -> [201.143.82.199] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.82.199/; sid:900749529; rev:1;) alert tcp $HOME_NET any -> [182.73.147.218] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.147.218/; sid:900749528; rev:1;) alert tcp $HOME_NET any -> [105.184.106.99] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.106.99/; sid:900749525; rev:1;) alert tcp $HOME_NET any -> [151.237.16.5] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.16.5/; sid:900749522; rev:1;) alert tcp $HOME_NET any -> [178.209.71.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.209.71.63/; sid:900749520; rev:1;) alert tcp $HOME_NET any -> [88.249.181.174] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.174/; sid:900749519; rev:1;) alert tcp $HOME_NET any -> [27.109.116.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.116.48/; sid:900749515; rev:1;) alert tcp $HOME_NET any -> [187.163.91.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.91.104/; sid:900749510; rev:1;) alert tcp $HOME_NET any -> [190.17.173.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.58/; sid:900749509; rev:1;) alert tcp $HOME_NET any -> [120.63.148.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.63.148.9/; sid:900749508; rev:1;) alert tcp $HOME_NET any -> [201.111.29.109] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.29.109/; sid:900749507; rev:1;) alert tcp $HOME_NET any -> [187.135.141.61] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.141.61/; sid:900749506; rev:1;) alert tcp $HOME_NET any -> [178.92.73.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.92.73.34/; sid:900749505; rev:1;) alert tcp $HOME_NET any -> [187.235.145.190] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.145.190/; sid:900749504; rev:1;) alert tcp $HOME_NET any -> [94.59.80.100] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.80.100/; sid:900749503; rev:1;) alert tcp $HOME_NET any -> [201.230.255.100] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.230.255.100/; sid:900749502; rev:1;) alert tcp $HOME_NET any -> [187.207.58.148] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.58.148/; sid:900749501; rev:1;) alert tcp $HOME_NET any -> [201.235.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.65.61/; sid:900747250; rev:1;) alert tcp $HOME_NET any -> [204.13.253.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.13.253.141/; sid:900747247; rev:1;) alert tcp $HOME_NET any -> [189.155.150.137] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.150.137/; sid:900747245; rev:1;) alert tcp $HOME_NET any -> [200.93.90.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.90.133/; sid:900747244; rev:1;) alert tcp $HOME_NET any -> [201.110.118.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.118.102/; sid:900747243; rev:1;) alert tcp $HOME_NET any -> [190.52.161.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.52.161.1/; sid:900747242; rev:1;) alert tcp $HOME_NET any -> [181.57.230.186] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.230.186/; sid:900747238; rev:1;) alert tcp $HOME_NET any -> [190.210.223.238] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.223.238/; sid:900747237; rev:1;) alert tcp $HOME_NET any -> [85.99.104.112] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.104.112/; sid:900747236; rev:1;) alert tcp $HOME_NET any -> [200.68.111.81] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.111.81/; sid:900747234; rev:1;) alert tcp $HOME_NET any -> [179.41.14.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.41.14.199/; sid:900747233; rev:1;) alert tcp $HOME_NET any -> [190.60.225.114] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.60.225.114/; sid:900747232; rev:1;) alert tcp $HOME_NET any -> [190.10.159.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.159.242/; sid:900747231; rev:1;) alert tcp $HOME_NET any -> [178.62.37.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.37.188/; sid:900747229; rev:1;) alert tcp $HOME_NET any -> [180.92.239.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.92.239.110/; sid:900747228; rev:1;) alert tcp $HOME_NET any -> [190.120.195.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.195.162/; sid:900747225; rev:1;) alert tcp $HOME_NET any -> [83.110.19.147] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.19.147/; sid:900747224; rev:1;) alert tcp $HOME_NET any -> [24.232.79.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.79.140/; sid:900747223; rev:1;) alert tcp $HOME_NET any -> [181.143.91.186] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.91.186/; sid:900747220; rev:1;) alert tcp $HOME_NET any -> [187.207.186.161] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.186.161/; sid:900747219; rev:1;) alert tcp $HOME_NET any -> [37.187.159.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.159.59/; sid:900747218; rev:1;) alert tcp $HOME_NET any -> [216.8.148.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.148.141/; sid:900747216; rev:1;) alert tcp $HOME_NET any -> [190.17.160.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.160.28/; sid:900747215; rev:1;) alert tcp $HOME_NET any -> [190.167.214.75] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.167.214.75/; sid:900747214; rev:1;) alert tcp $HOME_NET any -> [62.75.191.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.191.231/; sid:900747211; rev:1;) alert tcp $HOME_NET any -> [41.75.132.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.132.231/; sid:900747210; rev:1;) alert tcp $HOME_NET any -> [189.244.154.169] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.154.169/; sid:900747209; rev:1;) alert tcp $HOME_NET any -> [86.217.148.38] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.217.148.38/; sid:900747208; rev:1;) alert tcp $HOME_NET any -> [190.103.30.186] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.30.186/; sid:900747207; rev:1;) alert tcp $HOME_NET any -> [181.143.194.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.194.138/; sid:900747206; rev:1;) alert tcp $HOME_NET any -> [177.242.215.65] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.65/; sid:900747205; rev:1;) alert tcp $HOME_NET any -> [81.130.209.250] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.209.250/; sid:900747204; rev:1;) alert tcp $HOME_NET any -> [190.6.24.248] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.24.248/; sid:900747203; rev:1;) alert tcp $HOME_NET any -> [201.130.151.95] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.151.95/; sid:900747202; rev:1;) alert tcp $HOME_NET any -> [70.55.70.147] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.147/; sid:900747201; rev:1;) alert tcp $HOME_NET any -> [60.54.121.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.121.215/; sid:900746589; rev:1;) alert tcp $HOME_NET any -> [210.19.41.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.19.41.87/; sid:900746587; rev:1;) alert tcp $HOME_NET any -> [139.13.91.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.136/; sid:900746586; rev:1;) alert tcp $HOME_NET any -> [186.16.203.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.203.150/; sid:900746584; rev:1;) alert tcp $HOME_NET any -> [86.98.65.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.65.187/; sid:900746583; rev:1;) alert tcp $HOME_NET any -> [181.61.253.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.90/; sid:900746582; rev:1;) alert tcp $HOME_NET any -> [139.13.91.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.149/; sid:900746581; rev:1;) alert tcp $HOME_NET any -> [200.71.112.158] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.112.158/; sid:900746580; rev:1;) alert tcp $HOME_NET any -> [201.231.70.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.70.72/; sid:900746578; rev:1;) alert tcp $HOME_NET any -> [189.163.44.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.44.44/; sid:900746576; rev:1;) alert tcp $HOME_NET any -> [201.200.3.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.200.3.74/; sid:900746575; rev:1;) alert tcp $HOME_NET any -> [181.46.46.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.46.49/; sid:900746572; rev:1;) alert tcp $HOME_NET any -> [80.12.84.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.84.86/; sid:900746571; rev:1;) alert tcp $HOME_NET any -> [181.48.239.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.239.3/; sid:900746570; rev:1;) alert tcp $HOME_NET any -> [200.113.106.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.106.18/; sid:900746568; rev:1;) alert tcp $HOME_NET any -> [81.86.206.166] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.206.166/; sid:900746567; rev:1;) alert tcp $HOME_NET any -> [190.210.236.237] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.237/; sid:900746566; rev:1;) alert tcp $HOME_NET any -> [183.82.34.65] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.34.65/; sid:900746562; rev:1;) alert tcp $HOME_NET any -> [190.220.19.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.19.82/; sid:900746560; rev:1;) alert tcp $HOME_NET any -> [78.187.52.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.52.65/; sid:900746559; rev:1;) alert tcp $HOME_NET any -> [216.252.83.23] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.252.83.23/; sid:900746558; rev:1;) alert tcp $HOME_NET any -> [79.127.57.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.42/; sid:900746557; rev:1;) alert tcp $HOME_NET any -> [169.0.47.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.47.103/; sid:900746556; rev:1;) alert tcp $HOME_NET any -> [79.98.31.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.98.31.206/; sid:900746555; rev:1;) alert tcp $HOME_NET any -> [186.190.192.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.190.192.84/; sid:900746554; rev:1;) alert tcp $HOME_NET any -> [69.163.33.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.82/; sid:900746552; rev:1;) alert tcp $HOME_NET any -> [139.13.92.63] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.92.63/; sid:900746551; rev:1;) alert tcp $HOME_NET any -> [181.167.49.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.49.76/; sid:900746550; rev:1;) alert tcp $HOME_NET any -> [189.154.188.33] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.188.33/; sid:900746549; rev:1;) alert tcp $HOME_NET any -> [79.66.242.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.66.242.43/; sid:900746548; rev:1;) alert tcp $HOME_NET any -> [181.169.58.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.58.108/; sid:900746547; rev:1;) alert tcp $HOME_NET any -> [139.13.84.107] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.84.107/; sid:900746546; rev:1;) alert tcp $HOME_NET any -> [154.120.231.114] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.231.114/; sid:900746544; rev:1;) alert tcp $HOME_NET any -> [187.200.132.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.200.132.53/; sid:900746543; rev:1;) alert tcp $HOME_NET any -> [187.163.213.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.213.124/; sid:900746542; rev:1;) alert tcp $HOME_NET any -> [97.32.110.101] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.110.101/; sid:900746048; rev:1;) alert tcp $HOME_NET any -> [206.5.160.235] 5657 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.5.160.235/; sid:900741170; rev:1;) alert tcp $HOME_NET any -> [106.51.37.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.37.192/; sid:900738854; rev:1;) alert tcp $HOME_NET any -> [2.50.53.185] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.53.185/; sid:900738848; rev:1;) alert tcp $HOME_NET any -> [88.249.120.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.120.191/; sid:900738846; rev:1;) alert tcp $HOME_NET any -> [105.224.105.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.105.73/; sid:900738827; rev:1;) alert tcp $HOME_NET any -> [183.82.104.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.104.81/; sid:900738825; rev:1;) alert tcp $HOME_NET any -> [190.202.166.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.166.164/; sid:900734353; rev:1;) alert tcp $HOME_NET any -> [190.19.178.131] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.178.131/; sid:900734351; rev:1;) alert tcp $HOME_NET any -> [201.183.225.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.225.39/; sid:900734350; rev:1;) alert tcp $HOME_NET any -> [103.91.228.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.228.3/; sid:900734347; rev:1;) alert tcp $HOME_NET any -> [189.159.150.1] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.150.1/; sid:900734346; rev:1;) alert tcp $HOME_NET any -> [186.149.140.55] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.140.55/; sid:900734345; rev:1;) alert tcp $HOME_NET any -> [103.251.141.42] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.141.42/; sid:900734344; rev:1;) alert tcp $HOME_NET any -> [187.177.166.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.166.183/; sid:900734341; rev:1;) alert tcp $HOME_NET any -> [152.231.109.201] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.109.201/; sid:900734340; rev:1;) alert tcp $HOME_NET any -> [190.44.153.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.153.169/; sid:900734336; rev:1;) alert tcp $HOME_NET any -> [201.228.78.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.228.78.117/; sid:900734334; rev:1;) alert tcp $HOME_NET any -> [221.4.142.41] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.4.142.41/; sid:900734329; rev:1;) alert tcp $HOME_NET any -> [91.183.108.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.183.108.184/; sid:900734328; rev:1;) alert tcp $HOME_NET any -> [152.168.249.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.249.64/; sid:900734325; rev:1;) alert tcp $HOME_NET any -> [200.6.186.36] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.186.36/; sid:900734323; rev:1;) alert tcp $HOME_NET any -> [190.136.177.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.177.34/; sid:900734321; rev:1;) alert tcp $HOME_NET any -> [83.110.153.207] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.153.207/; sid:900734320; rev:1;) alert tcp $HOME_NET any -> [190.230.171.15] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.171.15/; sid:900734319; rev:1;) alert tcp $HOME_NET any -> [5.187.152.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.187.152.115/; sid:900734318; rev:1;) alert tcp $HOME_NET any -> [190.138.220.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.220.6/; sid:900734317; rev:1;) alert tcp $HOME_NET any -> [181.197.14.204] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.14.204/; sid:900734314; rev:1;) alert tcp $HOME_NET any -> [187.232.87.141] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.87.141/; sid:900734313; rev:1;) alert tcp $HOME_NET any -> [85.75.118.245] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.75.118.245/; sid:900734312; rev:1;) alert tcp $HOME_NET any -> [190.186.38.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.38.22/; sid:900734311; rev:1;) alert tcp $HOME_NET any -> [181.177.213.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.177.213.144/; sid:900734310; rev:1;) alert tcp $HOME_NET any -> [181.39.166.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.166.254/; sid:900734309; rev:1;) alert tcp $HOME_NET any -> [181.143.126.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.126.170/; sid:900734308; rev:1;) alert tcp $HOME_NET any -> [94.70.164.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.164.109/; sid:900734307; rev:1;) alert tcp $HOME_NET any -> [190.186.42.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.42.98/; sid:900734306; rev:1;) alert tcp $HOME_NET any -> [217.165.127.208] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.208/; sid:900734305; rev:1;) alert tcp $HOME_NET any -> [190.210.33.41] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.33.41/; sid:900733153; rev:1;) alert tcp $HOME_NET any -> [64.39.179.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.39.179.131/; sid:900733152; rev:1;) alert tcp $HOME_NET any -> [212.99.204.114] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.99.204.114/; sid:900733151; rev:1;) alert tcp $HOME_NET any -> [201.231.77.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.77.11/; sid:900733149; rev:1;) alert tcp $HOME_NET any -> [190.104.233.88] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.233.88/; sid:900733147; rev:1;) alert tcp $HOME_NET any -> [190.147.247.215] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.247.215/; sid:900733146; rev:1;) alert tcp $HOME_NET any -> [5.44.210.163] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.210.163/; sid:900733144; rev:1;) alert tcp $HOME_NET any -> [189.163.192.252] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.192.252/; sid:900733142; rev:1;) alert tcp $HOME_NET any -> [187.163.143.13] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.143.13/; sid:900733140; rev:1;) alert tcp $HOME_NET any -> [181.39.96.86] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.96.86/; sid:900733139; rev:1;) alert tcp $HOME_NET any -> [200.84.36.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.36.201/; sid:900733138; rev:1;) alert tcp $HOME_NET any -> [92.11.254.135] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.254.135/; sid:900733136; rev:1;) alert tcp $HOME_NET any -> [200.52.206.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.206.246/; sid:900733135; rev:1;) alert tcp $HOME_NET any -> [190.72.254.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.254.66/; sid:900733132; rev:1;) alert tcp $HOME_NET any -> [181.166.88.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.166.88.217/; sid:900733131; rev:1;) alert tcp $HOME_NET any -> [200.68.68.153] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.68.153/; sid:900733130; rev:1;) alert tcp $HOME_NET any -> [81.214.63.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.63.242/; sid:900733127; rev:1;) alert tcp $HOME_NET any -> [190.245.191.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.191.156/; sid:900733126; rev:1;) alert tcp $HOME_NET any -> [189.222.109.159] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.109.159/; sid:900733124; rev:1;) alert tcp $HOME_NET any -> [186.24.240.240] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.24.240.240/; sid:900733123; rev:1;) alert tcp $HOME_NET any -> [169.0.100.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.48/; sid:900733121; rev:1;) alert tcp $HOME_NET any -> [190.158.224.107] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.224.107/; sid:900733118; rev:1;) alert tcp $HOME_NET any -> [190.171.237.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.189/; sid:900733117; rev:1;) alert tcp $HOME_NET any -> [190.245.107.73] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.107.73/; sid:900733116; rev:1;) alert tcp $HOME_NET any -> [189.149.12.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.12.180/; sid:900733115; rev:1;) alert tcp $HOME_NET any -> [186.137.231.77] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.231.77/; sid:900733114; rev:1;) alert tcp $HOME_NET any -> [189.203.177.52] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.52/; sid:900733113; rev:1;) alert tcp $HOME_NET any -> [200.127.231.105] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.231.105/; sid:900733112; rev:1;) alert tcp $HOME_NET any -> [189.228.101.204] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.101.204/; sid:900733111; rev:1;) alert tcp $HOME_NET any -> [139.13.93.50] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.93.50/; sid:900733110; rev:1;) alert tcp $HOME_NET any -> [201.214.147.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.147.166/; sid:900733109; rev:1;) alert tcp $HOME_NET any -> [200.124.27.202] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.27.202/; sid:900730282; rev:1;) alert tcp $HOME_NET any -> [95.70.224.237] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.70.224.237/; sid:900730281; rev:1;) alert tcp $HOME_NET any -> [189.131.47.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.47.159/; sid:900730280; rev:1;) alert tcp $HOME_NET any -> [186.159.122.233] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.122.233/; sid:900730276; rev:1;) alert tcp $HOME_NET any -> [169.1.71.215] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.71.215/; sid:900730274; rev:1;) alert tcp $HOME_NET any -> [86.98.53.59] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.53.59/; sid:900730271; rev:1;) alert tcp $HOME_NET any -> [179.50.131.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.50.131.35/; sid:900730270; rev:1;) alert tcp $HOME_NET any -> [187.193.117.191] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.117.191/; sid:900730267; rev:1;) alert tcp $HOME_NET any -> [186.82.11.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.82.11.76/; sid:900730265; rev:1;) alert tcp $HOME_NET any -> [27.100.25.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.100.25.74/; sid:900730263; rev:1;) alert tcp $HOME_NET any -> [186.136.29.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.29.143/; sid:900730258; rev:1;) alert tcp $HOME_NET any -> [88.247.76.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.76.191/; sid:900730257; rev:1;) alert tcp $HOME_NET any -> [201.238.171.6] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.171.6/; sid:900730255; rev:1;) alert tcp $HOME_NET any -> [187.148.160.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.160.52/; sid:900730253; rev:1;) alert tcp $HOME_NET any -> [70.178.189.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.178.189.123/; sid:900730252; rev:1;) alert tcp $HOME_NET any -> [181.48.22.219] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.22.219/; sid:900730251; rev:1;) alert tcp $HOME_NET any -> [105.228.147.223] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.147.223/; sid:900730250; rev:1;) alert tcp $HOME_NET any -> [63.143.74.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.74.70/; sid:900730249; rev:1;) alert tcp $HOME_NET any -> [217.165.124.206] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.124.206/; sid:900730248; rev:1;) alert tcp $HOME_NET any -> [176.192.20.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.192.20.62/; sid:900730246; rev:1;) alert tcp $HOME_NET any -> [177.225.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.150.89/; sid:900730245; rev:1;) alert tcp $HOME_NET any -> [200.119.193.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.193.251/; sid:900730241; rev:1;) alert tcp $HOME_NET any -> [189.189.79.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.79.143/; sid:900730240; rev:1;) alert tcp $HOME_NET any -> [179.32.192.202] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.32.192.202/; sid:900730239; rev:1;) alert tcp $HOME_NET any -> [54.38.247.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.247.98/; sid:900730238; rev:1;) alert tcp $HOME_NET any -> [187.163.183.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.183.194/; sid:900730237; rev:1;) alert tcp $HOME_NET any -> [70.45.60.142] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.60.142/; sid:900730236; rev:1;) alert tcp $HOME_NET any -> [182.191.119.91] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.191.119.91/; sid:900730235; rev:1;) alert tcp $HOME_NET any -> [190.75.47.24] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.47.24/; sid:900730234; rev:1;) alert tcp $HOME_NET any -> [187.169.245.45] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.169.245.45/; sid:900730233; rev:1;) alert tcp $HOME_NET any -> [190.188.46.233] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.46.233/; sid:900730232; rev:1;) alert tcp $HOME_NET any -> [189.205.249.209] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.249.209/; sid:900728513; rev:1;) alert tcp $HOME_NET any -> [189.253.56.145] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.56.145/; sid:900728512; rev:1;) alert tcp $HOME_NET any -> [186.4.242.12] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.242.12/; sid:900728510; rev:1;) alert tcp $HOME_NET any -> [177.243.144.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.243.144.248/; sid:900728508; rev:1;) alert tcp $HOME_NET any -> [177.240.208.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.240.208.251/; sid:900728506; rev:1;) alert tcp $HOME_NET any -> [186.177.126.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.126.252/; sid:900728504; rev:1;) alert tcp $HOME_NET any -> [177.242.215.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.230/; sid:900728503; rev:1;) alert tcp $HOME_NET any -> [187.243.70.172] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.70.172/; sid:900728502; rev:1;) alert tcp $HOME_NET any -> [177.231.56.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.56.40/; sid:900728500; rev:1;) alert tcp $HOME_NET any -> [187.163.179.73] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.179.73/; sid:900728499; rev:1;) alert tcp $HOME_NET any -> [200.115.53.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.115.53.210/; sid:900728498; rev:1;) alert tcp $HOME_NET any -> [197.211.244.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.244.219/; sid:900728497; rev:1;) alert tcp $HOME_NET any -> [187.131.47.157] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.47.157/; sid:900728496; rev:1;) alert tcp $HOME_NET any -> [190.240.175.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.175.190/; sid:900728495; rev:1;) alert tcp $HOME_NET any -> [187.150.211.115] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.211.115/; sid:900728494; rev:1;) alert tcp $HOME_NET any -> [190.146.169.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.169.53/; sid:900728493; rev:1;) alert tcp $HOME_NET any -> [189.225.148.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.148.250/; sid:900728492; rev:1;) alert tcp $HOME_NET any -> [186.4.4.161] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.161/; sid:900728491; rev:1;) alert tcp $HOME_NET any -> [87.225.109.55] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.225.109.55/; sid:900728490; rev:1;) alert tcp $HOME_NET any -> [213.14.139.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.139.81/; sid:900728488; rev:1;) alert tcp $HOME_NET any -> [187.153.105.212] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.105.212/; sid:900728487; rev:1;) alert tcp $HOME_NET any -> [190.182.134.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.182.134.41/; sid:900728486; rev:1;) alert tcp $HOME_NET any -> [189.218.186.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.186.138/; sid:900728485; rev:1;) alert tcp $HOME_NET any -> [190.130.152.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.130.152.209/; sid:900728484; rev:1;) alert tcp $HOME_NET any -> [181.230.129.137] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.129.137/; sid:900728483; rev:1;) alert tcp $HOME_NET any -> [186.3.223.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.223.3/; sid:900728482; rev:1;) alert tcp $HOME_NET any -> [190.117.161.108] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.161.108/; sid:900728481; rev:1;) alert tcp $HOME_NET any -> [181.27.124.64] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.124.64/; sid:900728480; rev:1;) alert tcp $HOME_NET any -> [201.110.250.76] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.250.76/; sid:900728479; rev:1;) alert tcp $HOME_NET any -> [201.192.162.109] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.162.109/; sid:900728477; rev:1;) alert tcp $HOME_NET any -> [186.176.140.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.140.255/; sid:900728475; rev:1;) alert tcp $HOME_NET any -> [187.241.18.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.241.18.251/; sid:900728474; rev:1;) alert tcp $HOME_NET any -> [181.168.80.87] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.80.87/; sid:900728473; rev:1;) alert tcp $HOME_NET any -> [191.103.109.235] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.109.235/; sid:900728472; rev:1;) alert tcp $HOME_NET any -> [84.173.140.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.173.140.231/; sid:900728470; rev:1;) alert tcp $HOME_NET any -> [177.226.75.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.226.75.31/; sid:900728468; rev:1;) alert tcp $HOME_NET any -> [200.194.14.232] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.194.14.232/; sid:900728466; rev:1;) alert tcp $HOME_NET any -> [105.225.76.76] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.76.76/; sid:900728463; rev:1;) alert tcp $HOME_NET any -> [189.157.57.135] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.57.135/; sid:900728462; rev:1;) alert tcp $HOME_NET any -> [201.248.199.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.199.100/; sid:900728459; rev:1;) alert tcp $HOME_NET any -> [190.27.27.139] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.27.27.139/; sid:900728458; rev:1;) alert tcp $HOME_NET any -> [187.250.133.125] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.133.125/; sid:900728457; rev:1;) alert tcp $HOME_NET any -> [1.22.119.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.22.119.250/; sid:900728456; rev:1;) alert tcp $HOME_NET any -> [189.222.245.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.245.247/; sid:900728455; rev:1;) alert tcp $HOME_NET any -> [181.63.199.17] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.199.17/; sid:900728454; rev:1;) alert tcp $HOME_NET any -> [201.102.7.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.102.7.208/; sid:900728453; rev:1;) alert tcp $HOME_NET any -> [70.80.135.35] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.80.135.35/; sid:900728452; rev:1;) alert tcp $HOME_NET any -> [200.124.225.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.225.32/; sid:900728451; rev:1;) alert tcp $HOME_NET any -> [189.226.214.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.214.129/; sid:900728450; rev:1;) alert tcp $HOME_NET any -> [130.209.253.231] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.253.231/; sid:900726635; rev:1;) alert tcp $HOME_NET any -> [173.212.221.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.221.251/; sid:900726634; rev:1;) alert tcp $HOME_NET any -> [81.145.239.194] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.145.239.194/; sid:900726633; rev:1;) alert tcp $HOME_NET any -> [186.139.184.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.184.36/; sid:900726632; rev:1;) alert tcp $HOME_NET any -> [190.67.11.122] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.67.11.122/; sid:900726629; rev:1;) alert tcp $HOME_NET any -> [178.141.80.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.141.80.155/; sid:900726627; rev:1;) alert tcp $HOME_NET any -> [93.182.25.14] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.182.25.14/; sid:900726626; rev:1;) alert tcp $HOME_NET any -> [109.128.252.1] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.128.252.1/; sid:900726625; rev:1;) alert tcp $HOME_NET any -> [85.99.251.233] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.251.233/; sid:900726624; rev:1;) alert tcp $HOME_NET any -> [179.52.155.151] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.155.151/; sid:900726621; rev:1;) alert tcp $HOME_NET any -> [94.64.51.64] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.64.51.64/; sid:900726620; rev:1;) alert tcp $HOME_NET any -> [186.70.152.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.152.218/; sid:900726619; rev:1;) alert tcp $HOME_NET any -> [186.101.235.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.235.14/; sid:900726618; rev:1;) alert tcp $HOME_NET any -> [190.202.39.187] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.39.187/; sid:900726616; rev:1;) alert tcp $HOME_NET any -> [213.184.244.254] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.184.244.254/; sid:900726615; rev:1;) alert tcp $HOME_NET any -> [190.180.124.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.124.226/; sid:900726613; rev:1;) alert tcp $HOME_NET any -> [190.193.3.177] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.3.177/; sid:900726610; rev:1;) alert tcp $HOME_NET any -> [130.209.248.130] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.248.130/; sid:900726608; rev:1;) alert tcp $HOME_NET any -> [190.106.97.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.106.97.230/; sid:900726607; rev:1;) alert tcp $HOME_NET any -> [83.110.12.246] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.12.246/; sid:900726605; rev:1;) alert tcp $HOME_NET any -> [188.194.63.4] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.194.63.4/; sid:900726604; rev:1;) alert tcp $HOME_NET any -> [78.61.250.157] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.61.250.157/; sid:900726602; rev:1;) alert tcp $HOME_NET any -> [152.169.22.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.22.153/; sid:900726601; rev:1;) alert tcp $HOME_NET any -> [190.84.160.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.160.195/; sid:900726600; rev:1;) alert tcp $HOME_NET any -> [190.79.4.107] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.4.107/; sid:900726599; rev:1;) alert tcp $HOME_NET any -> [130.209.248.118] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.209.248.118/; sid:900726598; rev:1;) alert tcp $HOME_NET any -> [181.57.97.83] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.97.83/; sid:900726594; rev:1;) alert tcp $HOME_NET any -> [181.51.214.5] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.51.214.5/; sid:900726593; rev:1;) alert tcp $HOME_NET any -> [181.60.57.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.57.250/; sid:900726592; rev:1;) alert tcp $HOME_NET any -> [190.195.129.227] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.129.227/; sid:900726591; rev:1;) alert tcp $HOME_NET any -> [78.186.175.183] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.183/; sid:900726590; rev:1;) alert tcp $HOME_NET any -> [63.143.67.107] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.67.107/; sid:900726589; rev:1;) alert tcp $HOME_NET any -> [189.222.20.165] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.20.165/; sid:900726588; rev:1;) alert tcp $HOME_NET any -> [190.131.157.113] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.157.113/; sid:900726587; rev:1;) alert tcp $HOME_NET any -> [189.146.217.35] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.217.35/; sid:900726586; rev:1;) alert tcp $HOME_NET any -> [189.134.53.158] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.53.158/; sid:900726585; rev:1;) alert tcp $HOME_NET any -> [220.130.37.13] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.130.37.13/; sid:900726448; rev:1;) alert tcp $HOME_NET any -> [189.209.255.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.255.52/; sid:900726445; rev:1;) alert tcp $HOME_NET any -> [189.148.190.37] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.148.190.37/; sid:900726444; rev:1;) alert tcp $HOME_NET any -> [200.126.171.119] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.171.119/; sid:900726442; rev:1;) alert tcp $HOME_NET any -> [117.3.39.85] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.3.39.85/; sid:900726440; rev:1;) alert tcp $HOME_NET any -> [181.167.31.88] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.31.88/; sid:900726438; rev:1;) alert tcp $HOME_NET any -> [190.55.209.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.209.82/; sid:900726436; rev:1;) alert tcp $HOME_NET any -> [201.152.93.218] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.93.218/; sid:900726428; rev:1;) alert tcp $HOME_NET any -> [186.28.36.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.28.36.44/; sid:900726427; rev:1;) alert tcp $HOME_NET any -> [181.189.221.172] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.221.172/; sid:900726421; rev:1;) alert tcp $HOME_NET any -> [186.4.172.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.172.5/; sid:900726418; rev:1;) alert tcp $HOME_NET any -> [2.86.188.27] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.86.188.27/; sid:900726416; rev:1;) alert tcp $HOME_NET any -> [186.179.80.101] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.101/; sid:900726415; rev:1;) alert tcp $HOME_NET any -> [186.20.248.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.248.146/; sid:900726412; rev:1;) alert tcp $HOME_NET any -> [24.157.195.134] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.157.195.134/; sid:900726411; rev:1;) alert tcp $HOME_NET any -> [99.239.84.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.239.84.14/; sid:900725933; rev:1;) alert tcp $HOME_NET any -> [115.166.1.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.166.1.82/; sid:900725930; rev:1;) alert tcp $HOME_NET any -> [171.101.153.12] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.153.12/; sid:900725928; rev:1;) alert tcp $HOME_NET any -> [189.213.120.20] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.120.20/; sid:900725925; rev:1;) alert tcp $HOME_NET any -> [75.99.13.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.13.124/; sid:900725915; rev:1;) alert tcp $HOME_NET any -> [175.140.115.82] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.140.115.82/; sid:900725913; rev:1;) alert tcp $HOME_NET any -> [219.92.81.149] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.92.81.149/; sid:900725912; rev:1;) alert tcp $HOME_NET any -> [41.169.20.147] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.169.20.147/; sid:900725911; rev:1;) alert tcp $HOME_NET any -> [181.27.124.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.124.18/; sid:900725910; rev:1;) alert tcp $HOME_NET any -> [173.255.196.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.196.209/; sid:900725909; rev:1;) alert tcp $HOME_NET any -> [222.97.149.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.97.149.122/; sid:900725906; rev:1;) alert tcp $HOME_NET any -> [60.212.12.177] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.212.12.177/; sid:900725905; rev:1;) alert tcp $HOME_NET any -> [181.168.74.104] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.74.104/; sid:900725903; rev:1;) alert tcp $HOME_NET any -> [189.250.216.207] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.216.207/; sid:900725902; rev:1;) alert tcp $HOME_NET any -> [186.136.188.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.188.169/; sid:900725898; rev:1;) alert tcp $HOME_NET any -> [220.161.178.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.161.178.6/; sid:900725896; rev:1;) alert tcp $HOME_NET any -> [105.246.66.139] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.246.66.139/; sid:900725890; rev:1;) alert tcp $HOME_NET any -> [190.95.116.116] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.95.116.116/; sid:900725889; rev:1;) alert tcp $HOME_NET any -> [187.169.235.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.169.235.5/; sid:900725884; rev:1;) alert tcp $HOME_NET any -> [69.195.223.154] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.195.223.154/; sid:900725882; rev:1;) alert tcp $HOME_NET any -> [201.97.99.39] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.99.39/; sid:900725881; rev:1;) alert tcp $HOME_NET any -> [138.37.47.17] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.37.47.17/; sid:900725880; rev:1;) alert tcp $HOME_NET any -> [121.175.22.236] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.22.236/; sid:900725879; rev:1;) alert tcp $HOME_NET any -> [218.214.130.200] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.214.130.200/; sid:900725878; rev:1;) alert tcp $HOME_NET any -> [189.211.177.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.211.177.82/; sid:900725877; rev:1;) alert tcp $HOME_NET any -> [187.167.204.28] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.204.28/; sid:900725876; rev:1;) alert tcp $HOME_NET any -> [61.1.33.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.1.33.229/; sid:900725875; rev:1;) alert tcp $HOME_NET any -> [201.251.43.69] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.43.69/; sid:900725872; rev:1;) alert tcp $HOME_NET any -> [182.71.147.46] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.71.147.46/; sid:900725647; rev:1;) alert tcp $HOME_NET any -> [150.107.20.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.107.20.18/; sid:900725643; rev:1;) alert tcp $HOME_NET any -> [201.208.254.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.208.254.113/; sid:900725622; rev:1;) alert tcp $HOME_NET any -> [189.208.84.186] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.84.186/; sid:900725621; rev:1;) alert tcp $HOME_NET any -> [189.253.31.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.31.61/; sid:900725620; rev:1;) alert tcp $HOME_NET any -> [177.230.11.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.11.212/; sid:900725618; rev:1;) alert tcp $HOME_NET any -> [24.160.184.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.160.184.201/; sid:900725617; rev:1;) alert tcp $HOME_NET any -> [197.89.222.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.222.16/; sid:900725616; rev:1;) alert tcp $HOME_NET any -> [152.172.214.195] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.172.214.195/; sid:900725615; rev:1;) alert tcp $HOME_NET any -> [203.122.236.163] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.236.163/; sid:900725614; rev:1;) alert tcp $HOME_NET any -> [103.12.246.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.246.188/; sid:900725613; rev:1;) alert tcp $HOME_NET any -> [190.73.133.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.73.133.66/; sid:900725002; rev:1;) alert tcp $HOME_NET any -> [179.60.24.164] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.60.24.164/; sid:900724999; rev:1;) alert tcp $HOME_NET any -> [103.9.226.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.226.57/; sid:900724998; rev:1;) alert tcp $HOME_NET any -> [181.168.130.219] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.130.219/; sid:900724997; rev:1;) alert tcp $HOME_NET any -> [190.147.19.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.19.32/; sid:900724992; rev:1;) alert tcp $HOME_NET any -> [70.28.2.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.2.171/; sid:900724990; rev:1;) alert tcp $HOME_NET any -> [190.13.222.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.222.120/; sid:900724986; rev:1;) alert tcp $HOME_NET any -> [115.160.160.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.160.160.134/; sid:900724983; rev:1;) alert tcp $HOME_NET any -> [86.43.100.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.43.100.19/; sid:900724982; rev:1;) alert tcp $HOME_NET any -> [60.48.92.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.48.92.229/; sid:900724978; rev:1;) alert tcp $HOME_NET any -> [187.137.178.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.178.62/; sid:900724975; rev:1;) alert tcp $HOME_NET any -> [130.241.16.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.241.16.154/; sid:900724974; rev:1;) alert tcp $HOME_NET any -> [70.55.69.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.69.202/; sid:900724973; rev:1;) alert tcp $HOME_NET any -> [181.197.253.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.253.133/; sid:900724972; rev:1;) alert tcp $HOME_NET any -> [201.190.150.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.150.60/; sid:900724971; rev:1;) alert tcp $HOME_NET any -> [81.150.17.158] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.150.17.158/; sid:900724969; rev:1;) alert tcp $HOME_NET any -> [187.140.90.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.140.90.91/; sid:900724968; rev:1;) alert tcp $HOME_NET any -> [78.189.21.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.21.131/; sid:900724967; rev:1;) alert tcp $HOME_NET any -> [213.120.119.231] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.119.231/; sid:900724966; rev:1;) alert tcp $HOME_NET any -> [186.170.25.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.170.25.122/; sid:900724925; rev:1;) alert tcp $HOME_NET any -> [186.120.211.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.211.26/; sid:900724923; rev:1;) alert tcp $HOME_NET any -> [181.211.102.138] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.102.138/; sid:900724921; rev:1;) alert tcp $HOME_NET any -> [190.146.0.108] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.0.108/; sid:900724920; rev:1;) alert tcp $HOME_NET any -> [186.114.143.12] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.143.12/; sid:900724919; rev:1;) alert tcp $HOME_NET any -> [186.87.134.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.87.134.176/; sid:900724917; rev:1;) alert tcp $HOME_NET any -> [201.236.218.36] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.218.36/; sid:900724912; rev:1;) alert tcp $HOME_NET any -> [186.33.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.33.185.229/; sid:900724909; rev:1;) alert tcp $HOME_NET any -> [201.220.68.11] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.68.11/; sid:900724905; rev:1;) alert tcp $HOME_NET any -> [190.104.213.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.213.38/; sid:900724903; rev:1;) alert tcp $HOME_NET any -> [181.60.244.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.244.166/; sid:900724902; rev:1;) alert tcp $HOME_NET any -> [190.11.22.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.11.22.92/; sid:900724900; rev:1;) alert tcp $HOME_NET any -> [190.219.129.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.129.131/; sid:900724897; rev:1;) alert tcp $HOME_NET any -> [190.142.80.8] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.142.80.8/; sid:900724896; rev:1;) alert tcp $HOME_NET any -> [190.129.111.12] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.129.111.12/; sid:900724895; rev:1;) alert tcp $HOME_NET any -> [190.202.173.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.173.244/; sid:900724894; rev:1;) alert tcp $HOME_NET any -> [181.48.61.138] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.61.138/; sid:900724893; rev:1;) alert tcp $HOME_NET any -> [201.211.77.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.77.71/; sid:900724892; rev:1;) alert tcp $HOME_NET any -> [186.85.86.220] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.86.220/; sid:900724891; rev:1;) alert tcp $HOME_NET any -> [190.100.239.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.239.58/; sid:900724890; rev:1;) alert tcp $HOME_NET any -> [217.173.64.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.173.64.242/; sid:900724888; rev:1;) alert tcp $HOME_NET any -> [80.122.2.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.122.2.142/; sid:900724294; rev:1;) alert tcp $HOME_NET any -> [39.61.34.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.34.254/; sid:900724290; rev:1;) alert tcp $HOME_NET any -> [94.205.247.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.205.247.10/; sid:900724282; rev:1;) alert tcp $HOME_NET any -> [210.1.248.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.1.248.186/; sid:900724281; rev:1;) alert tcp $HOME_NET any -> [212.174.57.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.174.57.124/; sid:900724280; rev:1;) alert tcp $HOME_NET any -> [94.247.20.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.247.20.26/; sid:900724278; rev:1;) alert tcp $HOME_NET any -> [41.79.231.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.79.231.118/; sid:900724277; rev:1;) alert tcp $HOME_NET any -> [178.254.31.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.31.162/; sid:900724275; rev:1;) alert tcp $HOME_NET any -> [176.43.121.249] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.43.121.249/; sid:900724274; rev:1;) alert tcp $HOME_NET any -> [85.104.117.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.117.11/; sid:900724273; rev:1;) alert tcp $HOME_NET any -> [196.218.42.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.218.42.207/; sid:900724271; rev:1;) alert tcp $HOME_NET any -> [83.169.36.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.36.58/; sid:900724269; rev:1;) alert tcp $HOME_NET any -> [81.182.250.78] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.182.250.78/; sid:900724268; rev:1;) alert tcp $HOME_NET any -> [103.11.83.112] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.83.112/; sid:900724267; rev:1;) alert tcp $HOME_NET any -> [122.169.101.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.169.101.242/; sid:900724266; rev:1;) alert tcp $HOME_NET any -> [203.122.44.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.44.178/; sid:900724265; rev:1;) alert tcp $HOME_NET any -> [103.44.18.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.44.18.238/; sid:900724264; rev:1;) alert tcp $HOME_NET any -> [39.61.53.136] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.53.136/; sid:900724263; rev:1;) alert tcp $HOME_NET any -> [86.98.59.115] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.59.115/; sid:900724262; rev:1;) alert tcp $HOME_NET any -> [202.83.16.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.83.16.150/; sid:900724261; rev:1;) alert tcp $HOME_NET any -> [190.6.167.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.167.153/; sid:900724260; rev:1;) alert tcp $HOME_NET any -> [187.143.186.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.143.186.159/; sid:900724259; rev:1;) alert tcp $HOME_NET any -> [200.126.228.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.228.236/; sid:900721897; rev:1;) alert tcp $HOME_NET any -> [189.145.144.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.145.144.172/; sid:900721895; rev:1;) alert tcp $HOME_NET any -> [124.100.221.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.100.221.134/; sid:900721892; rev:1;) alert tcp $HOME_NET any -> [189.132.43.14] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.132.43.14/; sid:900721882; rev:1;) alert tcp $HOME_NET any -> [200.71.148.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.148.138/; sid:900721876; rev:1;) alert tcp $HOME_NET any -> [45.118.32.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.32.204/; sid:900721873; rev:1;) alert tcp $HOME_NET any -> [101.187.243.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.243.188/; sid:900721872; rev:1;) alert tcp $HOME_NET any -> [61.79.164.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.79.164.230/; sid:900721869; rev:1;) alert tcp $HOME_NET any -> [54.38.42.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.42.189/; sid:900721864; rev:1;) alert tcp $HOME_NET any -> [187.199.72.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.72.153/; sid:900721863; rev:1;) alert tcp $HOME_NET any -> [187.163.205.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.205.19/; sid:900721862; rev:1;) alert tcp $HOME_NET any -> [189.189.203.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.203.152/; sid:900721861; rev:1;) alert tcp $HOME_NET any -> [60.49.37.128] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.49.37.128/; sid:900721860; rev:1;) alert tcp $HOME_NET any -> [79.78.139.74] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.139.74/; sid:900721441; rev:1;) alert tcp $HOME_NET any -> [78.186.175.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.54/; sid:900721437; rev:1;) alert tcp $HOME_NET any -> [24.232.26.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.26.157/; sid:900721431; rev:1;) alert tcp $HOME_NET any -> [54.39.180.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.180.109/; sid:900721425; rev:1;) alert tcp $HOME_NET any -> [105.184.191.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.191.243/; sid:900721424; rev:1;) alert tcp $HOME_NET any -> [187.177.155.123] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.155.123/; sid:900721423; rev:1;) alert tcp $HOME_NET any -> [81.136.148.196] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.148.196/; sid:900721417; rev:1;) alert tcp $HOME_NET any -> [190.210.37.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.37.122/; sid:900721416; rev:1;) alert tcp $HOME_NET any -> [181.29.77.158] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.77.158/; sid:900721415; rev:1;) alert tcp $HOME_NET any -> [181.111.60.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.111.60.39/; sid:900721414; rev:1;) alert tcp $HOME_NET any -> [187.243.203.67] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.203.67/; sid:900721413; rev:1;) alert tcp $HOME_NET any -> [109.74.142.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.142.74/; sid:900721412; rev:1;) alert tcp $HOME_NET any -> [110.37.219.134] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.37.219.134/; sid:900721411; rev:1;) alert tcp $HOME_NET any -> [152.168.60.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.60.9/; sid:900721410; rev:1;) alert tcp $HOME_NET any -> [190.152.12.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.12.86/; sid:900721409; rev:1;) alert tcp $HOME_NET any -> [190.146.201.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.201.54/; sid:900721408; rev:1;) alert tcp $HOME_NET any -> [190.6.140.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.140.136/; sid:900721267; rev:1;) alert tcp $HOME_NET any -> [216.8.172.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.172.167/; sid:900721265; rev:1;) alert tcp $HOME_NET any -> [181.28.109.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.109.32/; sid:900721264; rev:1;) alert tcp $HOME_NET any -> [190.224.219.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.224.219.14/; sid:900721263; rev:1;) alert tcp $HOME_NET any -> [201.212.49.159] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.159/; sid:900721260; rev:1;) alert tcp $HOME_NET any -> [200.123.110.50] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.110.50/; sid:900721257; rev:1;) alert tcp $HOME_NET any -> [94.100.167.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.100.167.7/; sid:900721256; rev:1;) alert tcp $HOME_NET any -> [190.72.55.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.55.98/; sid:900721250; rev:1;) alert tcp $HOME_NET any -> [186.90.238.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.238.36/; sid:900721247; rev:1;) alert tcp $HOME_NET any -> [190.195.199.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.199.97/; sid:900721244; rev:1;) alert tcp $HOME_NET any -> [190.104.221.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.221.186/; sid:900721241; rev:1;) alert tcp $HOME_NET any -> [181.31.10.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.10.25/; sid:900721240; rev:1;) alert tcp $HOME_NET any -> [190.31.132.206] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.31.132.206/; sid:900721239; rev:1;) alert tcp $HOME_NET any -> [41.76.243.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.76.243.113/; sid:900721238; rev:1;) alert tcp $HOME_NET any -> [181.126.47.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.47.7/; sid:900721038; rev:1;) alert tcp $HOME_NET any -> [190.145.67.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.67.178/; sid:900721030; rev:1;) alert tcp $HOME_NET any -> [186.89.170.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.89.170.142/; sid:900721029; rev:1;) alert tcp $HOME_NET any -> [190.79.170.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.170.161/; sid:900721027; rev:1;) alert tcp $HOME_NET any -> [88.250.255.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.255.12/; sid:900721025; rev:1;) alert tcp $HOME_NET any -> [87.224.1.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.224.1.34/; sid:900721024; rev:1;) alert tcp $HOME_NET any -> [173.178.223.66] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.223.66/; sid:900721022; rev:1;) alert tcp $HOME_NET any -> [187.148.173.68] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.173.68/; sid:900721021; rev:1;) alert tcp $HOME_NET any -> [217.165.236.108] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.236.108/; sid:900721019; rev:1;) alert tcp $HOME_NET any -> [24.53.224.19] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.224.19/; sid:900721015; rev:1;) alert tcp $HOME_NET any -> [65.94.72.239] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.72.239/; sid:900721011; rev:1;) alert tcp $HOME_NET any -> [142.59.39.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.59.39.157/; sid:900721010; rev:1;) alert tcp $HOME_NET any -> [203.130.23.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.23.27/; sid:900721009; rev:1;) alert tcp $HOME_NET any -> [190.114.242.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.114.242.130/; sid:900721008; rev:1;) alert tcp $HOME_NET any -> [189.163.1.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.1.225/; sid:900721007; rev:1;) alert tcp $HOME_NET any -> [216.244.217.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.217.182/; sid:900721006; rev:1;) alert tcp $HOME_NET any -> [190.141.163.190] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.141.163.190/; sid:900721005; rev:1;) alert tcp $HOME_NET any -> [70.45.114.92] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.114.92/; sid:900721004; rev:1;) alert tcp $HOME_NET any -> [189.187.170.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.187.170.206/; sid:900721003; rev:1;) alert tcp $HOME_NET any -> [190.151.0.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.0.46/; sid:900721002; rev:1;) alert tcp $HOME_NET any -> [114.79.159.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.159.169/; sid:900721000; rev:1;) alert tcp $HOME_NET any -> [88.247.163.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.163.44/; sid:900720998; rev:1;) alert tcp $HOME_NET any -> [114.79.133.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.133.102/; sid:900720997; rev:1;) alert tcp $HOME_NET any -> [78.189.207.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.207.238/; sid:900720995; rev:1;) alert tcp $HOME_NET any -> [203.122.44.152] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.44.152/; sid:900720993; rev:1;) alert tcp $HOME_NET any -> [42.200.102.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.200.102.153/; sid:900720990; rev:1;) alert tcp $HOME_NET any -> [46.29.143.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.29.143.219/; sid:900720989; rev:1;) alert tcp $HOME_NET any -> [49.248.119.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.119.186/; sid:900720988; rev:1;) alert tcp $HOME_NET any -> [86.98.66.88] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.66.88/; sid:900720986; rev:1;) alert tcp $HOME_NET any -> [113.182.203.150] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.182.203.150/; sid:900720981; rev:1;) alert tcp $HOME_NET any -> [105.225.156.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.156.246/; sid:900720978; rev:1;) alert tcp $HOME_NET any -> [91.93.202.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.93.202.142/; sid:900720975; rev:1;) alert tcp $HOME_NET any -> [27.54.146.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.54.146.165/; sid:900720972; rev:1;) alert tcp $HOME_NET any -> [110.172.188.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.210/; sid:900720971; rev:1;) alert tcp $HOME_NET any -> [203.99.177.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.177.144/; sid:900720970; rev:1;) alert tcp $HOME_NET any -> [221.160.242.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.160.242.77/; sid:900720969; rev:1;) alert tcp $HOME_NET any -> [111.223.147.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.223.147.4/; sid:900720968; rev:1;) alert tcp $HOME_NET any -> [94.13.70.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.13.70.255/; sid:900720967; rev:1;) alert tcp $HOME_NET any -> [189.154.39.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.39.153/; sid:900720966; rev:1;) alert tcp $HOME_NET any -> [189.180.237.144] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.237.144/; sid:900720965; rev:1;) alert tcp $HOME_NET any -> [186.136.68.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.68.246/; sid:900720964; rev:1;) alert tcp $HOME_NET any -> [201.111.83.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.83.186/; sid:900720963; rev:1;) alert tcp $HOME_NET any -> [96.21.235.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.235.243/; sid:900720887; rev:1;) alert tcp $HOME_NET any -> [189.178.109.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.109.180/; sid:900720884; rev:1;) alert tcp $HOME_NET any -> [189.134.34.13] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.34.13/; sid:900720883; rev:1;) alert tcp $HOME_NET any -> [50.101.109.25] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.109.25/; sid:900720881; rev:1;) alert tcp $HOME_NET any -> [200.105.164.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.164.138/; sid:900720876; rev:1;) alert tcp $HOME_NET any -> [60.240.221.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.240.221.183/; sid:900720875; rev:1;) alert tcp $HOME_NET any -> [190.0.28.219] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.28.219/; sid:900720869; rev:1;) alert tcp $HOME_NET any -> [179.52.124.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.124.226/; sid:900720866; rev:1;) alert tcp $HOME_NET any -> [189.225.119.5] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.119.5/; sid:900720865; rev:1;) alert tcp $HOME_NET any -> [181.170.160.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.160.21/; sid:900720861; rev:1;) alert tcp $HOME_NET any -> [81.132.30.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.132.30.110/; sid:900720860; rev:1;) alert tcp $HOME_NET any -> [190.85.8.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.157/; sid:900720859; rev:1;) alert tcp $HOME_NET any -> [181.46.149.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.149.53/; sid:900720858; rev:1;) alert tcp $HOME_NET any -> [201.244.43.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.43.242/; sid:900720857; rev:1;) alert tcp $HOME_NET any -> [186.66.93.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.93.242/; sid:900720856; rev:1;) alert tcp $HOME_NET any -> [152.169.192.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.192.209/; sid:900720855; rev:1;) alert tcp $HOME_NET any -> [179.33.30.194] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.33.30.194/; sid:900720854; rev:1;) alert tcp $HOME_NET any -> [186.96.193.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.193.55/; sid:900720853; rev:1;) alert tcp $HOME_NET any -> [217.34.55.79] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.34.55.79/; sid:900720852; rev:1;) alert tcp $HOME_NET any -> [142.163.208.70] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.163.208.70/; sid:900720733; rev:1;) alert tcp $HOME_NET any -> [222.235.126.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.235.126.213/; sid:900720723; rev:1;) alert tcp $HOME_NET any -> [137.59.227.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.59.227.184/; sid:900720722; rev:1;) alert tcp $HOME_NET any -> [103.53.44.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.26/; sid:900720715; rev:1;) alert tcp $HOME_NET any -> [87.191.170.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.191.170.153/; sid:900720712; rev:1;) alert tcp $HOME_NET any -> [46.130.113.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.130.113.218/; sid:900720711; rev:1;) alert tcp $HOME_NET any -> [201.171.3.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.3.20/; sid:900720710; rev:1;) alert tcp $HOME_NET any -> [191.102.109.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.102.109.158/; sid:900720709; rev:1;) alert tcp $HOME_NET any -> [70.52.138.10] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.52.138.10/; sid:900720708; rev:1;) alert tcp $HOME_NET any -> [200.25.160.121] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.25.160.121/; sid:900720707; rev:1;) alert tcp $HOME_NET any -> [187.147.253.144] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.253.144/; sid:900720706; rev:1;) alert tcp $HOME_NET any -> [217.165.116.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.116.167/; sid:900720705; rev:1;) alert tcp $HOME_NET any -> [197.89.216.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.216.173/; sid:900720704; rev:1;) alert tcp $HOME_NET any -> [85.97.123.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.97.123.102/; sid:900720227; rev:1;) alert tcp $HOME_NET any -> [24.53.48.176] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.48.176/; sid:900720225; rev:1;) alert tcp $HOME_NET any -> [200.126.171.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.171.225/; sid:900720221; rev:1;) alert tcp $HOME_NET any -> [181.48.236.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.236.93/; sid:900720220; rev:1;) alert tcp $HOME_NET any -> [187.220.99.192] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.220.99.192/; sid:900720218; rev:1;) alert tcp $HOME_NET any -> [185.86.148.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.148.222/; sid:900720216; rev:1;) alert tcp $HOME_NET any -> [190.100.136.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.136.117/; sid:900720213; rev:1;) alert tcp $HOME_NET any -> [184.145.137.151] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.145.137.151/; sid:900720212; rev:1;) alert tcp $HOME_NET any -> [81.143.197.4] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.197.4/; sid:900720211; rev:1;) alert tcp $HOME_NET any -> [130.241.35.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.241.35.152/; sid:900720208; rev:1;) alert tcp $HOME_NET any -> [181.44.96.147] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.96.147/; sid:900720206; rev:1;) alert tcp $HOME_NET any -> [198.61.196.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.61.196.18/; sid:900720204; rev:1;) alert tcp $HOME_NET any -> [220.247.246.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.247.246.243/; sid:900720203; rev:1;) alert tcp $HOME_NET any -> [190.1.49.204] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.1.49.204/; sid:900720202; rev:1;) alert tcp $HOME_NET any -> [190.56.255.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.56.255.118/; sid:900720201; rev:1;) alert tcp $HOME_NET any -> [190.171.216.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.216.50/; sid:900720200; rev:1;) alert tcp $HOME_NET any -> [81.134.93.59] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.93.59/; sid:900720199; rev:1;) alert tcp $HOME_NET any -> [189.159.133.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.133.168/; sid:900720198; rev:1;) alert tcp $HOME_NET any -> [200.123.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.150.89/; sid:900720197; rev:1;) alert tcp $HOME_NET any -> [201.170.181.168] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.181.168/; sid:900720196; rev:1;) alert tcp $HOME_NET any -> [209.239.4.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.4.118/; sid:900720195; rev:1;) alert tcp $HOME_NET any -> [200.91.50.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.91.50.2/; sid:900720194; rev:1;) alert tcp $HOME_NET any -> [188.122.51.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.122.51.199/; sid:900720193; rev:1;) alert tcp $HOME_NET any -> [101.99.23.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.99.23.252/; sid:900720186; rev:1;) alert tcp $HOME_NET any -> [221.162.74.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.162.74.239/; sid:900720183; rev:1;) alert tcp $HOME_NET any -> [39.88.192.28] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.88.192.28/; sid:900720182; rev:1;) alert tcp $HOME_NET any -> [101.187.199.72] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.199.72/; sid:900720181; rev:1;) alert tcp $HOME_NET any -> [109.2.99.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.2.99.144/; sid:900720177; rev:1;) alert tcp $HOME_NET any -> [80.253.241.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.253.241.66/; sid:900720176; rev:1;) alert tcp $HOME_NET any -> [88.174.131.38] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.174.131.38/; sid:900720171; rev:1;) alert tcp $HOME_NET any -> [49.207.182.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.207.182.22/; sid:900720169; rev:1;) alert tcp $HOME_NET any -> [106.243.237.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.237.73/; sid:900720168; rev:1;) alert tcp $HOME_NET any -> [121.69.90.14] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.69.90.14/; sid:900720165; rev:1;) alert tcp $HOME_NET any -> [188.53.210.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.53.210.137/; sid:900720164; rev:1;) alert tcp $HOME_NET any -> [99.226.186.39] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.226.186.39/; sid:900720163; rev:1;) alert tcp $HOME_NET any -> [77.69.190.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.69.190.139/; sid:900720162; rev:1;) alert tcp $HOME_NET any -> [45.227.225.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.227.225.46/; sid:900720161; rev:1;) alert tcp $HOME_NET any -> [41.177.126.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.177.126.139/; sid:900720160; rev:1;) alert tcp $HOME_NET any -> [54.38.91.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.91.176/; sid:900720159; rev:1;) alert tcp $HOME_NET any -> [189.142.157.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.142.157.203/; sid:900720158; rev:1;) alert tcp $HOME_NET any -> [190.56.149.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.56.149.122/; sid:900720157; rev:1;) alert tcp $HOME_NET any -> [54.39.178.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.178.177/; sid:900720156; rev:1;) alert tcp $HOME_NET any -> [41.71.19.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.71.19.139/; sid:900717259; rev:1;) alert tcp $HOME_NET any -> [105.186.166.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.166.65/; sid:900717252; rev:1;) alert tcp $HOME_NET any -> [2.50.150.240] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.150.240/; sid:900717239; rev:1;) alert tcp $HOME_NET any -> [165.255.145.156] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.145.156/; sid:900717238; rev:1;) alert tcp $HOME_NET any -> [58.65.211.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.211.99/; sid:900717155; rev:1;) alert tcp $HOME_NET any -> [201.110.102.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.102.182/; sid:900717151; rev:1;) alert tcp $HOME_NET any -> [77.30.231.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.30.231.30/; sid:900717146; rev:1;) alert tcp $HOME_NET any -> [59.96.244.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.96.244.37/; sid:900717145; rev:1;) alert tcp $HOME_NET any -> [200.29.111.252] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.29.111.252/; sid:900717144; rev:1;) alert tcp $HOME_NET any -> [124.194.66.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.194.66.218/; sid:900717143; rev:1;) alert tcp $HOME_NET any -> [187.198.19.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.19.70/; sid:900717141; rev:1;) alert tcp $HOME_NET any -> [120.150.66.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.66.156/; sid:900717140; rev:1;) alert tcp $HOME_NET any -> [187.250.201.195] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.201.195/; sid:900717137; rev:1;) alert tcp $HOME_NET any -> [189.248.128.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.248.128.101/; sid:900717136; rev:1;) alert tcp $HOME_NET any -> [89.211.243.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.243.207/; sid:900717133; rev:1;) alert tcp $HOME_NET any -> [189.183.174.174] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.174.174/; sid:900717132; rev:1;) alert tcp $HOME_NET any -> [189.186.19.97] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.19.97/; sid:900717131; rev:1;) alert tcp $HOME_NET any -> [105.225.199.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.199.219/; sid:900717130; rev:1;) alert tcp $HOME_NET any -> [85.243.49.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.243.49.63/; sid:900717129; rev:1;) alert tcp $HOME_NET any -> [187.205.170.3] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.205.170.3/; sid:900717128; rev:1;) alert tcp $HOME_NET any -> [189.152.183.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.183.239/; sid:900717127; rev:1;) alert tcp $HOME_NET any -> [169.0.142.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.142.82/; sid:900717126; rev:1;) alert tcp $HOME_NET any -> [83.110.95.159] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.95.159/; sid:900717125; rev:1;) alert tcp $HOME_NET any -> [105.228.198.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.198.254/; sid:900717124; rev:1;) alert tcp $HOME_NET any -> [189.236.139.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.139.230/; sid:900717123; rev:1;) alert tcp $HOME_NET any -> [189.162.104.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.162.104.16/; sid:900717121; rev:1;) alert tcp $HOME_NET any -> [190.173.73.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.173.73.135/; sid:900717120; rev:1;) alert tcp $HOME_NET any -> [190.139.134.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.139.134.60/; sid:900717116; rev:1;) alert tcp $HOME_NET any -> [190.158.193.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.193.245/; sid:900717115; rev:1;) alert tcp $HOME_NET any -> [189.231.145.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.231.145.106/; sid:900717110; rev:1;) alert tcp $HOME_NET any -> [200.8.143.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.8.143.148/; sid:900717105; rev:1;) alert tcp $HOME_NET any -> [187.136.95.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.136.95.168/; sid:900717102; rev:1;) alert tcp $HOME_NET any -> [186.156.228.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.156.228.33/; sid:900717100; rev:1;) alert tcp $HOME_NET any -> [190.97.212.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.212.150/; sid:900717099; rev:1;) alert tcp $HOME_NET any -> [189.146.214.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.214.30/; sid:900717098; rev:1;) alert tcp $HOME_NET any -> [189.193.19.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.193.19.5/; sid:900717095; rev:1;) alert tcp $HOME_NET any -> [189.195.1.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.195.1.15/; sid:900717094; rev:1;) alert tcp $HOME_NET any -> [186.0.76.40] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.76.40/; sid:900717093; rev:1;) alert tcp $HOME_NET any -> [186.16.209.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.209.106/; sid:900717092; rev:1;) alert tcp $HOME_NET any -> [190.240.45.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.240.45.201/; sid:900717091; rev:1;) alert tcp $HOME_NET any -> [178.200.64.181] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.200.64.181/; sid:900717090; rev:1;) alert tcp $HOME_NET any -> [190.15.153.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.153.90/; sid:900717089; rev:1;) alert tcp $HOME_NET any -> [181.230.241.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.241.2/; sid:900717088; rev:1;) alert tcp $HOME_NET any -> [186.103.219.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.219.114/; sid:900717087; rev:1;) alert tcp $HOME_NET any -> [142.112.27.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.112.27.238/; sid:900717086; rev:1;) alert tcp $HOME_NET any -> [208.180.47.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.47.78/; sid:900716930; rev:1;) alert tcp $HOME_NET any -> [24.248.210.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.248.210.137/; sid:900716923; rev:1;) alert tcp $HOME_NET any -> [190.147.162.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.162.82/; sid:900716922; rev:1;) alert tcp $HOME_NET any -> [72.38.164.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.38.164.146/; sid:900716921; rev:1;) alert tcp $HOME_NET any -> [167.250.193.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.250.193.184/; sid:900716915; rev:1;) alert tcp $HOME_NET any -> [181.44.88.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.88.97/; sid:900716914; rev:1;) alert tcp $HOME_NET any -> [181.54.149.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.149.75/; sid:900716912; rev:1;) alert tcp $HOME_NET any -> [86.165.201.190] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.165.201.190/; sid:900716908; rev:1;) alert tcp $HOME_NET any -> [76.102.38.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.102.38.14/; sid:900716907; rev:1;) alert tcp $HOME_NET any -> [46.228.199.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.228.199.98/; sid:900716906; rev:1;) alert tcp $HOME_NET any -> [169.0.100.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.63/; sid:900716902; rev:1;) alert tcp $HOME_NET any -> [189.208.149.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.149.163/; sid:900716901; rev:1;) alert tcp $HOME_NET any -> [189.146.73.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.73.28/; sid:900716900; rev:1;) alert tcp $HOME_NET any -> [71.221.87.227] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.221.87.227/; sid:900716899; rev:1;) alert tcp $HOME_NET any -> [65.29.69.193] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.69.193/; sid:900716898; rev:1;) alert tcp $HOME_NET any -> [47.205.41.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.205.41.43/; sid:900716897; rev:1;) alert tcp $HOME_NET any -> [72.22.245.117] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.22.245.117/; sid:900716896; rev:1;) alert tcp $HOME_NET any -> [119.92.51.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.92.51.40/; sid:900716895; rev:1;) alert tcp $HOME_NET any -> [74.104.175.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.104.175.6/; sid:900716894; rev:1;) alert tcp $HOME_NET any -> [142.169.99.1] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.169.99.1/; sid:900716893; rev:1;) alert tcp $HOME_NET any -> [98.26.18.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.26.18.226/; sid:900716888; rev:1;) alert tcp $HOME_NET any -> [108.190.108.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.108.173/; sid:900716884; rev:1;) alert tcp $HOME_NET any -> [189.181.224.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.181.224.33/; sid:900716881; rev:1;) alert tcp $HOME_NET any -> [76.97.133.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.97.133.251/; sid:900716880; rev:1;) alert tcp $HOME_NET any -> [71.125.28.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.125.28.55/; sid:900716875; rev:1;) alert tcp $HOME_NET any -> [76.72.180.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.72.180.184/; sid:900716874; rev:1;) alert tcp $HOME_NET any -> [151.253.92.20] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.253.92.20/; sid:900716872; rev:1;) alert tcp $HOME_NET any -> [73.163.161.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.163.161.117/; sid:900716870; rev:1;) alert tcp $HOME_NET any -> [70.171.185.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.171.185.162/; sid:900716868; rev:1;) alert tcp $HOME_NET any -> [96.255.49.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.255.49.68/; sid:900716867; rev:1;) alert tcp $HOME_NET any -> [190.100.158.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.158.207/; sid:900716864; rev:1;) alert tcp $HOME_NET any -> [83.110.204.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.204.231/; sid:900716863; rev:1;) alert tcp $HOME_NET any -> [173.166.140.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.166.140.145/; sid:900716862; rev:1;) alert tcp $HOME_NET any -> [24.158.46.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.158.46.82/; sid:900716861; rev:1;) alert tcp $HOME_NET any -> [120.151.13.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.13.225/; sid:900716860; rev:1;) alert tcp $HOME_NET any -> [217.165.183.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.183.54/; sid:900716859; rev:1;) alert tcp $HOME_NET any -> [74.129.194.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.129.194.207/; sid:900716386; rev:1;) alert tcp $HOME_NET any -> [189.158.106.37] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.158.106.37/; sid:900716383; rev:1;) alert tcp $HOME_NET any -> [189.223.176.239] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.176.239/; sid:900716382; rev:1;) alert tcp $HOME_NET any -> [189.190.21.137] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.21.137/; sid:900716377; rev:1;) alert tcp $HOME_NET any -> [69.1.1.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.1.1.43/; sid:900716375; rev:1;) alert tcp $HOME_NET any -> [78.187.173.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.173.144/; sid:900716374; rev:1;) alert tcp $HOME_NET any -> [110.143.203.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.203.200/; sid:900716242; rev:1;) alert tcp $HOME_NET any -> [12.49.146.218] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.49.146.218/; sid:900716240; rev:1;) alert tcp $HOME_NET any -> [208.105.77.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.105.77.2/; sid:900716237; rev:1;) alert tcp $HOME_NET any -> [201.236.217.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.217.192/; sid:900716223; rev:1;) alert tcp $HOME_NET any -> [91.109.13.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.109.13.64/; sid:900716222; rev:1;) alert tcp $HOME_NET any -> [71.56.132.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.56.132.47/; sid:900716218; rev:1;) alert tcp $HOME_NET any -> [187.163.65.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.65.65/; sid:900716217; rev:1;) alert tcp $HOME_NET any -> [189.236.27.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.27.253/; sid:900716216; rev:1;) alert tcp $HOME_NET any -> [200.236.117.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.117.151/; sid:900716215; rev:1;) alert tcp $HOME_NET any -> [100.33.158.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.33.158.222/; sid:900716214; rev:1;) alert tcp $HOME_NET any -> [99.225.98.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.225.98.242/; sid:900716213; rev:1;) alert tcp $HOME_NET any -> [200.6.168.130] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.168.130/; sid:900716211; rev:1;) alert tcp $HOME_NET any -> [80.149.179.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.149.179.98/; sid:900716210; rev:1;) alert tcp $HOME_NET any -> [187.160.2.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.160.2.73/; sid:900716209; rev:1;) alert tcp $HOME_NET any -> [99.101.106.98] 11892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.101.106.98/; sid:900716208; rev:1;) alert tcp $HOME_NET any -> [97.115.32.101] 25965 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.115.32.101/; sid:900716207; rev:1;) alert tcp $HOME_NET any -> [105.32.101.117] 8307 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.32.101.117/; sid:900716206; rev:1;) alert tcp $HOME_NET any -> [110.114.117.116] 30240 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.114.117.116/; sid:900716205; rev:1;) alert tcp $HOME_NET any -> [104.116.32.44] 8293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.116.32.44/; sid:900716204; rev:1;) alert tcp $HOME_NET any -> [116.115.32.97] 26994 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.115.32.97/; sid:900716203; rev:1;) alert tcp $HOME_NET any -> [216.164.125.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.164.125.225/; sid:900715854; rev:1;) alert tcp $HOME_NET any -> [78.186.23.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.23.245/; sid:900715853; rev:1;) alert tcp $HOME_NET any -> [160.7.252.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.7.252.246/; sid:900715852; rev:1;) alert tcp $HOME_NET any -> [123.51.98.27] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.51.98.27/; sid:900715848; rev:1;) alert tcp $HOME_NET any -> [85.106.1.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.106.1.166/; sid:900715845; rev:1;) alert tcp $HOME_NET any -> [169.0.105.26] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.105.26/; sid:900715839; rev:1;) alert tcp $HOME_NET any -> [190.72.60.232] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.60.232/; sid:900715832; rev:1;) alert tcp $HOME_NET any -> [187.137.103.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.103.63/; sid:900715831; rev:1;) alert tcp $HOME_NET any -> [95.9.136.134] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.136.134/; sid:900715174; rev:1;) alert tcp $HOME_NET any -> [190.18.217.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.217.94/; sid:900715170; rev:1;) alert tcp $HOME_NET any -> [190.108.228.43] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.43/; sid:900715167; rev:1;) alert tcp $HOME_NET any -> [100.7.75.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.7.75.236/; sid:900715161; rev:1;) alert tcp $HOME_NET any -> [173.17.134.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.17.134.231/; sid:900715160; rev:1;) alert tcp $HOME_NET any -> [84.9.29.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.9.29.111/; sid:900715157; rev:1;) alert tcp $HOME_NET any -> [189.253.110.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.110.230/; sid:900715153; rev:1;) alert tcp $HOME_NET any -> [189.180.51.94] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.51.94/; sid:900715152; rev:1;) alert tcp $HOME_NET any -> [50.79.146.13] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.79.146.13/; sid:900715149; rev:1;) alert tcp $HOME_NET any -> [91.236.245.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.236.245.65/; sid:900715147; rev:1;) alert tcp $HOME_NET any -> [186.68.82.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.82.19/; sid:900715146; rev:1;) alert tcp $HOME_NET any -> [128.234.190.116] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.234.190.116/; sid:900715145; rev:1;) alert tcp $HOME_NET any -> [54.39.179.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.179.152/; sid:900715144; rev:1;) alert tcp $HOME_NET any -> [190.171.208.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.208.218/; sid:900715143; rev:1;) alert tcp $HOME_NET any -> [186.149.243.238] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.243.238/; sid:900715142; rev:1;) alert tcp $HOME_NET any -> [114.55.106.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.55.106.210/; sid:900715141; rev:1;) alert tcp $HOME_NET any -> [47.147.11.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.147.11.21/; sid:900715140; rev:1;) alert tcp $HOME_NET any -> [187.220.233.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.220.233.135/; sid:900715139; rev:1;) alert tcp $HOME_NET any -> [98.6.40.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.6.40.86/; sid:900715138; rev:1;) alert tcp $HOME_NET any -> [217.165.2.133] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.133/; sid:900715137; rev:1;) alert tcp $HOME_NET any -> [37.187.150.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.150.39/; sid:900715133; rev:1;) alert tcp $HOME_NET any -> [119.196.94.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.196.94.222/; sid:900715132; rev:1;) alert tcp $HOME_NET any -> [181.165.31.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.31.120/; sid:900715131; rev:1;) alert tcp $HOME_NET any -> [142.129.161.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.129.161.136/; sid:900715130; rev:1;) alert tcp $HOME_NET any -> [92.48.118.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.48.118.27/; sid:900715126; rev:1;) alert tcp $HOME_NET any -> [96.240.18.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.240.18.23/; sid:900715124; rev:1;) alert tcp $HOME_NET any -> [186.136.75.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.75.37/; sid:900715120; rev:1;) alert tcp $HOME_NET any -> [186.66.12.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.12.10/; sid:900715115; rev:1;) alert tcp $HOME_NET any -> [213.16.213.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.16.213.197/; sid:900715114; rev:1;) alert tcp $HOME_NET any -> [186.109.81.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.81.97/; sid:900715113; rev:1;) alert tcp $HOME_NET any -> [181.118.206.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.206.6/; sid:900715112; rev:1;) alert tcp $HOME_NET any -> [213.159.215.1] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.159.215.1/; sid:900715109; rev:1;) alert tcp $HOME_NET any -> [79.77.53.46] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.77.53.46/; sid:900715108; rev:1;) alert tcp $HOME_NET any -> [80.249.176.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.176.206/; sid:900715107; rev:1;) alert tcp $HOME_NET any -> [170.84.133.72] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.133.72/; sid:900715106; rev:1;) alert tcp $HOME_NET any -> [47.180.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.65.61/; sid:900715105; rev:1;) alert tcp $HOME_NET any -> [216.146.254.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.146.254.225/; sid:900715104; rev:1;) alert tcp $HOME_NET any -> [109.170.203.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.203.154/; sid:900715103; rev:1;) alert tcp $HOME_NET any -> [190.92.123.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.123.178/; sid:900715102; rev:1;) alert tcp $HOME_NET any -> [24.85.236.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.85.236.47/; sid:900715101; rev:1;) alert tcp $HOME_NET any -> [115.88.75.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.75.245/; sid:900715100; rev:1;) alert tcp $HOME_NET any -> [190.220.69.69] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.69.69/; sid:900715099; rev:1;) alert tcp $HOME_NET any -> [202.91.43.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.43.204/; sid:900714936; rev:1;) alert tcp $HOME_NET any -> [200.204.204.204] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.204.204.204/; sid:900714922; rev:1;) alert tcp $HOME_NET any -> [159.118.53.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.118.53.150/; sid:900712865; rev:1;) alert tcp $HOME_NET any -> [58.108.220.220] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.108.220.220/; sid:900712859; rev:1;) alert tcp $HOME_NET any -> [179.38.83.88] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.38.83.88/; sid:900712857; rev:1;) alert tcp $HOME_NET any -> [104.34.29.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.34.29.60/; sid:900712853; rev:1;) alert tcp $HOME_NET any -> [68.103.38.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.103.38.30/; sid:900712852; rev:1;) alert tcp $HOME_NET any -> [190.171.237.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.136/; sid:900712851; rev:1;) alert tcp $HOME_NET any -> [204.184.25.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.163/; sid:900712850; rev:1;) alert tcp $HOME_NET any -> [134.19.217.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.19.217.70/; sid:900712848; rev:1;) alert tcp $HOME_NET any -> [190.128.82.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.82.61/; sid:900712847; rev:1;) alert tcp $HOME_NET any -> [24.248.202.22] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.248.202.22/; sid:900712842; rev:1;) alert tcp $HOME_NET any -> [198.136.49.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.136.49.139/; sid:900712841; rev:1;) alert tcp $HOME_NET any -> [79.130.46.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.130.46.68/; sid:900712840; rev:1;) alert tcp $HOME_NET any -> [98.217.222.167] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.217.222.167/; sid:900712839; rev:1;) alert tcp $HOME_NET any -> [98.175.204.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.204.114/; sid:900712838; rev:1;) alert tcp $HOME_NET any -> [187.138.28.244] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.28.244/; sid:900712837; rev:1;) alert tcp $HOME_NET any -> [95.155.24.108] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.155.24.108/; sid:900712836; rev:1;) alert tcp $HOME_NET any -> [186.4.167.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.167.166/; sid:900712835; rev:1;) alert tcp $HOME_NET any -> [74.79.252.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.79.252.106/; sid:900712834; rev:1;) alert tcp $HOME_NET any -> [71.179.135.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.179.135.10/; sid:900712833; rev:1;) alert tcp $HOME_NET any -> [109.104.79.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.104.79.48/; sid:900712358; rev:1;) alert tcp $HOME_NET any -> [86.43.125.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.43.125.152/; sid:900712356; rev:1;) alert tcp $HOME_NET any -> [107.184.201.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.184.201.99/; sid:900712354; rev:1;) alert tcp $HOME_NET any -> [92.27.103.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.103.140/; sid:900712350; rev:1;) alert tcp $HOME_NET any -> [138.68.139.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.139.199/; sid:900712346; rev:1;) alert tcp $HOME_NET any -> [209.112.181.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.112.181.206/; sid:900712345; rev:1;) alert tcp $HOME_NET any -> [135.19.206.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.19.206.30/; sid:900712342; rev:1;) alert tcp $HOME_NET any -> [200.52.75.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.75.212/; sid:900712340; rev:1;) alert tcp $HOME_NET any -> [98.188.200.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.188.200.74/; sid:900712339; rev:1;) alert tcp $HOME_NET any -> [216.221.68.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.68.35/; sid:900712337; rev:1;) alert tcp $HOME_NET any -> [181.228.204.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.204.125/; sid:900712336; rev:1;) alert tcp $HOME_NET any -> [98.5.163.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.5.163.186/; sid:900712335; rev:1;) alert tcp $HOME_NET any -> [201.196.89.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.196.89.80/; sid:900712334; rev:1;) alert tcp $HOME_NET any -> [192.237.251.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.237.251.185/; sid:900712332; rev:1;) alert tcp $HOME_NET any -> [189.157.235.122] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.235.122/; sid:900712331; rev:1;) alert tcp $HOME_NET any -> [189.210.114.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.114.18/; sid:900712330; rev:1;) alert tcp $HOME_NET any -> [190.96.22.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.22.93/; sid:900712329; rev:1;) alert tcp $HOME_NET any -> [81.213.63.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.63.109/; sid:900712328; rev:1;) alert tcp $HOME_NET any -> [186.23.189.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.189.192/; sid:900712327; rev:1;) alert tcp $HOME_NET any -> [23.25.165.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.165.74/; sid:900712326; rev:1;) alert tcp $HOME_NET any -> [200.60.71.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.60.71.194/; sid:900712325; rev:1;) alert tcp $HOME_NET any -> [187.155.234.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.234.215/; sid:900712324; rev:1;) alert tcp $HOME_NET any -> [189.155.54.228] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.54.228/; sid:900712323; rev:1;) alert tcp $HOME_NET any -> [162.252.103.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.252.103.78/; sid:900712322; rev:1;) alert tcp $HOME_NET any -> [71.179.46.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.179.46.252/; sid:900711459; rev:1;) alert tcp $HOME_NET any -> [202.51.181.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.51.181.50/; sid:900711457; rev:1;) alert tcp $HOME_NET any -> [73.6.157.159] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.6.157.159/; sid:900711456; rev:1;) alert tcp $HOME_NET any -> [190.41.82.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.41.82.177/; sid:900711450; rev:1;) alert tcp $HOME_NET any -> [178.95.247.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.95.247.58/; sid:900711449; rev:1;) alert tcp $HOME_NET any -> [50.33.155.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.33.155.172/; sid:900711441; rev:1;) alert tcp $HOME_NET any -> [202.91.43.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.91.43.74/; sid:900711440; rev:1;) alert tcp $HOME_NET any -> [200.23.18.172] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.23.18.172/; sid:900711438; rev:1;) alert tcp $HOME_NET any -> [68.58.185.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.58.185.8/; sid:900711435; rev:1;) alert tcp $HOME_NET any -> [173.209.178.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.209.178.228/; sid:900711434; rev:1;) alert tcp $HOME_NET any -> [71.240.202.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.240.202.243/; sid:900711433; rev:1;) alert tcp $HOME_NET any -> [69.125.80.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.125.80.135/; sid:900711432; rev:1;) alert tcp $HOME_NET any -> [71.237.186.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.237.186.212/; sid:900711431; rev:1;) alert tcp $HOME_NET any -> [67.204.50.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.204.50.87/; sid:900711430; rev:1;) alert tcp $HOME_NET any -> [97.83.88.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.83.88.72/; sid:900710501; rev:1;) alert tcp $HOME_NET any -> [42.119.105.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.119.105.64/; sid:900710496; rev:1;) alert tcp $HOME_NET any -> [187.153.56.134] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.56.134/; sid:900710494; rev:1;) alert tcp $HOME_NET any -> [173.241.126.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.241.126.78/; sid:900710486; rev:1;) alert tcp $HOME_NET any -> [41.75.1.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.1.16/; sid:900710484; rev:1;) alert tcp $HOME_NET any -> [88.247.124.152] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.124.152/; sid:900710482; rev:1;) alert tcp $HOME_NET any -> [121.181.5.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.181.5.53/; sid:900710481; rev:1;) alert tcp $HOME_NET any -> [24.186.203.66] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.186.203.66/; sid:900710480; rev:1;) alert tcp $HOME_NET any -> [174.109.80.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.109.80.223/; sid:900710479; rev:1;) alert tcp $HOME_NET any -> [107.190.203.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.190.203.165/; sid:900710474; rev:1;) alert tcp $HOME_NET any -> [187.190.105.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.105.150/; sid:900710473; rev:1;) alert tcp $HOME_NET any -> [174.87.45.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.87.45.161/; sid:900710472; rev:1;) alert tcp $HOME_NET any -> [181.188.128.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.128.192/; sid:900710034; rev:1;) alert tcp $HOME_NET any -> [101.37.20.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.37.20.145/; sid:900710033; rev:1;) alert tcp $HOME_NET any -> [200.85.110.240] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.85.110.240/; sid:900710030; rev:1;) alert tcp $HOME_NET any -> [74.115.246.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.115.246.21/; sid:900710026; rev:1;) alert tcp $HOME_NET any -> [186.4.128.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.128.45/; sid:900710023; rev:1;) alert tcp $HOME_NET any -> [200.46.206.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.46.206.236/; sid:900710021; rev:1;) alert tcp $HOME_NET any -> [27.100.25.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.100.25.77/; sid:900710019; rev:1;) alert tcp $HOME_NET any -> [24.193.15.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.193.15.39/; sid:900710012; rev:1;) alert tcp $HOME_NET any -> [96.69.89.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.69.89.156/; sid:900710011; rev:1;) alert tcp $HOME_NET any -> [77.30.225.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.30.225.123/; sid:900710008; rev:1;) alert tcp $HOME_NET any -> [86.162.241.81] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.162.241.81/; sid:900710007; rev:1;) alert tcp $HOME_NET any -> [139.130.164.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.164.236/; sid:900710006; rev:1;) alert tcp $HOME_NET any -> [169.0.126.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.126.23/; sid:900710005; rev:1;) alert tcp $HOME_NET any -> [192.141.209.252] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.141.209.252/; sid:900710004; rev:1;) alert tcp $HOME_NET any -> [75.74.153.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.74.153.103/; sid:900710002; rev:1;) alert tcp $HOME_NET any -> [108.189.168.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.189.168.117/; sid:900710001; rev:1;) alert tcp $HOME_NET any -> [216.198.175.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.198.175.99/; sid:900710000; rev:1;) alert tcp $HOME_NET any -> [198.0.36.237] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.36.237/; sid:900709999; rev:1;) alert tcp $HOME_NET any -> [68.15.200.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.15.200.175/; sid:900709781; rev:1;) alert tcp $HOME_NET any -> [97.68.187.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.68.187.74/; sid:900709777; rev:1;) alert tcp $HOME_NET any -> [196.210.29.196] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.29.196/; sid:900709769; rev:1;) alert tcp $HOME_NET any -> [72.38.88.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.38.88.118/; sid:900709767; rev:1;) alert tcp $HOME_NET any -> [59.24.156.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.24.156.97/; sid:900709766; rev:1;) alert tcp $HOME_NET any -> [50.100.125.251] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.100.125.251/; sid:900709763; rev:1;) alert tcp $HOME_NET any -> [71.200.12.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.200.12.22/; sid:900709761; rev:1;) alert tcp $HOME_NET any -> [186.71.54.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.54.74/; sid:900709759; rev:1;) alert tcp $HOME_NET any -> [187.163.127.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.127.20/; sid:900708721; rev:1;) alert tcp $HOME_NET any -> [200.58.78.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.77/; sid:900708720; rev:1;) alert tcp $HOME_NET any -> [184.6.79.105] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.6.79.105/; sid:900708718; rev:1;) alert tcp $HOME_NET any -> [181.129.130.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.130.82/; sid:900708717; rev:1;) alert tcp $HOME_NET any -> [202.53.94.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.53.94.4/; sid:900708716; rev:1;) alert tcp $HOME_NET any -> [190.2.43.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.2.43.237/; sid:900708707; rev:1;) alert tcp $HOME_NET any -> [128.92.54.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.92.54.20/; sid:900708706; rev:1;) alert tcp $HOME_NET any -> [201.145.151.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.151.91/; sid:900708705; rev:1;) alert tcp $HOME_NET any -> [187.218.236.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.218.236.242/; sid:900708703; rev:1;) alert tcp $HOME_NET any -> [107.11.23.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.11.23.236/; sid:900708702; rev:1;) alert tcp $HOME_NET any -> [177.224.87.110] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.224.87.110/; sid:900708698; rev:1;) alert tcp $HOME_NET any -> [186.20.225.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.225.65/; sid:900708697; rev:1;) alert tcp $HOME_NET any -> [190.191.88.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.88.126/; sid:900708696; rev:1;) alert tcp $HOME_NET any -> [181.60.228.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.60.228.203/; sid:900708695; rev:1;) alert tcp $HOME_NET any -> [209.182.216.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.182.216.177/; sid:900708694; rev:1;) alert tcp $HOME_NET any -> [181.193.115.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.193.115.50/; sid:900708693; rev:1;) alert tcp $HOME_NET any -> [81.18.134.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.18.134.18/; sid:900708692; rev:1;) alert tcp $HOME_NET any -> [75.161.71.124] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.161.71.124/; sid:900708691; rev:1;) alert tcp $HOME_NET any -> [50.74.56.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.74.56.147/; sid:900708690; rev:1;) alert tcp $HOME_NET any -> [79.129.42.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.42.122/; sid:900708689; rev:1;) alert tcp $HOME_NET any -> [71.255.224.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.255.224.174/; sid:900708654; rev:1;) alert tcp $HOME_NET any -> [73.202.198.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.202.198.23/; sid:900708650; rev:1;) alert tcp $HOME_NET any -> [175.140.190.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.140.190.9/; sid:900708646; rev:1;) alert tcp $HOME_NET any -> [74.99.65.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.99.65.165/; sid:900708644; rev:1;) alert tcp $HOME_NET any -> [197.211.225.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.225.149/; sid:900708642; rev:1;) alert tcp $HOME_NET any -> [97.68.7.204] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.68.7.204/; sid:900708641; rev:1;) alert tcp $HOME_NET any -> [75.139.212.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.212.33/; sid:900708637; rev:1;) alert tcp $HOME_NET any -> [101.187.14.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.14.253/; sid:900708634; rev:1;) alert tcp $HOME_NET any -> [99.88.232.81] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.88.232.81/; sid:900708631; rev:1;) alert tcp $HOME_NET any -> [222.154.224.251] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.154.224.251/; sid:900708628; rev:1;) alert tcp $HOME_NET any -> [165.227.191.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.191.145/; sid:900708626; rev:1;) alert tcp $HOME_NET any -> [187.172.8.56] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.172.8.56/; sid:900708625; rev:1;) alert tcp $HOME_NET any -> [162.223.49.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.223.49.226/; sid:900708624; rev:1;) alert tcp $HOME_NET any -> [120.150.236.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.236.64/; sid:900708623; rev:1;) alert tcp $HOME_NET any -> [184.186.219.249] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.219.249/; sid:900708622; rev:1;) alert tcp $HOME_NET any -> [105.186.226.64] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.226.64/; sid:900708621; rev:1;) alert tcp $HOME_NET any -> [50.253.215.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.253.215.97/; sid:900708620; rev:1;) alert tcp $HOME_NET any -> [108.31.30.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.31.30.251/; sid:900708619; rev:1;) alert tcp $HOME_NET any -> [174.106.138.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.138.248/; sid:900708618; rev:1;) alert tcp $HOME_NET any -> [129.89.34.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.34.249/; sid:900708617; rev:1;) alert tcp $HOME_NET any -> [178.134.123.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.123.218/; sid:900708616; rev:1;) alert tcp $HOME_NET any -> [173.61.130.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.130.241/; sid:900707439; rev:1;) alert tcp $HOME_NET any -> [64.168.51.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.168.51.18/; sid:900707438; rev:1;) alert tcp $HOME_NET any -> [120.150.97.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.97.145/; sid:900707426; rev:1;) alert tcp $HOME_NET any -> [186.103.149.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.149.146/; sid:900707425; rev:1;) alert tcp $HOME_NET any -> [190.210.251.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.251.29/; sid:900707424; rev:1;) alert tcp $HOME_NET any -> [86.150.40.102] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.40.102/; sid:900707423; rev:1;) alert tcp $HOME_NET any -> [100.35.142.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.142.37/; sid:900707422; rev:1;) alert tcp $HOME_NET any -> [74.56.138.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.138.57/; sid:900707421; rev:1;) alert tcp $HOME_NET any -> [72.225.197.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.225.197.185/; sid:900707420; rev:1;) alert tcp $HOME_NET any -> [47.32.209.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.209.86/; sid:900707419; rev:1;) alert tcp $HOME_NET any -> [72.48.172.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.48.172.106/; sid:900707417; rev:1;) alert tcp $HOME_NET any -> [98.119.120.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.119.120.11/; sid:900707252; rev:1;) alert tcp $HOME_NET any -> [27.4.100.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.4.100.100/; sid:900707251; rev:1;) alert tcp $HOME_NET any -> [45.47.32.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.47.32.181/; sid:900707238; rev:1;) alert tcp $HOME_NET any -> [12.197.97.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.197.97.250/; sid:900707219; rev:1;) alert tcp $HOME_NET any -> [104.169.46.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.169.46.207/; sid:900707218; rev:1;) alert tcp $HOME_NET any -> [192.173.191.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.173.191.126/; sid:900707217; rev:1;) alert tcp $HOME_NET any -> [78.189.140.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.140.249/; sid:900707215; rev:1;) alert tcp $HOME_NET any -> [24.190.11.79] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.190.11.79/; sid:900707214; rev:1;) alert tcp $HOME_NET any -> [88.235.54.71] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.235.54.71/; sid:900707213; rev:1;) alert tcp $HOME_NET any -> [192.208.165.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.208.165.34/; sid:900707212; rev:1;) alert tcp $HOME_NET any -> [67.216.131.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.216.131.134/; sid:900707211; rev:1;) alert tcp $HOME_NET any -> [98.23.69.69] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.23.69.69/; sid:900707210; rev:1;) alert tcp $HOME_NET any -> [74.91.77.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.91.77.104/; sid:900706195; rev:1;) alert tcp $HOME_NET any -> [201.227.216.3] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.227.216.3/; sid:900706194; rev:1;) alert tcp $HOME_NET any -> [186.176.165.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.165.231/; sid:900706190; rev:1;) alert tcp $HOME_NET any -> [190.8.246.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.8.246.18/; sid:900706180; rev:1;) alert tcp $HOME_NET any -> [97.93.244.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.244.9/; sid:900706175; rev:1;) alert tcp $HOME_NET any -> [203.122.20.90] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.20.90/; sid:900706174; rev:1;) alert tcp $HOME_NET any -> [200.188.143.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.188.143.154/; sid:900706173; rev:1;) alert tcp $HOME_NET any -> [24.227.158.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.227.158.234/; sid:900706170; rev:1;) alert tcp $HOME_NET any -> [98.23.19.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.23.19.218/; sid:900706169; rev:1;) alert tcp $HOME_NET any -> [184.59.116.243] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.59.116.243/; sid:900706168; rev:1;) alert tcp $HOME_NET any -> [162.213.21.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.213.21.254/; sid:900706166; rev:1;) alert tcp $HOME_NET any -> [85.105.203.77] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.203.77/; sid:900706163; rev:1;) alert tcp $HOME_NET any -> [83.136.245.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.136.245.190/; sid:900706162; rev:1;) alert tcp $HOME_NET any -> [140.207.113.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.207.113.106/; sid:900706161; rev:1;) alert tcp $HOME_NET any -> [69.164.216.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.216.124/; sid:900619607; rev:1;) alert tcp $HOME_NET any -> [190.17.173.56] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.56/; sid:900619583; rev:1;) alert tcp $HOME_NET any -> [172.91.24.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.91.24.153/; sid:900619565; rev:1;) alert tcp $HOME_NET any -> [108.0.186.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.0.186.35/; sid:900705587; rev:1;) alert tcp $HOME_NET any -> [72.94.37.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.94.37.253/; sid:900705586; rev:1;) alert tcp $HOME_NET any -> [24.243.111.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.111.170/; sid:900705585; rev:1;) alert tcp $HOME_NET any -> [67.172.158.76] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.172.158.76/; sid:900705582; rev:1;) alert tcp $HOME_NET any -> [74.194.31.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.194.31.67/; sid:900705581; rev:1;) alert tcp $HOME_NET any -> [71.172.140.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.172.140.77/; sid:900705580; rev:1;) alert tcp $HOME_NET any -> [173.170.84.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.170.84.153/; sid:900705579; rev:1;) alert tcp $HOME_NET any -> [219.94.254.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.94.254.93/; sid:900705509; rev:1;) alert tcp $HOME_NET any -> [144.76.117.247] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.117.247/; sid:900705494; rev:1;) alert tcp $HOME_NET any -> [23.94.123.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.123.231/; sid:900705487; rev:1;) alert tcp $HOME_NET any -> [66.112.88.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.112.88.78/; sid:900705480; rev:1;) alert tcp $HOME_NET any -> [104.136.151.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.136.151.73/; sid:900705479; rev:1;) alert tcp $HOME_NET any -> [24.35.180.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.35.180.220/; sid:900619566; rev:1;) alert tcp $HOME_NET any -> [179.108.106.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.108.106.157/; sid:900705129; rev:1;) alert tcp $HOME_NET any -> [181.49.247.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.247.206/; sid:900705120; rev:1;) alert tcp $HOME_NET any -> [181.188.135.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.135.60/; sid:900705118; rev:1;) alert tcp $HOME_NET any -> [90.63.216.55] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.216.55/; sid:900705116; rev:1;) alert tcp $HOME_NET any -> [181.135.156.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.135.156.96/; sid:900705109; rev:1;) alert tcp $HOME_NET any -> [190.146.222.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.222.35/; sid:900705107; rev:1;) alert tcp $HOME_NET any -> [219.138.20.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.138.20.253/; sid:900705106; rev:1;) alert tcp $HOME_NET any -> [91.117.147.2] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.147.2/; sid:900705100; rev:1;) alert tcp $HOME_NET any -> [80.102.228.132] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.102.228.132/; sid:900705099; rev:1;) alert tcp $HOME_NET any -> [182.180.95.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.95.163/; sid:900705098; rev:1;) alert tcp $HOME_NET any -> [78.182.140.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.182.140.71/; sid:900705097; rev:1;) alert tcp $HOME_NET any -> [91.126.37.22] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.126.37.22/; sid:900705096; rev:1;) alert tcp $HOME_NET any -> [85.101.154.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.101.154.23/; sid:900705095; rev:1;) alert tcp $HOME_NET any -> [187.207.12.6] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.12.6/; sid:900705056; rev:1;) alert tcp $HOME_NET any -> [201.120.89.60] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.120.89.60/; sid:900705053; rev:1;) alert tcp $HOME_NET any -> [217.36.215.11] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.36.215.11/; sid:900705049; rev:1;) alert tcp $HOME_NET any -> [61.107.76.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.107.76.47/; sid:900705047; rev:1;) alert tcp $HOME_NET any -> [173.178.94.138] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.178.94.138/; sid:900705041; rev:1;) alert tcp $HOME_NET any -> [200.42.206.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.42.206.134/; sid:900705039; rev:1;) alert tcp $HOME_NET any -> [122.165.134.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.165.134.72/; sid:900705038; rev:1;) alert tcp $HOME_NET any -> [190.92.122.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.122.226/; sid:900705035; rev:1;) alert tcp $HOME_NET any -> [190.85.165.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.165.34/; sid:900705034; rev:1;) alert tcp $HOME_NET any -> [190.188.114.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.114.60/; sid:900705033; rev:1;) alert tcp $HOME_NET any -> [186.150.97.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.97.128/; sid:900705032; rev:1;) alert tcp $HOME_NET any -> [190.194.71.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.71.111/; sid:900705030; rev:1;) alert tcp $HOME_NET any -> [105.224.170.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.204/; sid:900705029; rev:1;) alert tcp $HOME_NET any -> [190.224.107.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.224.107.28/; sid:900705028; rev:1;) alert tcp $HOME_NET any -> [200.54.111.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.111.170/; sid:900705027; rev:1;) alert tcp $HOME_NET any -> [186.159.186.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.186.156/; sid:900705026; rev:1;) alert tcp $HOME_NET any -> [24.202.228.83] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.202.228.83/; sid:900704911; rev:1;) alert tcp $HOME_NET any -> [31.167.15.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.15.93/; sid:900704903; rev:1;) alert tcp $HOME_NET any -> [70.70.184.79] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.70.184.79/; sid:900704901; rev:1;) alert tcp $HOME_NET any -> [217.165.68.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.68.49/; sid:900704899; rev:1;) alert tcp $HOME_NET any -> [111.95.152.246] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.95.152.246/; sid:900704890; rev:1;) alert tcp $HOME_NET any -> [91.184.13.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.184.13.216/; sid:900619570; rev:1;) alert tcp $HOME_NET any -> [189.170.145.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.170.145.155/; sid:900704721; rev:1;) alert tcp $HOME_NET any -> [144.139.247.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.247.220/; sid:900704720; rev:1;) alert tcp $HOME_NET any -> [165.255.130.181] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.130.181/; sid:900704717; rev:1;) alert tcp $HOME_NET any -> [185.20.104.238] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.20.104.238/; sid:900704716; rev:1;) alert tcp $HOME_NET any -> [182.176.94.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.94.236/; sid:900704711; rev:1;) alert tcp $HOME_NET any -> [100.42.161.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.161.20/; sid:900704710; rev:1;) alert tcp $HOME_NET any -> [78.188.59.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.59.144/; sid:900704708; rev:1;) alert tcp $HOME_NET any -> [70.164.196.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.196.212/; sid:900704706; rev:1;) alert tcp $HOME_NET any -> [113.161.174.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.161.174.36/; sid:900704704; rev:1;) alert tcp $HOME_NET any -> [73.254.24.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.254.24.122/; sid:900704699; rev:1;) alert tcp $HOME_NET any -> [198.74.58.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.74.58.47/; sid:900704695; rev:1;) alert tcp $HOME_NET any -> [122.174.172.246] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.174.172.246/; sid:900704694; rev:1;) alert tcp $HOME_NET any -> [47.23.101.26] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.101.26/; sid:900704692; rev:1;) alert tcp $HOME_NET any -> [173.167.68.21] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.68.21/; sid:900704691; rev:1;) alert tcp $HOME_NET any -> [85.105.71.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.71.247/; sid:900704690; rev:1;) alert tcp $HOME_NET any -> [178.210.51.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.210.51.222/; sid:900704689; rev:1;) alert tcp $HOME_NET any -> [189.236.60.24] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.60.24/; sid:900704688; rev:1;) alert tcp $HOME_NET any -> [74.143.211.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.143.211.18/; sid:900704687; rev:1;) alert tcp $HOME_NET any -> [54.38.246.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.246.111/; sid:900704686; rev:1;) alert tcp $HOME_NET any -> [98.115.74.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.115.74.17/; sid:900704685; rev:1;) alert tcp $HOME_NET any -> [186.146.1.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.1.36/; sid:900704292; rev:1;) alert tcp $HOME_NET any -> [77.68.30.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.68.30.48/; sid:900704290; rev:1;) alert tcp $HOME_NET any -> [67.79.6.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.79.6.38/; sid:900704289; rev:1;) alert tcp $HOME_NET any -> [173.242.103.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.242.103.80/; sid:900704288; rev:1;) alert tcp $HOME_NET any -> [190.145.67.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.145.67.134/; sid:900704284; rev:1;) alert tcp $HOME_NET any -> [190.113.233.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.113.233.4/; sid:900704280; rev:1;) alert tcp $HOME_NET any -> [213.123.212.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.123.212.188/; sid:900704279; rev:1;) alert tcp $HOME_NET any -> [100.34.98.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.34.98.47/; sid:900704278; rev:1;) alert tcp $HOME_NET any -> [190.180.96.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.96.117/; sid:900704276; rev:1;) alert tcp $HOME_NET any -> [216.14.176.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.14.176.17/; sid:900704274; rev:1;) alert tcp $HOME_NET any -> [190.189.16.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.16.174/; sid:900704272; rev:1;) alert tcp $HOME_NET any -> [98.144.133.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.133.221/; sid:900704268; rev:1;) alert tcp $HOME_NET any -> [181.170.212.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.212.29/; sid:900704267; rev:1;) alert tcp $HOME_NET any -> [81.136.248.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.248.12/; sid:900704266; rev:1;) alert tcp $HOME_NET any -> [181.39.66.26] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.66.26/; sid:900704265; rev:1;) alert tcp $HOME_NET any -> [190.16.177.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.177.117/; sid:900704264; rev:1;) alert tcp $HOME_NET any -> [221.120.97.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.120.97.51/; sid:900704263; rev:1;) alert tcp $HOME_NET any -> [65.87.40.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.87.40.115/; sid:900704262; rev:1;) alert tcp $HOME_NET any -> [186.1.6.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.1.6.67/; sid:900704261; rev:1;) alert tcp $HOME_NET any -> [186.64.69.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.69.115/; sid:900704260; rev:1;) alert tcp $HOME_NET any -> [181.143.208.106] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.208.106/; sid:900704259; rev:1;) alert tcp $HOME_NET any -> [47.190.14.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.190.14.57/; sid:900702789; rev:1;) alert tcp $HOME_NET any -> [137.103.118.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.103.118.195/; sid:900702788; rev:1;) alert tcp $HOME_NET any -> [199.71.229.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.71.229.6/; sid:900702784; rev:1;) alert tcp $HOME_NET any -> [190.47.217.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.217.253/; sid:900702782; rev:1;) alert tcp $HOME_NET any -> [95.50.45.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.50.45.218/; sid:900702779; rev:1;) alert tcp $HOME_NET any -> [201.231.78.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.78.22/; sid:900702777; rev:1;) alert tcp $HOME_NET any -> [174.126.163.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.126.163.111/; sid:900702776; rev:1;) alert tcp $HOME_NET any -> [64.250.212.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.250.212.160/; sid:900702774; rev:1;) alert tcp $HOME_NET any -> [81.130.191.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.191.202/; sid:900702772; rev:1;) alert tcp $HOME_NET any -> [181.10.19.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.19.178/; sid:900702770; rev:1;) alert tcp $HOME_NET any -> [189.162.221.160] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.162.221.160/; sid:900702766; rev:1;) alert tcp $HOME_NET any -> [190.27.97.65] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.27.97.65/; sid:900702765; rev:1;) alert tcp $HOME_NET any -> [169.1.71.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.71.44/; sid:900702764; rev:1;) alert tcp $HOME_NET any -> [205.144.211.94] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.144.211.94/; sid:900702763; rev:1;) alert tcp $HOME_NET any -> [109.228.9.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.228.9.122/; sid:900702762; rev:1;) alert tcp $HOME_NET any -> [201.236.67.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.67.58/; sid:900702761; rev:1;) alert tcp $HOME_NET any -> [208.185.128.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.185.128.234/; sid:900702760; rev:1;) alert tcp $HOME_NET any -> [84.93.152.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.93.152.69/; sid:900702759; rev:1;) alert tcp $HOME_NET any -> [72.46.151.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.46.151.196/; sid:900702758; rev:1;) alert tcp $HOME_NET any -> [24.232.200.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.200.64/; sid:900702757; rev:1;) alert tcp $HOME_NET any -> [125.99.106.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.106.226/; sid:900702354; rev:1;) alert tcp $HOME_NET any -> [80.130.108.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.130.108.23/; sid:900702350; rev:1;) alert tcp $HOME_NET any -> [78.187.72.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.72.87/; sid:900702347; rev:1;) alert tcp $HOME_NET any -> [110.143.57.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.57.109/; sid:900702344; rev:1;) alert tcp $HOME_NET any -> [41.220.0.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.0.26/; sid:900702341; rev:1;) alert tcp $HOME_NET any -> [190.186.70.202] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.70.202/; sid:900702333; rev:1;) alert tcp $HOME_NET any -> [99.199.195.235] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.199.195.235/; sid:900702328; rev:1;) alert tcp $HOME_NET any -> [77.85.44.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.85.44.164/; sid:900702327; rev:1;) alert tcp $HOME_NET any -> [54.37.23.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.23.118/; sid:900702326; rev:1;) alert tcp $HOME_NET any -> [47.189.188.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.189.188.195/; sid:900702325; rev:1;) alert tcp $HOME_NET any -> [153.101.7.207] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.101.7.207/; sid:900702324; rev:1;) alert tcp $HOME_NET any -> [70.27.207.164] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.27.207.164/; sid:900702323; rev:1;) alert tcp $HOME_NET any -> [24.223.109.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.223.109.139/; sid:900702240; rev:1;) alert tcp $HOME_NET any -> [24.249.35.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.249.35.69/; sid:900702237; rev:1;) alert tcp $HOME_NET any -> [192.24.7.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.24.7.148/; sid:900702223; rev:1;) alert tcp $HOME_NET any -> [38.140.147.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.140.147.42/; sid:900702221; rev:1;) alert tcp $HOME_NET any -> [107.13.144.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.144.134/; sid:900702220; rev:1;) alert tcp $HOME_NET any -> [173.233.167.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.233.167.240/; sid:900702219; rev:1;) alert tcp $HOME_NET any -> [75.112.62.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.112.62.42/; sid:900702217; rev:1;) alert tcp $HOME_NET any -> [212.227.135.224] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.227.135.224/; sid:900619574; rev:1;) alert tcp $HOME_NET any -> [98.144.143.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.143.194/; sid:900619571; rev:1;) alert tcp $HOME_NET any -> [76.73.213.148] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.73.213.148/; sid:900619573; rev:1;) alert tcp $HOME_NET any -> [86.12.247.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.12.247.149/; sid:900701344; rev:1;) alert tcp $HOME_NET any -> [173.160.205.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.160.205.162/; sid:900701343; rev:1;) alert tcp $HOME_NET any -> [81.86.197.52] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.197.52/; sid:900701338; rev:1;) alert tcp $HOME_NET any -> [138.207.150.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.207.150.46/; sid:900701337; rev:1;) alert tcp $HOME_NET any -> [24.201.79.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.79.34/; sid:900701334; rev:1;) alert tcp $HOME_NET any -> [205.185.187.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.185.187.190/; sid:900701332; rev:1;) alert tcp $HOME_NET any -> [109.170.209.165] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.209.165/; sid:900701331; rev:1;) alert tcp $HOME_NET any -> [71.163.171.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.163.171.106/; sid:900701328; rev:1;) alert tcp $HOME_NET any -> [160.36.66.221] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.36.66.221/; sid:900701327; rev:1;) alert tcp $HOME_NET any -> [173.160.205.161] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.160.205.161/; sid:900701326; rev:1;) alert tcp $HOME_NET any -> [189.134.18.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.18.141/; sid:900701322; rev:1;) alert tcp $HOME_NET any -> [173.19.73.104] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.19.73.104/; sid:900701321; rev:1;) alert tcp $HOME_NET any -> [76.65.158.121] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.158.121/; sid:900701320; rev:1;) alert tcp $HOME_NET any -> [200.127.55.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.55.5/; sid:900701319; rev:1;) alert tcp $HOME_NET any -> [186.18.236.83] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.236.83/; sid:900701318; rev:1;) alert tcp $HOME_NET any -> [173.11.47.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.11.47.169/; sid:900701317; rev:1;) alert tcp $HOME_NET any -> [12.222.134.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.222.134.10/; sid:900701316; rev:1;) alert tcp $HOME_NET any -> [189.244.86.184] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.86.184/; sid:900701315; rev:1;) alert tcp $HOME_NET any -> [177.242.156.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.156.119/; sid:900701314; rev:1;) alert tcp $HOME_NET any -> [50.78.167.65] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.78.167.65/; sid:900701313; rev:1;) alert tcp $HOME_NET any -> [81.149.110.194] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.149.110.194/; sid:900701294; rev:1;) alert tcp $HOME_NET any -> [24.76.123.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.76.123.171/; sid:900701283; rev:1;) alert tcp $HOME_NET any -> [104.229.109.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.229.109.97/; sid:900701282; rev:1;) alert tcp $HOME_NET any -> [67.254.71.72] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.71.72/; sid:900701281; rev:1;) alert tcp $HOME_NET any -> [24.234.221.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.221.236/; sid:900701280; rev:1;) alert tcp $HOME_NET any -> [24.166.75.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.166.75.5/; sid:900701279; rev:1;) alert tcp $HOME_NET any -> [24.176.53.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.176.53.106/; sid:900619554; rev:1;) alert tcp $HOME_NET any -> [139.162.157.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.157.8/; sid:900619593; rev:1;) alert tcp $HOME_NET any -> [117.215.4.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.215.4.29/; sid:900700809; rev:1;) alert tcp $HOME_NET any -> [82.117.238.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.117.238.3/; sid:900700808; rev:1;) alert tcp $HOME_NET any -> [85.105.250.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.250.128/; sid:900700803; rev:1;) alert tcp $HOME_NET any -> [183.82.124.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.124.191/; sid:900700802; rev:1;) alert tcp $HOME_NET any -> [64.19.32.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.32.70/; sid:900700801; rev:1;) alert tcp $HOME_NET any -> [125.63.116.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.63.116.242/; sid:900700799; rev:1;) alert tcp $HOME_NET any -> [178.21.66.250] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.21.66.250/; sid:900700797; rev:1;) alert tcp $HOME_NET any -> [58.65.180.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.180.67/; sid:900700796; rev:1;) alert tcp $HOME_NET any -> [105.225.244.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.244.118/; sid:900700793; rev:1;) alert tcp $HOME_NET any -> [173.62.175.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.62.175.98/; sid:900700784; rev:1;) alert tcp $HOME_NET any -> [111.125.87.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.87.100/; sid:900700783; rev:1;) alert tcp $HOME_NET any -> [5.35.242.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.35.242.34/; sid:900700780; rev:1;) alert tcp $HOME_NET any -> [184.149.17.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.17.62/; sid:900700779; rev:1;) alert tcp $HOME_NET any -> [31.148.221.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.221.34/; sid:900700778; rev:1;) alert tcp $HOME_NET any -> [75.110.190.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.190.86/; sid:900700777; rev:1;) alert tcp $HOME_NET any -> [24.220.80.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.220.80.37/; sid:900700776; rev:1;) alert tcp $HOME_NET any -> [73.91.16.130] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.91.16.130/; sid:900700775; rev:1;) alert tcp $HOME_NET any -> [71.71.126.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.71.126.201/; sid:900700774; rev:1;) alert tcp $HOME_NET any -> [68.102.169.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.102.169.43/; sid:900700773; rev:1;) alert tcp $HOME_NET any -> [69.112.171.184] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.112.171.184/; sid:900700772; rev:1;) alert tcp $HOME_NET any -> [73.32.166.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.32.166.189/; sid:900700771; rev:1;) alert tcp $HOME_NET any -> [83.110.100.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.100.209/; sid:900700770; rev:1;) alert tcp $HOME_NET any -> [72.47.209.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.209.128/; sid:900619562; rev:1;) alert tcp $HOME_NET any -> [151.229.95.237] 65490 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.229.95.237/; sid:900698820; rev:1;) alert tcp $HOME_NET any -> [165.166.247.200] 48631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.166.247.200/; sid:900698819; rev:1;) alert tcp $HOME_NET any -> [186.31.103.65] 64666 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.31.103.65/; sid:900698818; rev:1;) alert tcp $HOME_NET any -> [190.126.34.209] 17925 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.126.34.209/; sid:900698817; rev:1;) alert tcp $HOME_NET any -> [93.84.15.233] 2471 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.84.15.233/; sid:900698816; rev:1;) alert tcp $HOME_NET any -> [79.78.142.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.142.70/; sid:900698810; rev:1;) alert tcp $HOME_NET any -> [24.67.53.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.67.53.23/; sid:900698809; rev:1;) alert tcp $HOME_NET any -> [41.215.127.30] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.127.30/; sid:900698792; rev:1;) alert tcp $HOME_NET any -> [93.109.229.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.109.229.250/; sid:900698790; rev:1;) alert tcp $HOME_NET any -> [24.216.53.12] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.216.53.12/; sid:900619521; rev:1;) alert tcp $HOME_NET any -> [105.247.100.215] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.100.215/; sid:900698176; rev:1;) alert tcp $HOME_NET any -> [206.174.187.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.174.187.58/; sid:900698166; rev:1;) alert tcp $HOME_NET any -> [24.176.58.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.176.58.106/; sid:900698154; rev:1;) alert tcp $HOME_NET any -> [86.98.71.86] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.86/; sid:900698151; rev:1;) alert tcp $HOME_NET any -> [50.96.217.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.96.217.247/; sid:900698150; rev:1;) alert tcp $HOME_NET any -> [64.183.104.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.183.104.2/; sid:900698146; rev:1;) alert tcp $HOME_NET any -> [172.248.199.224] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.199.224/; sid:900698145; rev:1;) alert tcp $HOME_NET any -> [72.26.54.182] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.26.54.182/; sid:900698144; rev:1;) alert tcp $HOME_NET any -> [67.43.253.189] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.43.253.189/; sid:900698143; rev:1;) alert tcp $HOME_NET any -> [66.66.196.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.66.196.79/; sid:900698142; rev:1;) alert tcp $HOME_NET any -> [104.15.149.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.15.149.209/; sid:900698141; rev:1;) alert tcp $HOME_NET any -> [24.206.17.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.206.17.102/; sid:900698140; rev:1;) alert tcp $HOME_NET any -> [70.77.68.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.77.68.255/; sid:900698139; rev:1;) alert tcp $HOME_NET any -> [12.139.46.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.139.46.57/; sid:900698138; rev:1;) alert tcp $HOME_NET any -> [173.34.90.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.34.90.245/; sid:900698137; rev:1;) alert tcp $HOME_NET any -> [186.64.140.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.140.213/; sid:900619313; rev:1;) alert tcp $HOME_NET any -> [98.100.134.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.100.134.133/; sid:900697591; rev:1;) alert tcp $HOME_NET any -> [47.14.41.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.14.41.119/; sid:900697586; rev:1;) alert tcp $HOME_NET any -> [72.84.82.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.82.20/; sid:900697581; rev:1;) alert tcp $HOME_NET any -> [76.90.224.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.90.224.32/; sid:900697580; rev:1;) alert tcp $HOME_NET any -> [24.3.178.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.3.178.228/; sid:900697579; rev:1;) alert tcp $HOME_NET any -> [120.150.206.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.206.156/; sid:900697578; rev:1;) alert tcp $HOME_NET any -> [208.180.149.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.149.228/; sid:900697577; rev:1;) alert tcp $HOME_NET any -> [73.57.148.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.57.148.230/; sid:900697576; rev:1;) alert tcp $HOME_NET any -> [69.8.25.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.8.25.109/; sid:900697575; rev:1;) alert tcp $HOME_NET any -> [181.27.126.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.27.126.228/; sid:900697571; rev:1;) alert tcp $HOME_NET any -> [104.5.49.54] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.5.49.54/; sid:900697569; rev:1;) alert tcp $HOME_NET any -> [181.229.155.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.229.155.11/; sid:900697566; rev:1;) alert tcp $HOME_NET any -> [186.15.60.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.60.167/; sid:900697564; rev:1;) alert tcp $HOME_NET any -> [107.10.139.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.139.119/; sid:900697563; rev:1;) alert tcp $HOME_NET any -> [148.69.94.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.69.94.166/; sid:900697562; rev:1;) alert tcp $HOME_NET any -> [67.237.41.34] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.237.41.34/; sid:900697561; rev:1;) alert tcp $HOME_NET any -> [189.130.50.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.50.85/; sid:900697555; rev:1;) alert tcp $HOME_NET any -> [216.251.1.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.1.1/; sid:900697554; rev:1;) alert tcp $HOME_NET any -> [77.44.98.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.98.67/; sid:900697552; rev:1;) alert tcp $HOME_NET any -> [187.207.72.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.72.201/; sid:900697549; rev:1;) alert tcp $HOME_NET any -> [187.163.49.123] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.49.123/; sid:900697548; rev:1;) alert tcp $HOME_NET any -> [96.246.206.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.246.206.16/; sid:900697547; rev:1;) alert tcp $HOME_NET any -> [5.32.65.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.65.50/; sid:900697546; rev:1;) alert tcp $HOME_NET any -> [216.176.21.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.176.21.143/; sid:900697545; rev:1;) alert tcp $HOME_NET any -> [118.69.186.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.186.155/; sid:900697544; rev:1;) alert tcp $HOME_NET any -> [50.21.147.8] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.21.147.8/; sid:900697543; rev:1;) alert tcp $HOME_NET any -> [207.255.59.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.59.231/; sid:900697542; rev:1;) alert tcp $HOME_NET any -> [70.60.50.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.60.50.60/; sid:900697541; rev:1;) alert tcp $HOME_NET any -> [187.163.174.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.174.149/; sid:900697540; rev:1;) alert tcp $HOME_NET any -> [201.171.29.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.29.119/; sid:900619125; rev:1;) alert tcp $HOME_NET any -> [207.204.127.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.204.127.50/; sid:900619068; rev:1;) alert tcp $HOME_NET any -> [51.38.45.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.45.245/; sid:900619066; rev:1;) alert tcp $HOME_NET any -> [45.42.31.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.42.31.50/; sid:900696930; rev:1;) alert tcp $HOME_NET any -> [75.128.237.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.128.237.42/; sid:900696908; rev:1;) alert tcp $HOME_NET any -> [72.73.221.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.73.221.66/; sid:900696907; rev:1;) alert tcp $HOME_NET any -> [39.112.243.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.112.243.65/; sid:900696906; rev:1;) alert tcp $HOME_NET any -> [174.70.176.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.70.176.45/; sid:900696905; rev:1;) alert tcp $HOME_NET any -> [199.188.66.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.188.66.157/; sid:900696904; rev:1;) alert tcp $HOME_NET any -> [45.59.204.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.59.204.133/; sid:900696903; rev:1;) alert tcp $HOME_NET any -> [67.177.71.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.177.71.77/; sid:900696902; rev:1;) alert tcp $HOME_NET any -> [182.180.77.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.77.215/; sid:900696901; rev:1;) alert tcp $HOME_NET any -> [72.255.128.229] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.255.128.229/; sid:900696826; rev:1;) alert tcp $HOME_NET any -> [96.67.83.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.67.83.134/; sid:900696822; rev:1;) alert tcp $HOME_NET any -> [200.194.26.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.194.26.234/; sid:900696819; rev:1;) alert tcp $HOME_NET any -> [104.205.121.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.205.121.6/; sid:900696815; rev:1;) alert tcp $HOME_NET any -> [73.31.237.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.31.237.56/; sid:900696814; rev:1;) alert tcp $HOME_NET any -> [190.92.37.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.37.171/; sid:900696812; rev:1;) alert tcp $HOME_NET any -> [160.2.24.88] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.2.24.88/; sid:900696811; rev:1;) alert tcp $HOME_NET any -> [98.102.182.2] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.102.182.2/; sid:900696806; rev:1;) alert tcp $HOME_NET any -> [189.190.61.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.61.232/; sid:900696805; rev:1;) alert tcp $HOME_NET any -> [24.59.228.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.59.228.182/; sid:900696804; rev:1;) alert tcp $HOME_NET any -> [70.50.196.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.196.234/; sid:900696801; rev:1;) alert tcp $HOME_NET any -> [149.167.86.174] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.167.86.174/; sid:900696800; rev:1;) alert tcp $HOME_NET any -> [69.55.255.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.55.255.159/; sid:900696799; rev:1;) alert tcp $HOME_NET any -> [174.55.139.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.55.139.78/; sid:900696798; rev:1;) alert tcp $HOME_NET any -> [37.211.34.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.34.12/; sid:900696797; rev:1;) alert tcp $HOME_NET any -> [71.167.178.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.167.178.19/; sid:900696796; rev:1;) alert tcp $HOME_NET any -> [79.69.254.176] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.69.254.176/; sid:900696795; rev:1;) alert tcp $HOME_NET any -> [198.1.83.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.1.83.100/; sid:900618676; rev:1;) alert tcp $HOME_NET any -> [24.199.56.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.199.56.122/; sid:900618677; rev:1;) alert tcp $HOME_NET any -> [50.121.220.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.121.220.115/; sid:900618672; rev:1;) alert tcp $HOME_NET any -> [47.157.181.81] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.181.81/; sid:900618652; rev:1;) alert tcp $HOME_NET any -> [24.37.218.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.37.218.86/; sid:900696714; rev:1;) alert tcp $HOME_NET any -> [45.73.110.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.110.62/; sid:900696713; rev:1;) alert tcp $HOME_NET any -> [186.20.217.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.20.217.236/; sid:900696712; rev:1;) alert tcp $HOME_NET any -> [24.117.165.162] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.117.165.162/; sid:900696711; rev:1;) alert tcp $HOME_NET any -> [201.111.74.224] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.74.224/; sid:900696709; rev:1;) alert tcp $HOME_NET any -> [81.214.108.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.108.10/; sid:900696708; rev:1;) alert tcp $HOME_NET any -> [5.9.128.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.128.163/; sid:900696706; rev:1;) alert tcp $HOME_NET any -> [148.103.7.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.7.242/; sid:900696705; rev:1;) alert tcp $HOME_NET any -> [159.65.76.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.76.245/; sid:900696704; rev:1;) alert tcp $HOME_NET any -> [81.20.87.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.20.87.205/; sid:900696702; rev:1;) alert tcp $HOME_NET any -> [190.90.100.228] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.90.100.228/; sid:900696701; rev:1;) alert tcp $HOME_NET any -> [200.21.90.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.90.6/; sid:900696700; rev:1;) alert tcp $HOME_NET any -> [210.2.86.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.86.72/; sid:900696697; rev:1;) alert tcp $HOME_NET any -> [190.124.166.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.124.166.113/; sid:900696696; rev:1;) alert tcp $HOME_NET any -> [90.75.137.228] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.75.137.228/; sid:900696695; rev:1;) alert tcp $HOME_NET any -> [190.17.44.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.44.48/; sid:900696694; rev:1;) alert tcp $HOME_NET any -> [76.65.166.252] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.166.252/; sid:900696693; rev:1;) alert tcp $HOME_NET any -> [186.10.17.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.17.186/; sid:900696692; rev:1;) alert tcp $HOME_NET any -> [217.35.82.190] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.35.82.190/; sid:900696691; rev:1;) alert tcp $HOME_NET any -> [213.48.239.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.48.239.192/; sid:900696690; rev:1;) alert tcp $HOME_NET any -> [128.193.56.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.169/; sid:900696689; rev:1;) alert tcp $HOME_NET any -> [47.225.131.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.225.131.10/; sid:900696688; rev:1;) alert tcp $HOME_NET any -> [47.34.43.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.34.43.223/; sid:900696687; rev:1;) alert tcp $HOME_NET any -> [24.161.14.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.161.14.157/; sid:900618666; rev:1;) alert tcp $HOME_NET any -> [138.68.67.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.67.4/; sid:900618669; rev:1;) alert tcp $HOME_NET any -> [70.183.100.148] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.100.148/; sid:900618691; rev:1;) alert tcp $HOME_NET any -> [46.249.204.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.204.99/; sid:900618668; rev:1;) alert tcp $HOME_NET any -> [70.15.114.168] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.114.168/; sid:900618667; rev:1;) alert tcp $HOME_NET any -> [50.100.215.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.100.215.149/; sid:900618678; rev:1;) alert tcp $HOME_NET any -> [74.7.77.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.7.77.254/; sid:900618665; rev:1;) alert tcp $HOME_NET any -> [27.115.72.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.115.72.254/; sid:900696579; rev:1;) alert tcp $HOME_NET any -> [187.152.105.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.152.105.220/; sid:900696577; rev:1;) alert tcp $HOME_NET any -> [118.179.60.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.179.60.230/; sid:900696576; rev:1;) alert tcp $HOME_NET any -> [118.174.64.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.64.159/; sid:900696574; rev:1;) alert tcp $HOME_NET any -> [66.131.231.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.131.231.98/; sid:900696572; rev:1;) alert tcp $HOME_NET any -> [83.222.124.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.222.124.62/; sid:900696568; rev:1;) alert tcp $HOME_NET any -> [195.38.182.139] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.38.182.139/; sid:900696563; rev:1;) alert tcp $HOME_NET any -> [67.205.149.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.205.149.117/; sid:900696560; rev:1;) alert tcp $HOME_NET any -> [103.203.94.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.203.94.133/; sid:900696559; rev:1;) alert tcp $HOME_NET any -> [136.56.103.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.56.103.201/; sid:900696558; rev:1;) alert tcp $HOME_NET any -> [124.43.28.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.43.28.44/; sid:900696557; rev:1;) alert tcp $HOME_NET any -> [114.109.132.191] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.132.191/; sid:900696556; rev:1;) alert tcp $HOME_NET any -> [139.162.151.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.151.141/; sid:900696555; rev:1;) alert tcp $HOME_NET any -> [45.123.3.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.3.54/; sid:900696554; rev:1;) alert tcp $HOME_NET any -> [47.16.224.137] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.224.137/; sid:900696552; rev:1;) alert tcp $HOME_NET any -> [88.247.140.215] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.140.215/; sid:900696551; rev:1;) alert tcp $HOME_NET any -> [1.221.157.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.221.157.205/; sid:900696550; rev:1;) alert tcp $HOME_NET any -> [27.96.91.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.225/; sid:900696549; rev:1;) alert tcp $HOME_NET any -> [47.32.248.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.32.248.75/; sid:900696548; rev:1;) alert tcp $HOME_NET any -> [47.157.211.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.211.140/; sid:900696547; rev:1;) alert tcp $HOME_NET any -> [71.43.33.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.33.210/; sid:900696546; rev:1;) alert tcp $HOME_NET any -> [86.42.249.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.249.122/; sid:900696545; rev:1;) alert tcp $HOME_NET any -> [113.178.35.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.178.35.63/; sid:900696544; rev:1;) alert tcp $HOME_NET any -> [37.139.27.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.27.102/; sid:900618689; rev:1;) alert tcp $HOME_NET any -> [24.102.228.56] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.102.228.56/; sid:900694690; rev:1;) alert tcp $HOME_NET any -> [99.228.176.38] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.228.176.38/; sid:900694689; rev:1;) alert tcp $HOME_NET any -> [204.238.8.44] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.238.8.44/; sid:900694685; rev:1;) alert tcp $HOME_NET any -> [62.151.17.7] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.7/; sid:900694684; rev:1;) alert tcp $HOME_NET any -> [96.60.95.243] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.60.95.243/; sid:900694680; rev:1;) alert tcp $HOME_NET any -> [198.53.61.32] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.53.61.32/; sid:900694672; rev:1;) alert tcp $HOME_NET any -> [187.192.4.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.4.54/; sid:900694671; rev:1;) alert tcp $HOME_NET any -> [5.2.198.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.198.201/; sid:900694670; rev:1;) alert tcp $HOME_NET any -> [108.16.29.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.29.240/; sid:900694668; rev:1;) alert tcp $HOME_NET any -> [92.51.129.249] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.51.129.249/; sid:900694667; rev:1;) alert tcp $HOME_NET any -> [95.169.195.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.169.195.202/; sid:900694666; rev:1;) alert tcp $HOME_NET any -> [47.182.89.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.182.89.31/; sid:900694665; rev:1;) alert tcp $HOME_NET any -> [70.119.44.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.44.97/; sid:900694664; rev:1;) alert tcp $HOME_NET any -> [137.119.162.95] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.119.162.95/; sid:900694663; rev:1;) alert tcp $HOME_NET any -> [69.125.21.63] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.125.21.63/; sid:900694662; rev:1;) alert tcp $HOME_NET any -> [66.220.109.128] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.220.109.128/; sid:900694661; rev:1;) alert tcp $HOME_NET any -> [108.189.186.218] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.189.186.218/; sid:900694660; rev:1;) alert tcp $HOME_NET any -> [199.195.213.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.213.142/; sid:900694659; rev:1;) alert tcp $HOME_NET any -> [54.39.181.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.181.130/; sid:900694658; rev:1;) alert tcp $HOME_NET any -> [118.130.4.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.130.4.226/; sid:900694657; rev:1;) alert tcp $HOME_NET any -> [190.53.52.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.52.53/; sid:900694656; rev:1;) alert tcp $HOME_NET any -> [211.228.237.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.228.237.11/; sid:900618653; rev:1;) alert tcp $HOME_NET any -> [186.178.203.146] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.178.203.146/; sid:900618649; rev:1;) alert tcp $HOME_NET any -> [87.106.243.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.243.118/; sid:900618648; rev:1;) alert tcp $HOME_NET any -> [202.175.188.154] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.175.188.154/; sid:900618647; rev:1;) alert tcp $HOME_NET any -> [217.13.106.160] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.13.106.160/; sid:900691195; rev:1;) alert tcp $HOME_NET any -> [5.230.147.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.230.147.179/; sid:900691194; rev:1;) alert tcp $HOME_NET any -> [98.142.208.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.142.208.27/; sid:900691193; rev:1;) alert tcp $HOME_NET any -> [46.39.85.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.39.85.115/; sid:900691188; rev:1;) alert tcp $HOME_NET any -> [115.71.233.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.71.233.127/; sid:900691186; rev:1;) alert tcp $HOME_NET any -> [189.115.39.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.115.39.197/; sid:900691185; rev:1;) alert tcp $HOME_NET any -> [186.29.23.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.29.23.32/; sid:900691184; rev:1;) alert tcp $HOME_NET any -> [24.178.179.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.178.179.66/; sid:900691183; rev:1;) alert tcp $HOME_NET any -> [189.153.58.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.58.174/; sid:900691182; rev:1;) alert tcp $HOME_NET any -> [47.156.115.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.115.109/; sid:900691181; rev:1;) alert tcp $HOME_NET any -> [77.44.44.210] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.44.210/; sid:900691180; rev:1;) alert tcp $HOME_NET any -> [190.117.126.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.126.169/; sid:900691179; rev:1;) alert tcp $HOME_NET any -> [209.164.190.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.164.190.57/; sid:900691176; rev:1;) alert tcp $HOME_NET any -> [74.70.203.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.70.203.70/; sid:900691173; rev:1;) alert tcp $HOME_NET any -> [46.163.76.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.163.76.187/; sid:900691171; rev:1;) alert tcp $HOME_NET any -> [78.186.236.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.236.127/; sid:900691170; rev:1;) alert tcp $HOME_NET any -> [212.98.190.217] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.98.190.217/; sid:900691169; rev:1;) alert tcp $HOME_NET any -> [169.255.36.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.36.46/; sid:900691168; rev:1;) alert tcp $HOME_NET any -> [91.144.154.247] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.144.154.247/; sid:900691167; rev:1;) alert tcp $HOME_NET any -> [72.16.212.107] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.16.212.107/; sid:900691166; rev:1;) alert tcp $HOME_NET any -> [67.52.165.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.52.165.190/; sid:900691165; rev:1;) alert tcp $HOME_NET any -> [85.73.11.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.73.11.253/; sid:900691164; rev:1;) alert tcp $HOME_NET any -> [23.25.70.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.70.209/; sid:900691163; rev:1;) alert tcp $HOME_NET any -> [216.253.195.42] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.253.195.42/; sid:900691162; rev:1;) alert tcp $HOME_NET any -> [96.254.126.140] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.254.126.140/; sid:900691161; rev:1;) alert tcp $HOME_NET any -> [186.68.80.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.80.34/; sid:900609515; rev:1;) alert tcp $HOME_NET any -> [189.155.149.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.149.148/; sid:900691058; rev:1;) alert tcp $HOME_NET any -> [192.155.90.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.155.90.90/; sid:900691055; rev:1;) alert tcp $HOME_NET any -> [186.4.4.147] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.147/; sid:900691051; rev:1;) alert tcp $HOME_NET any -> [51.148.64.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.148.64.92/; sid:900691050; rev:1;) alert tcp $HOME_NET any -> [200.32.61.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.32.61.210/; sid:900691049; rev:1;) alert tcp $HOME_NET any -> [137.119.145.212] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.119.145.212/; sid:900691047; rev:1;) alert tcp $HOME_NET any -> [70.50.214.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.214.6/; sid:900691045; rev:1;) alert tcp $HOME_NET any -> [54.38.244.30] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.244.30/; sid:900691044; rev:1;) alert tcp $HOME_NET any -> [23.254.203.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.203.51/; sid:900691043; rev:1;) alert tcp $HOME_NET any -> [165.227.213.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.213.173/; sid:900691042; rev:1;) alert tcp $HOME_NET any -> [170.233.232.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.232.6/; sid:900691041; rev:1;) alert tcp $HOME_NET any -> [81.130.149.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.149.80/; sid:900691040; rev:1;) alert tcp $HOME_NET any -> [105.224.74.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.74.57/; sid:900691039; rev:1;) alert tcp $HOME_NET any -> [105.226.215.238] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.215.238/; sid:900609488; rev:1;) alert tcp $HOME_NET any -> [45.33.48.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.48.217/; sid:900691036; rev:1;) alert tcp $HOME_NET any -> [134.228.64.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.228.64.144/; sid:900691035; rev:1;) alert tcp $HOME_NET any -> [81.86.211.196] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.211.196/; sid:900691034; rev:1;) alert tcp $HOME_NET any -> [200.83.137.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.137.65/; sid:900691033; rev:1;) alert tcp $HOME_NET any -> [198.246.28.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.246.28.128/; sid:900691032; rev:1;) alert tcp $HOME_NET any -> [96.18.67.178] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.18.67.178/; sid:900691031; rev:1;) alert tcp $HOME_NET any -> [198.37.249.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.37.249.160/; sid:900691030; rev:1;) alert tcp $HOME_NET any -> [75.75.150.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.75.150.219/; sid:900691029; rev:1;) alert tcp $HOME_NET any -> [95.9.124.227] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.124.227/; sid:900691028; rev:1;) alert tcp $HOME_NET any -> [128.193.56.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.6/; sid:900691027; rev:1;) alert tcp $HOME_NET any -> [94.173.10.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.173.10.64/; sid:900691026; rev:1;) alert tcp $HOME_NET any -> [174.71.204.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.71.204.179/; sid:900609514; rev:1;) alert tcp $HOME_NET any -> [201.103.80.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.80.52/; sid:900691020; rev:1;) alert tcp $HOME_NET any -> [201.142.155.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.155.203/; sid:900690988; rev:1;) alert tcp $HOME_NET any -> [85.104.56.247] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.56.247/; sid:900690841; rev:1;) alert tcp $HOME_NET any -> [165.228.249.93] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.249.93/; sid:900690832; rev:1;) alert tcp $HOME_NET any -> [117.2.133.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.2.133.44/; sid:900690822; rev:1;) alert tcp $HOME_NET any -> [108.56.190.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.56.190.155/; sid:900690821; rev:1;) alert tcp $HOME_NET any -> [63.230.212.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.230.212.128/; sid:900690820; rev:1;) alert tcp $HOME_NET any -> [106.243.65.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.243.65.250/; sid:900690818; rev:1;) alert tcp $HOME_NET any -> [216.137.249.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.137.249.154/; sid:900690817; rev:1;) alert tcp $HOME_NET any -> [197.87.130.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.130.229/; sid:900690816; rev:1;) alert tcp $HOME_NET any -> [24.205.231.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.205.231.46/; sid:900690671; rev:1;) alert tcp $HOME_NET any -> [105.229.147.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.229.147.33/; sid:900690659; rev:1;) alert tcp $HOME_NET any -> [12.196.65.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.196.65.34/; sid:900690656; rev:1;) alert tcp $HOME_NET any -> [88.225.226.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.226.41/; sid:900690654; rev:1;) alert tcp $HOME_NET any -> [176.9.151.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.9.151.108/; sid:900609174; rev:1;) alert tcp $HOME_NET any -> [54.38.43.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.43.230/; sid:900609176; rev:1;) alert tcp $HOME_NET any -> [70.32.91.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.91.58/; sid:900609173; rev:1;) alert tcp $HOME_NET any -> [216.144.99.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.144.99.249/; sid:900609175; rev:1;) alert tcp $HOME_NET any -> [70.62.224.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.62.224.226/; sid:900609177; rev:1;) alert tcp $HOME_NET any -> [98.191.228.168] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.191.228.168/; sid:900690373; rev:1;) alert tcp $HOME_NET any -> [111.119.215.225] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.119.215.225/; sid:900690368; rev:1;) alert tcp $HOME_NET any -> [71.176.211.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.176.211.86/; sid:900690365; rev:1;) alert tcp $HOME_NET any -> [109.107.235.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.107.235.152/; sid:900690359; rev:1;) alert tcp $HOME_NET any -> [68.8.238.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.8.238.86/; sid:900690358; rev:1;) alert tcp $HOME_NET any -> [209.239.105.18] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.239.105.18/; sid:900690357; rev:1;) alert tcp $HOME_NET any -> [203.163.231.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.163.231.123/; sid:900690355; rev:1;) alert tcp $HOME_NET any -> [12.154.10.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.154.10.186/; sid:900690353; rev:1;) alert tcp $HOME_NET any -> [204.184.24.82] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.24.82/; sid:900690349; rev:1;) alert tcp $HOME_NET any -> [83.110.138.177] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.138.177/; sid:900690348; rev:1;) alert tcp $HOME_NET any -> [67.160.28.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.160.28.237/; sid:900690347; rev:1;) alert tcp $HOME_NET any -> [173.195.204.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.195.204.36/; sid:900690346; rev:1;) alert tcp $HOME_NET any -> [105.227.80.43] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.80.43/; sid:900690345; rev:1;) alert tcp $HOME_NET any -> [189.152.53.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.53.248/; sid:900690344; rev:1;) alert tcp $HOME_NET any -> [75.148.213.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.148.213.233/; sid:900690343; rev:1;) alert tcp $HOME_NET any -> [184.176.4.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.4.162/; sid:900690342; rev:1;) alert tcp $HOME_NET any -> [200.57.229.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.57.229.27/; sid:900690341; rev:1;) alert tcp $HOME_NET any -> [186.69.3.154] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.69.3.154/; sid:900690131; rev:1;) alert tcp $HOME_NET any -> [195.13.188.82] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.13.188.82/; sid:900690128; rev:1;) alert tcp $HOME_NET any -> [175.138.83.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.138.83.138/; sid:900690127; rev:1;) alert tcp $HOME_NET any -> [114.109.170.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.170.114/; sid:900690126; rev:1;) alert tcp $HOME_NET any -> [200.57.102.71] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.57.102.71/; sid:900690120; rev:1;) alert tcp $HOME_NET any -> [186.101.74.154] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.74.154/; sid:900690118; rev:1;) alert tcp $HOME_NET any -> [197.92.225.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.92.225.116/; sid:900690117; rev:1;) alert tcp $HOME_NET any -> [186.151.52.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.151.52.187/; sid:900690115; rev:1;) alert tcp $HOME_NET any -> [201.211.46.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.211.46.151/; sid:900690114; rev:1;) alert tcp $HOME_NET any -> [108.51.155.120] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.155.120/; sid:900690110; rev:1;) alert tcp $HOME_NET any -> [181.44.169.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.169.132/; sid:900690109; rev:1;) alert tcp $HOME_NET any -> [186.68.82.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.82.18/; sid:900690108; rev:1;) alert tcp $HOME_NET any -> [91.19.104.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.19.104.33/; sid:900690107; rev:1;) alert tcp $HOME_NET any -> [200.118.241.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.118.241.21/; sid:900690106; rev:1;) alert tcp $HOME_NET any -> [189.250.171.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.171.115/; sid:900690105; rev:1;) alert tcp $HOME_NET any -> [187.192.232.16] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.232.16/; sid:900690104; rev:1;) alert tcp $HOME_NET any -> [76.170.143.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.170.143.9/; sid:900690103; rev:1;) alert tcp $HOME_NET any -> [72.241.162.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.241.162.229/; sid:900690102; rev:1;) alert tcp $HOME_NET any -> [74.89.23.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.89.23.180/; sid:900690101; rev:1;) alert tcp $HOME_NET any -> [172.113.215.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.113.215.132/; sid:900608921; rev:1;) alert tcp $HOME_NET any -> [107.182.34.241] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.182.34.241/; sid:900608920; rev:1;) alert tcp $HOME_NET any -> [24.203.4.40] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.203.4.40/; sid:900608970; rev:1;) alert tcp $HOME_NET any -> [190.140.187.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.140.187.200/; sid:900689869; rev:1;) alert tcp $HOME_NET any -> [81.21.12.6] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.12.6/; sid:900689851; rev:1;) alert tcp $HOME_NET any -> [177.231.255.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.255.134/; sid:900689849; rev:1;) alert tcp $HOME_NET any -> [46.17.209.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.209.164/; sid:900689848; rev:1;) alert tcp $HOME_NET any -> [186.101.81.10] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.101.81.10/; sid:900689846; rev:1;) alert tcp $HOME_NET any -> [88.225.230.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.230.70/; sid:900689845; rev:1;) alert tcp $HOME_NET any -> [89.145.200.162] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.145.200.162/; sid:900689842; rev:1;) alert tcp $HOME_NET any -> [88.250.185.242] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.185.242/; sid:900689841; rev:1;) alert tcp $HOME_NET any -> [31.166.244.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.166.244.172/; sid:900689840; rev:1;) alert tcp $HOME_NET any -> [24.42.51.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.42.51.139/; sid:900689839; rev:1;) alert tcp $HOME_NET any -> [69.118.64.136] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.118.64.136/; sid:900689838; rev:1;) alert tcp $HOME_NET any -> [101.187.255.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.255.122/; sid:900689837; rev:1;) alert tcp $HOME_NET any -> [173.94.9.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.9.21/; sid:900689835; rev:1;) alert tcp $HOME_NET any -> [199.26.184.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.26.184.82/; sid:900689834; rev:1;) alert tcp $HOME_NET any -> [68.84.221.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.84.221.138/; sid:900689833; rev:1;) alert tcp $HOME_NET any -> [69.23.76.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.23.76.217/; sid:900689768; rev:1;) alert tcp $HOME_NET any -> [190.180.8.85] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.8.85/; sid:900689767; rev:1;) alert tcp $HOME_NET any -> [181.120.189.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.189.184/; sid:900689763; rev:1;) alert tcp $HOME_NET any -> [190.151.62.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.62.234/; sid:900689761; rev:1;) alert tcp $HOME_NET any -> [186.22.50.195] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.22.50.195/; sid:900689760; rev:1;) alert tcp $HOME_NET any -> [187.188.44.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.44.32/; sid:900689758; rev:1;) alert tcp $HOME_NET any -> [12.44.127.26] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.44.127.26/; sid:900689757; rev:1;) alert tcp $HOME_NET any -> [77.122.237.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.122.237.72/; sid:900689756; rev:1;) alert tcp $HOME_NET any -> [75.108.22.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.108.22.7/; sid:900689754; rev:1;) alert tcp $HOME_NET any -> [187.237.79.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.237.79.91/; sid:900689753; rev:1;) alert tcp $HOME_NET any -> [190.131.63.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.63.204/; sid:900689751; rev:1;) alert tcp $HOME_NET any -> [75.109.200.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.200.232/; sid:900689747; rev:1;) alert tcp $HOME_NET any -> [181.134.174.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.134.174.38/; sid:900689746; rev:1;) alert tcp $HOME_NET any -> [186.15.64.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.64.141/; sid:900689745; rev:1;) alert tcp $HOME_NET any -> [189.180.223.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.223.221/; sid:900689744; rev:1;) alert tcp $HOME_NET any -> [181.39.233.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.233.139/; sid:900689743; rev:1;) alert tcp $HOME_NET any -> [187.147.147.127] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.147.127/; sid:900689742; rev:1;) alert tcp $HOME_NET any -> [64.237.68.70] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.237.68.70/; sid:900689741; rev:1;) alert tcp $HOME_NET any -> [97.93.216.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.93.216.75/; sid:900689740; rev:1;) alert tcp $HOME_NET any -> [200.49.145.116] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.49.145.116/; sid:900689739; rev:1;) alert tcp $HOME_NET any -> [80.249.92.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.249.92.41/; sid:900689738; rev:1;) alert tcp $HOME_NET any -> [157.7.163.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.163.144/; sid:900608653; rev:1;) alert tcp $HOME_NET any -> [67.158.239.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.158.239.210/; sid:900689512; rev:1;) alert tcp $HOME_NET any -> [103.51.20.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.51.20.167/; sid:900689510; rev:1;) alert tcp $HOME_NET any -> [50.76.83.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.76.83.231/; sid:900689508; rev:1;) alert tcp $HOME_NET any -> [180.234.214.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.234.214.54/; sid:900689507; rev:1;) alert tcp $HOME_NET any -> [110.36.142.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.142.186/; sid:900689504; rev:1;) alert tcp $HOME_NET any -> [217.165.230.123] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.230.123/; sid:900689497; rev:1;) alert tcp $HOME_NET any -> [66.212.220.245] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.212.220.245/; sid:900689494; rev:1;) alert tcp $HOME_NET any -> [203.122.32.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.122.32.74/; sid:900689493; rev:1;) alert tcp $HOME_NET any -> [184.160.6.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.160.6.6/; sid:900689490; rev:1;) alert tcp $HOME_NET any -> [2.50.30.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.30.73/; sid:900689484; rev:1;) alert tcp $HOME_NET any -> [198.0.31.189] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.31.189/; sid:900689475; rev:1;) alert tcp $HOME_NET any -> [128.193.56.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.101/; sid:900689472; rev:1;) alert tcp $HOME_NET any -> [67.215.49.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.215.49.234/; sid:900689468; rev:1;) alert tcp $HOME_NET any -> [105.186.73.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.73.91/; sid:900689465; rev:1;) alert tcp $HOME_NET any -> [70.91.98.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.91.98.181/; sid:900689464; rev:1;) alert tcp $HOME_NET any -> [190.15.180.250] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.180.250/; sid:900689463; rev:1;) alert tcp $HOME_NET any -> [88.250.223.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.223.190/; sid:900689462; rev:1;) alert tcp $HOME_NET any -> [184.188.108.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.108.62/; sid:900689461; rev:1;) alert tcp $HOME_NET any -> [197.245.79.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.79.109/; sid:900689458; rev:1;) alert tcp $HOME_NET any -> [187.190.117.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.117.226/; sid:900689455; rev:1;) alert tcp $HOME_NET any -> [71.209.36.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.209.36.231/; sid:900689454; rev:1;) alert tcp $HOME_NET any -> [190.210.38.253] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.38.253/; sid:900689453; rev:1;) alert tcp $HOME_NET any -> [190.97.15.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.15.75/; sid:900689452; rev:1;) alert tcp $HOME_NET any -> [181.143.108.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.108.91/; sid:900689451; rev:1;) alert tcp $HOME_NET any -> [190.12.14.75] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.12.14.75/; sid:900689450; rev:1;) alert tcp $HOME_NET any -> [65.128.138.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.128.138.30/; sid:900689449; rev:1;) alert tcp $HOME_NET any -> [70.31.145.1] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.31.145.1/; sid:900689448; rev:1;) alert tcp $HOME_NET any -> [206.255.201.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.255.201.213/; sid:900689447; rev:1;) alert tcp $HOME_NET any -> [87.66.13.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.66.13.80/; sid:900689446; rev:1;) alert tcp $HOME_NET any -> [203.198.147.4] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.198.147.4/; sid:900689361; rev:1;) alert tcp $HOME_NET any -> [97.94.31.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.94.31.251/; sid:900689274; rev:1;) alert tcp $HOME_NET any -> [86.1.201.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.1.201.59/; sid:900689268; rev:1;) alert tcp $HOME_NET any -> [203.163.247.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.163.247.170/; sid:900689261; rev:1;) alert tcp $HOME_NET any -> [203.130.17.11] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.17.11/; sid:900689257; rev:1;) alert tcp $HOME_NET any -> [85.140.41.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.140.41.130/; sid:900689254; rev:1;) alert tcp $HOME_NET any -> [182.75.161.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.75.161.42/; sid:900689252; rev:1;) alert tcp $HOME_NET any -> [183.82.104.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.104.189/; sid:900689249; rev:1;) alert tcp $HOME_NET any -> [119.161.96.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.161.96.149/; sid:900689248; rev:1;) alert tcp $HOME_NET any -> [85.105.127.131] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.127.131/; sid:900689247; rev:1;) alert tcp $HOME_NET any -> [103.243.173.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.243.173.107/; sid:900689246; rev:1;) alert tcp $HOME_NET any -> [117.240.167.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.240.167.58/; sid:900689245; rev:1;) alert tcp $HOME_NET any -> [96.82.180.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.82.180.162/; sid:900689244; rev:1;) alert tcp $HOME_NET any -> [105.225.14.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.14.211/; sid:900689243; rev:1;) alert tcp $HOME_NET any -> [182.48.193.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.193.140/; sid:900689242; rev:1;) alert tcp $HOME_NET any -> [24.48.68.128] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.48.68.128/; sid:900689241; rev:1;) alert tcp $HOME_NET any -> [175.209.255.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.209.255.182/; sid:900689240; rev:1;) alert tcp $HOME_NET any -> [78.188.180.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.180.54/; sid:900688423; rev:1;) alert tcp $HOME_NET any -> [152.231.79.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.79.6/; sid:900688422; rev:1;) alert tcp $HOME_NET any -> [184.186.72.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.72.104/; sid:900688421; rev:1;) alert tcp $HOME_NET any -> [61.38.71.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.38.71.197/; sid:900688420; rev:1;) alert tcp $HOME_NET any -> [210.77.89.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.77.89.109/; sid:900688418; rev:1;) alert tcp $HOME_NET any -> [69.92.151.74] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.92.151.74/; sid:900688417; rev:1;) alert tcp $HOME_NET any -> [187.160.218.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.160.218.132/; sid:900688412; rev:1;) alert tcp $HOME_NET any -> [190.131.166.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.166.199/; sid:900688410; rev:1;) alert tcp $HOME_NET any -> [66.119.110.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.119.110.214/; sid:900688407; rev:1;) alert tcp $HOME_NET any -> [189.205.70.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.70.64/; sid:900688406; rev:1;) alert tcp $HOME_NET any -> [81.213.157.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.157.176/; sid:900688402; rev:1;) alert tcp $HOME_NET any -> [200.90.92.72] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.92.72/; sid:900688401; rev:1;) alert tcp $HOME_NET any -> [47.41.100.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.41.100.58/; sid:900688400; rev:1;) alert tcp $HOME_NET any -> [70.166.122.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.166.122.236/; sid:900688399; rev:1;) alert tcp $HOME_NET any -> [78.141.2.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.141.2.164/; sid:900688398; rev:1;) alert tcp $HOME_NET any -> [187.148.174.31] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.174.31/; sid:900688397; rev:1;) alert tcp $HOME_NET any -> [168.121.59.107] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.121.59.107/; sid:900688396; rev:1;) alert tcp $HOME_NET any -> [190.2.50.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.2.50.193/; sid:900688395; rev:1;) alert tcp $HOME_NET any -> [197.86.157.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.86.157.158/; sid:900688394; rev:1;) alert tcp $HOME_NET any -> [190.215.241.14] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.215.241.14/; sid:900688393; rev:1;) alert tcp $HOME_NET any -> [24.192.126.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.192.126.122/; sid:900688187; rev:1;) alert tcp $HOME_NET any -> [64.228.194.53] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.194.53/; sid:900688186; rev:1;) alert tcp $HOME_NET any -> [194.126.10.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.126.10.122/; sid:900688180; rev:1;) alert tcp $HOME_NET any -> [75.110.170.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.170.175/; sid:900688160; rev:1;) alert tcp $HOME_NET any -> [216.249.210.20] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.249.210.20/; sid:900688154; rev:1;) alert tcp $HOME_NET any -> [85.105.235.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.235.83/; sid:900687961; rev:1;) alert tcp $HOME_NET any -> [5.196.73.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.73.88/; sid:900687960; rev:1;) alert tcp $HOME_NET any -> [201.170.119.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.119.83/; sid:900687959; rev:1;) alert tcp $HOME_NET any -> [72.38.51.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.38.51.142/; sid:900687958; rev:1;) alert tcp $HOME_NET any -> [97.120.29.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.120.29.210/; sid:900687957; rev:1;) alert tcp $HOME_NET any -> [105.184.93.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.93.216/; sid:900687956; rev:1;) alert tcp $HOME_NET any -> [98.180.65.81] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.180.65.81/; sid:900687955; rev:1;) alert tcp $HOME_NET any -> [201.236.135.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.135.102/; sid:900607378; rev:1;) alert tcp $HOME_NET any -> [207.134.189.64] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.189.64/; sid:900687662; rev:1;) alert tcp $HOME_NET any -> [74.79.41.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.79.41.71/; sid:900687661; rev:1;) alert tcp $HOME_NET any -> [67.77.66.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.77.66.132/; sid:900687656; rev:1;) alert tcp $HOME_NET any -> [41.33.127.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.33.127.215/; sid:900687648; rev:1;) alert tcp $HOME_NET any -> [68.42.248.45] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.42.248.45/; sid:900687643; rev:1;) alert tcp $HOME_NET any -> [24.37.133.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.37.133.84/; sid:900687642; rev:1;) alert tcp $HOME_NET any -> [182.56.134.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.56.134.44/; sid:900687638; rev:1;) alert tcp $HOME_NET any -> [50.76.83.233] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.76.83.233/; sid:900687637; rev:1;) alert tcp $HOME_NET any -> [180.150.56.166] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.150.56.166/; sid:900687635; rev:1;) alert tcp $HOME_NET any -> [187.188.148.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.148.68/; sid:900687634; rev:1;) alert tcp $HOME_NET any -> [98.127.32.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.127.32.145/; sid:900687632; rev:1;) alert tcp $HOME_NET any -> [198.0.227.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.227.57/; sid:900687631; rev:1;) alert tcp $HOME_NET any -> [189.225.87.179] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.87.179/; sid:900687630; rev:1;) alert tcp $HOME_NET any -> [176.202.177.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.202.177.18/; sid:900687598; rev:1;) alert tcp $HOME_NET any -> [70.241.50.225] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.241.50.225/; sid:900687596; rev:1;) alert tcp $HOME_NET any -> [76.65.212.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.212.229/; sid:900687558; rev:1;) alert tcp $HOME_NET any -> [24.199.200.74] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.199.200.74/; sid:900687554; rev:1;) alert tcp $HOME_NET any -> [94.66.94.255] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.66.94.255/; sid:900687551; rev:1;) alert tcp $HOME_NET any -> [190.46.180.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.46.180.71/; sid:900687547; rev:1;) alert tcp $HOME_NET any -> [47.28.152.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.28.152.58/; sid:900687541; rev:1;) alert tcp $HOME_NET any -> [207.177.101.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.177.101.10/; sid:900687540; rev:1;) alert tcp $HOME_NET any -> [149.202.160.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.160.202/; sid:900687538; rev:1;) alert tcp $HOME_NET any -> [72.181.91.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.181.91.254/; sid:900687537; rev:1;) alert tcp $HOME_NET any -> [201.233.81.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.233.81.143/; sid:900687536; rev:1;) alert tcp $HOME_NET any -> [187.250.60.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.60.214/; sid:900687535; rev:1;) alert tcp $HOME_NET any -> [73.190.103.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.190.103.188/; sid:900687534; rev:1;) alert tcp $HOME_NET any -> [81.134.0.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.0.41/; sid:900687533; rev:1;) alert tcp $HOME_NET any -> [24.240.253.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.240.253.67/; sid:900687532; rev:1;) alert tcp $HOME_NET any -> [142.217.12.151] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.217.12.151/; sid:900608374; rev:1;) alert tcp $HOME_NET any -> [201.241.119.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.241.119.48/; sid:900608346; rev:1;) alert tcp $HOME_NET any -> [200.12.210.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.12.210.58/; sid:900608621; rev:1;) alert tcp $HOME_NET any -> [72.149.206.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.149.206.152/; sid:900607379; rev:1;) alert tcp $HOME_NET any -> [24.43.156.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.156.11/; sid:900607364; rev:1;) alert tcp $HOME_NET any -> [189.131.215.94] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.215.94/; sid:900607363; rev:1;) alert tcp $HOME_NET any -> [81.134.45.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.45.212/; sid:900607357; rev:1;) alert tcp $HOME_NET any -> [50.245.192.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.245.192.129/; sid:900607360; rev:1;) alert tcp $HOME_NET any -> [98.10.198.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.10.198.137/; sid:900687201; rev:1;) alert tcp $HOME_NET any -> [178.254.33.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.30/; sid:900687197; rev:1;) alert tcp $HOME_NET any -> [139.193.177.165] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.193.177.165/; sid:900687196; rev:1;) alert tcp $HOME_NET any -> [187.189.144.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.144.131/; sid:900687190; rev:1;) alert tcp $HOME_NET any -> [124.13.204.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.13.204.89/; sid:900687186; rev:1;) alert tcp $HOME_NET any -> [81.7.10.106] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.7.10.106/; sid:900687178; rev:1;) alert tcp $HOME_NET any -> [79.79.52.182] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.79.52.182/; sid:900687176; rev:1;) alert tcp $HOME_NET any -> [86.142.26.130] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.142.26.130/; sid:900687175; rev:1;) alert tcp $HOME_NET any -> [187.250.199.185] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.199.185/; sid:900687174; rev:1;) alert tcp $HOME_NET any -> [207.255.226.104] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.226.104/; sid:900687173; rev:1;) alert tcp $HOME_NET any -> [142.59.219.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.59.219.59/; sid:900687172; rev:1;) alert tcp $HOME_NET any -> [88.250.118.73] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.118.73/; sid:900687171; rev:1;) alert tcp $HOME_NET any -> [187.189.233.31] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.233.31/; sid:900687170; rev:1;) alert tcp $HOME_NET any -> [184.58.93.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.58.93.250/; sid:900687169; rev:1;) alert tcp $HOME_NET any -> [74.195.12.152] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.195.12.152/; sid:900687168; rev:1;) alert tcp $HOME_NET any -> [31.186.54.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.186.54.47/; sid:900687131; rev:1;) alert tcp $HOME_NET any -> [200.6.168.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.168.98/; sid:900687129; rev:1;) alert tcp $HOME_NET any -> [69.198.17.20] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.198.17.20/; sid:900687125; rev:1;) alert tcp $HOME_NET any -> [74.208.163.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.163.52/; sid:900687116; rev:1;) alert tcp $HOME_NET any -> [89.120.94.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.120.94.134/; sid:900687113; rev:1;) alert tcp $HOME_NET any -> [181.56.163.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.163.152/; sid:900687111; rev:1;) alert tcp $HOME_NET any -> [187.195.13.245] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.195.13.245/; sid:900687110; rev:1;) alert tcp $HOME_NET any -> [69.203.214.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.203.214.97/; sid:900687109; rev:1;) alert tcp $HOME_NET any -> [201.132.185.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.132.185.66/; sid:900687108; rev:1;) alert tcp $HOME_NET any -> [186.68.141.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.141.218/; sid:900687107; rev:1;) alert tcp $HOME_NET any -> [190.147.53.140] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.53.140/; sid:900687106; rev:1;) alert tcp $HOME_NET any -> [97.87.198.18] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.87.198.18/; sid:900686803; rev:1;) alert tcp $HOME_NET any -> [210.215.155.44] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.215.155.44/; sid:900686802; rev:1;) alert tcp $HOME_NET any -> [54.37.77.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.77.86/; sid:900686801; rev:1;) alert tcp $HOME_NET any -> [76.182.36.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.182.36.8/; sid:900686800; rev:1;) alert tcp $HOME_NET any -> [175.136.149.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.136.149.221/; sid:900686799; rev:1;) alert tcp $HOME_NET any -> [78.187.122.37] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.122.37/; sid:900686797; rev:1;) alert tcp $HOME_NET any -> [108.166.150.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.166.150.58/; sid:900686796; rev:1;) alert tcp $HOME_NET any -> [73.51.79.185] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.51.79.185/; sid:900686795; rev:1;) alert tcp $HOME_NET any -> [187.176.67.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.67.240/; sid:900686756; rev:1;) alert tcp $HOME_NET any -> [200.85.46.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.85.46.122/; sid:900686748; rev:1;) alert tcp $HOME_NET any -> [186.68.94.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.94.62/; sid:900686739; rev:1;) alert tcp $HOME_NET any -> [183.82.101.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.101.39/; sid:900686738; rev:1;) alert tcp $HOME_NET any -> [187.188.45.145] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.45.145/; sid:900686737; rev:1;) alert tcp $HOME_NET any -> [190.110.217.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.217.70/; sid:900686736; rev:1;) alert tcp $HOME_NET any -> [207.134.145.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.145.72/; sid:900686735; rev:1;) alert tcp $HOME_NET any -> [189.210.142.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.210.142.250/; sid:900686734; rev:1;) alert tcp $HOME_NET any -> [189.252.25.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.25.74/; sid:900686733; rev:1;) alert tcp $HOME_NET any -> [24.14.188.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.14.188.26/; sid:900686732; rev:1;) alert tcp $HOME_NET any -> [128.193.56.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.193.56.47/; sid:900686731; rev:1;) alert tcp $HOME_NET any -> [71.94.35.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.94.35.102/; sid:900685259; rev:1;) alert tcp $HOME_NET any -> [217.174.206.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.174.206.181/; sid:900685257; rev:1;) alert tcp $HOME_NET any -> [159.69.2.128] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.2.128/; sid:900685234; rev:1;) alert tcp $HOME_NET any -> [65.79.210.121] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.79.210.121/; sid:900685229; rev:1;) alert tcp $HOME_NET any -> [216.215.112.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.215.112.198/; sid:900685228; rev:1;) alert tcp $HOME_NET any -> [174.67.38.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.67.38.138/; sid:900685226; rev:1;) alert tcp $HOME_NET any -> [169.255.208.22] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.255.208.22/; sid:900685033; rev:1;) alert tcp $HOME_NET any -> [71.92.71.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.92.71.2/; sid:900685018; rev:1;) alert tcp $HOME_NET any -> [97.121.182.176] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.121.182.176/; sid:900685011; rev:1;) alert tcp $HOME_NET any -> [189.153.82.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.82.104/; sid:900685004; rev:1;) alert tcp $HOME_NET any -> [121.167.204.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.167.204.226/; sid:900685003; rev:1;) alert tcp $HOME_NET any -> [12.139.45.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.139.45.113/; sid:900685001; rev:1;) alert tcp $HOME_NET any -> [113.193.217.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.217.34/; sid:900685000; rev:1;) alert tcp $HOME_NET any -> [81.215.192.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.192.201/; sid:900684999; rev:1;) alert tcp $HOME_NET any -> [113.161.86.196] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.161.86.196/; sid:900684748; rev:1;) alert tcp $HOME_NET any -> [73.165.17.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.165.17.30/; sid:900684734; rev:1;) alert tcp $HOME_NET any -> [24.252.24.240] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.252.24.240/; sid:900684718; rev:1;) alert tcp $HOME_NET any -> [176.88.227.26] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.88.227.26/; sid:900684717; rev:1;) alert tcp $HOME_NET any -> [64.118.8.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.118.8.252/; sid:900684710; rev:1;) alert tcp $HOME_NET any -> [148.245.232.121] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.245.232.121/; sid:900684501; rev:1;) alert tcp $HOME_NET any -> [96.64.183.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.183.227/; sid:900684500; rev:1;) alert tcp $HOME_NET any -> [100.17.27.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.17.27.26/; sid:900684499; rev:1;) alert tcp $HOME_NET any -> [77.86.23.44] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.86.23.44/; sid:900684498; rev:1;) alert tcp $HOME_NET any -> [201.242.55.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.242.55.19/; sid:900684497; rev:1;) alert tcp $HOME_NET any -> [187.193.161.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.161.58/; sid:900684496; rev:1;) alert tcp $HOME_NET any -> [95.6.64.119] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.6.64.119/; sid:900684495; rev:1;) alert tcp $HOME_NET any -> [8.53.148.199] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.53.148.199/; sid:900684463; rev:1;) alert tcp $HOME_NET any -> [54.39.176.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.176.27/; sid:900607309; rev:1;) alert tcp $HOME_NET any -> [198.57.223.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.223.7/; sid:900684325; rev:1;) alert tcp $HOME_NET any -> [187.199.104.240] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.104.240/; sid:900684322; rev:1;) alert tcp $HOME_NET any -> [54.39.176.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.176.22/; sid:900684321; rev:1;) alert tcp $HOME_NET any -> [83.137.249.200] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.137.249.200/; sid:900684315; rev:1;) alert tcp $HOME_NET any -> [217.13.106.14] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.13.106.14/; sid:900607308; rev:1;) alert tcp $HOME_NET any -> [208.118.96.234] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.118.96.234/; sid:900683233; rev:1;) alert tcp $HOME_NET any -> [192.226.157.108] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.226.157.108/; sid:900683230; rev:1;) alert tcp $HOME_NET any -> [75.113.198.59] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.113.198.59/; sid:900683228; rev:1;) alert tcp $HOME_NET any -> [50.78.93.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.78.93.74/; sid:900683227; rev:1;) alert tcp $HOME_NET any -> [94.155.136.9] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.155.136.9/; sid:900683225; rev:1;) alert tcp $HOME_NET any -> [211.215.86.199] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.215.86.199/; sid:900683224; rev:1;) alert tcp $HOME_NET any -> [76.75.43.243] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.75.43.243/; sid:900683219; rev:1;) alert tcp $HOME_NET any -> [175.110.104.150] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.110.104.150/; sid:900683218; rev:1;) alert tcp $HOME_NET any -> [24.116.195.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.116.195.92/; sid:900683217; rev:1;) alert tcp $HOME_NET any -> [71.167.42.74] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.167.42.74/; sid:900683215; rev:1;) alert tcp $HOME_NET any -> [172.220.109.118] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.220.109.118/; sid:900683210; rev:1;) alert tcp $HOME_NET any -> [94.173.144.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.173.144.136/; sid:900683209; rev:1;) alert tcp $HOME_NET any -> [114.79.137.106] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.137.106/; sid:900683208; rev:1;) alert tcp $HOME_NET any -> [75.140.48.194] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.140.48.194/; sid:900683206; rev:1;) alert tcp $HOME_NET any -> [72.224.73.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.224.73.157/; sid:900683202; rev:1;) alert tcp $HOME_NET any -> [98.229.127.243] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.229.127.243/; sid:900683031; rev:1;) alert tcp $HOME_NET any -> [71.45.208.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.45.208.246/; sid:900683028; rev:1;) alert tcp $HOME_NET any -> [70.167.72.96] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.167.72.96/; sid:900683027; rev:1;) alert tcp $HOME_NET any -> [41.160.168.85] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.160.168.85/; sid:900683026; rev:1;) alert tcp $HOME_NET any -> [181.123.205.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.123.205.219/; sid:900683024; rev:1;) alert tcp $HOME_NET any -> [189.151.46.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.46.3/; sid:900683019; rev:1;) alert tcp $HOME_NET any -> [105.229.123.160] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.229.123.160/; sid:900683018; rev:1;) alert tcp $HOME_NET any -> [200.105.149.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.149.226/; sid:900683016; rev:1;) alert tcp $HOME_NET any -> [72.50.72.164] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.50.72.164/; sid:900683015; rev:1;) alert tcp $HOME_NET any -> [70.184.148.77] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.148.77/; sid:900683014; rev:1;) alert tcp $HOME_NET any -> [201.203.100.160] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.203.100.160/; sid:900683010; rev:1;) alert tcp $HOME_NET any -> [201.244.125.210] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.244.125.210/; sid:900683009; rev:1;) alert tcp $HOME_NET any -> [96.242.246.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.242.246.128/; sid:900683008; rev:1;) alert tcp $HOME_NET any -> [190.189.12.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.12.16/; sid:900683007; rev:1;) alert tcp $HOME_NET any -> [220.253.68.95] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.253.68.95/; sid:900683006; rev:1;) alert tcp $HOME_NET any -> [96.23.80.242] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.23.80.242/; sid:900683005; rev:1;) alert tcp $HOME_NET any -> [69.70.248.98] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.248.98/; sid:900683004; rev:1;) alert tcp $HOME_NET any -> [87.114.250.38] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.114.250.38/; sid:900683003; rev:1;) alert tcp $HOME_NET any -> [96.245.253.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.245.253.186/; sid:900683002; rev:1;) alert tcp $HOME_NET any -> [108.53.148.199] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.53.148.199/; sid:900683001; rev:1;) alert tcp $HOME_NET any -> [199.48.138.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.48.138.55/; sid:900682751; rev:1;) alert tcp $HOME_NET any -> [50.4.178.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.4.178.101/; sid:900682750; rev:1;) alert tcp $HOME_NET any -> [177.230.98.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.98.10/; sid:900682748; rev:1;) alert tcp $HOME_NET any -> [162.154.32.144] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.154.32.144/; sid:900682744; rev:1;) alert tcp $HOME_NET any -> [76.70.25.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.70.25.209/; sid:900682738; rev:1;) alert tcp $HOME_NET any -> [190.6.195.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.195.244/; sid:900682735; rev:1;) alert tcp $HOME_NET any -> [68.15.57.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.15.57.174/; sid:900682732; rev:1;) alert tcp $HOME_NET any -> [187.177.53.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.53.149/; sid:900682731; rev:1;) alert tcp $HOME_NET any -> [201.146.20.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.20.110/; sid:900682729; rev:1;) alert tcp $HOME_NET any -> [201.163.74.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.163.74.202/; sid:900682727; rev:1;) alert tcp $HOME_NET any -> [115.47.147.24] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.47.147.24/; sid:900682725; rev:1;) alert tcp $HOME_NET any -> [74.196.132.156] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.196.132.156/; sid:900682724; rev:1;) alert tcp $HOME_NET any -> [187.205.207.53] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.205.207.53/; sid:900682723; rev:1;) alert tcp $HOME_NET any -> [41.160.245.36] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.160.245.36/; sid:900682722; rev:1;) alert tcp $HOME_NET any -> [50.237.134.22] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.237.134.22/; sid:900682721; rev:1;) alert tcp $HOME_NET any -> [64.194.68.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.194.68.19/; sid:900682720; rev:1;) alert tcp $HOME_NET any -> [189.131.48.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.48.195/; sid:900682719; rev:1;) alert tcp $HOME_NET any -> [186.72.44.178] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.72.44.178/; sid:900682718; rev:1;) alert tcp $HOME_NET any -> [64.250.162.198] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.250.162.198/; sid:900682717; rev:1;) alert tcp $HOME_NET any -> [66.222.104.80] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.222.104.80/; sid:900682390; rev:1;) alert tcp $HOME_NET any -> [110.142.233.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.233.42/; sid:900682389; rev:1;) alert tcp $HOME_NET any -> [47.196.182.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.196.182.124/; sid:900682388; rev:1;) alert tcp $HOME_NET any -> [186.177.160.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.160.221/; sid:900682387; rev:1;) alert tcp $HOME_NET any -> [186.70.66.20] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.66.20/; sid:900682384; rev:1;) alert tcp $HOME_NET any -> [205.209.247.11] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.209.247.11/; sid:900682383; rev:1;) alert tcp $HOME_NET any -> [204.184.24.210] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.24.210/; sid:900682382; rev:1;) alert tcp $HOME_NET any -> [181.67.220.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.67.220.53/; sid:900682378; rev:1;) alert tcp $HOME_NET any -> [50.38.226.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.38.226.31/; sid:900682376; rev:1;) alert tcp $HOME_NET any -> [201.152.10.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.10.14/; sid:900682375; rev:1;) alert tcp $HOME_NET any -> [47.217.99.132] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.217.99.132/; sid:900682374; rev:1;) alert tcp $HOME_NET any -> [40.131.31.201] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.131.31.201/; sid:900682373; rev:1;) alert tcp $HOME_NET any -> [98.195.248.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.195.248.98/; sid:900682372; rev:1;) alert tcp $HOME_NET any -> [184.88.53.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.88.53.40/; sid:900682364; rev:1;) alert tcp $HOME_NET any -> [206.162.235.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.162.235.123/; sid:900682363; rev:1;) alert tcp $HOME_NET any -> [84.201.226.251] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.201.226.251/; sid:900682360; rev:1;) alert tcp $HOME_NET any -> [75.135.65.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.135.65.169/; sid:900682359; rev:1;) alert tcp $HOME_NET any -> [165.255.152.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.152.160/; sid:900682358; rev:1;) alert tcp $HOME_NET any -> [107.181.1.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.1.242/; sid:900682356; rev:1;) alert tcp $HOME_NET any -> [50.84.241.38] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.84.241.38/; sid:900682355; rev:1;) alert tcp $HOME_NET any -> [201.145.148.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.148.145/; sid:900682354; rev:1;) alert tcp $HOME_NET any -> [184.66.172.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.66.172.184/; sid:900682353; rev:1;) alert tcp $HOME_NET any -> [71.172.252.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.172.252.50/; sid:900682352; rev:1;) alert tcp $HOME_NET any -> [118.189.9.243] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.189.9.243/; sid:900682351; rev:1;) alert tcp $HOME_NET any -> [186.4.4.140] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.140/; sid:900682348; rev:1;) alert tcp $HOME_NET any -> [190.12.34.162] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.12.34.162/; sid:900682347; rev:1;) alert tcp $HOME_NET any -> [72.214.82.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.214.82.107/; sid:900682342; rev:1;) alert tcp $HOME_NET any -> [108.173.55.25] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.173.55.25/; sid:900682340; rev:1;) alert tcp $HOME_NET any -> [189.189.179.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.179.66/; sid:900682339; rev:1;) alert tcp $HOME_NET any -> [187.192.140.245] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.140.245/; sid:900682338; rev:1;) alert tcp $HOME_NET any -> [68.37.194.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.37.194.102/; sid:900682337; rev:1;) alert tcp $HOME_NET any -> [47.187.147.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.147.117/; sid:900682335; rev:1;) alert tcp $HOME_NET any -> [108.174.19.26] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.19.26/; sid:900682334; rev:1;) alert tcp $HOME_NET any -> [201.183.237.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.237.116/; sid:900682329; rev:1;) alert tcp $HOME_NET any -> [86.135.9.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.135.9.120/; sid:900682328; rev:1;) alert tcp $HOME_NET any -> [189.154.42.87] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.42.87/; sid:900682327; rev:1;) alert tcp $HOME_NET any -> [201.137.234.2] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.234.2/; sid:900682326; rev:1;) alert tcp $HOME_NET any -> [190.92.39.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.39.2/; sid:900682325; rev:1;) alert tcp $HOME_NET any -> [196.210.11.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.11.146/; sid:900682324; rev:1;) alert tcp $HOME_NET any -> [2.50.58.30] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.58.30/; sid:900682323; rev:1;) alert tcp $HOME_NET any -> [181.29.143.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.143.88/; sid:900682322; rev:1;) alert tcp $HOME_NET any -> [108.6.20.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.6.20.101/; sid:900682321; rev:1;) alert tcp $HOME_NET any -> [63.153.27.53] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.27.53/; sid:900682320; rev:1;) alert tcp $HOME_NET any -> [31.167.248.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.248.50/; sid:900607273; rev:1;) alert tcp $HOME_NET any -> [78.134.74.39] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.134.74.39/; sid:900607271; rev:1;) alert tcp $HOME_NET any -> [78.186.5.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.5.109/; sid:900681827; rev:1;) alert tcp $HOME_NET any -> [123.3.103.138] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.3.103.138/; sid:900681826; rev:1;) alert tcp $HOME_NET any -> [81.134.85.83] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.85.83/; sid:900681824; rev:1;) alert tcp $HOME_NET any -> [186.4.196.172] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.196.172/; sid:900681823; rev:1;) alert tcp $HOME_NET any -> [85.99.226.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.226.42/; sid:900681822; rev:1;) alert tcp $HOME_NET any -> [88.247.129.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.129.23/; sid:900681819; rev:1;) alert tcp $HOME_NET any -> [103.90.47.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.90.47.170/; sid:900681818; rev:1;) alert tcp $HOME_NET any -> [83.110.236.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.236.72/; sid:900681815; rev:1;) alert tcp $HOME_NET any -> [183.82.112.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.28/; sid:900681806; rev:1;) alert tcp $HOME_NET any -> [88.248.7.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.248.7.84/; sid:900681804; rev:1;) alert tcp $HOME_NET any -> [86.21.198.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.21.198.113/; sid:900681801; rev:1;) alert tcp $HOME_NET any -> [95.5.225.35] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.5.225.35/; sid:900681800; rev:1;) alert tcp $HOME_NET any -> [117.232.118.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.232.118.18/; sid:900681799; rev:1;) alert tcp $HOME_NET any -> [109.69.52.112] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.69.52.112/; sid:900681798; rev:1;) alert tcp $HOME_NET any -> [100.35.105.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.105.159/; sid:900681795; rev:1;) alert tcp $HOME_NET any -> [74.131.89.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.131.89.83/; sid:900681794; rev:1;) alert tcp $HOME_NET any -> [115.64.32.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.64.32.202/; sid:900681792; rev:1;) alert tcp $HOME_NET any -> [42.114.73.81] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.114.73.81/; sid:900607270; rev:1;) alert tcp $HOME_NET any -> [216.59.200.206] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.59.200.206/; sid:900607269; rev:1;) alert tcp $HOME_NET any -> [183.82.97.20] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.97.20/; sid:900607268; rev:1;) alert tcp $HOME_NET any -> [47.38.231.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.38.231.174/; sid:900607265; rev:1;) alert tcp $HOME_NET any -> [107.184.160.132] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.184.160.132/; sid:900607261; rev:1;) alert tcp $HOME_NET any -> [66.176.191.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.176.191.160/; sid:900680061; rev:1;) alert tcp $HOME_NET any -> [70.62.35.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.62.35.198/; sid:900680053; rev:1;) alert tcp $HOME_NET any -> [190.6.230.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.230.215/; sid:900680047; rev:1;) alert tcp $HOME_NET any -> [212.159.89.25] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.159.89.25/; sid:900680043; rev:1;) alert tcp $HOME_NET any -> [64.39.152.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.39.152.28/; sid:900680029; rev:1;) alert tcp $HOME_NET any -> [67.68.149.239] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.68.149.239/; sid:900680028; rev:1;) alert tcp $HOME_NET any -> [76.19.187.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.19.187.41/; sid:900680026; rev:1;) alert tcp $HOME_NET any -> [128.2.98.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.2.98.139/; sid:900680022; rev:1;) alert tcp $HOME_NET any -> [210.206.72.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.206.72.82/; sid:900680021; rev:1;) alert tcp $HOME_NET any -> [71.75.206.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.75.206.192/; sid:900680019; rev:1;) alert tcp $HOME_NET any -> [186.10.33.220] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.33.220/; sid:900680008; rev:1;) alert tcp $HOME_NET any -> [189.160.182.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.182.18/; sid:900680000; rev:1;) alert tcp $HOME_NET any -> [181.48.84.219] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.84.219/; sid:900679999; rev:1;) alert tcp $HOME_NET any -> [189.193.246.67] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.193.246.67/; sid:900679998; rev:1;) alert tcp $HOME_NET any -> [190.128.236.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.236.190/; sid:900679994; rev:1;) alert tcp $HOME_NET any -> [201.111.8.75] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.8.75/; sid:900607252; rev:1;) alert tcp $HOME_NET any -> [150.107.195.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.107.195.35/; sid:900679828; rev:1;) alert tcp $HOME_NET any -> [105.229.229.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.229.229.121/; sid:900679824; rev:1;) alert tcp $HOME_NET any -> [81.136.230.11] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.230.11/; sid:900679823; rev:1;) alert tcp $HOME_NET any -> [88.249.224.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.224.29/; sid:900679821; rev:1;) alert tcp $HOME_NET any -> [80.44.196.20] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.196.20/; sid:900679818; rev:1;) alert tcp $HOME_NET any -> [82.15.89.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.15.89.36/; sid:900679803; rev:1;) alert tcp $HOME_NET any -> [2.26.135.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.26.135.106/; sid:900679802; rev:1;) alert tcp $HOME_NET any -> [85.100.123.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.100.123.118/; sid:900679798; rev:1;) alert tcp $HOME_NET any -> [41.145.51.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.145.51.212/; sid:900679797; rev:1;) alert tcp $HOME_NET any -> [80.211.209.144] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.209.144/; sid:900607248; rev:1;) alert tcp $HOME_NET any -> [199.241.229.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.241.229.20/; sid:900607247; rev:1;) alert tcp $HOME_NET any -> [84.77.124.122] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.77.124.122/; sid:900679710; rev:1;) alert tcp $HOME_NET any -> [66.130.150.253] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.130.150.253/; sid:900679705; rev:1;) alert tcp $HOME_NET any -> [189.211.177.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.211.177.113/; sid:900679696; rev:1;) alert tcp $HOME_NET any -> [148.103.9.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.9.8/; sid:900679695; rev:1;) alert tcp $HOME_NET any -> [174.27.103.37] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.27.103.37/; sid:900679693; rev:1;) alert tcp $HOME_NET any -> [94.173.85.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.173.85.44/; sid:900679692; rev:1;) alert tcp $HOME_NET any -> [189.222.75.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.75.8/; sid:900679691; rev:1;) alert tcp $HOME_NET any -> [207.107.101.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.107.101.210/; sid:900679690; rev:1;) alert tcp $HOME_NET any -> [64.60.82.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.60.82.82/; sid:900679689; rev:1;) alert tcp $HOME_NET any -> [92.27.115.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.115.15/; sid:900679688; rev:1;) alert tcp $HOME_NET any -> [74.59.100.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.100.124/; sid:900679687; rev:1;) alert tcp $HOME_NET any -> [86.151.209.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.209.241/; sid:900679606; rev:1;) alert tcp $HOME_NET any -> [75.130.100.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.130.100.165/; sid:900679605; rev:1;) alert tcp $HOME_NET any -> [123.231.21.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.231.21.141/; sid:900679603; rev:1;) alert tcp $HOME_NET any -> [194.24.241.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.24.241.195/; sid:900679601; rev:1;) alert tcp $HOME_NET any -> [49.207.6.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.207.6.206/; sid:900679596; rev:1;) alert tcp $HOME_NET any -> [71.210.151.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.210.151.191/; sid:900679594; rev:1;) alert tcp $HOME_NET any -> [173.53.101.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.53.101.212/; sid:900679592; rev:1;) alert tcp $HOME_NET any -> [120.72.92.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.72.92.210/; sid:900679589; rev:1;) alert tcp $HOME_NET any -> [105.225.90.98] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.90.98/; sid:900679586; rev:1;) alert tcp $HOME_NET any -> [213.6.149.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.6.149.158/; sid:900679585; rev:1;) alert tcp $HOME_NET any -> [105.228.219.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.219.48/; sid:900679582; rev:1;) alert tcp $HOME_NET any -> [210.56.2.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.56.2.200/; sid:900679580; rev:1;) alert tcp $HOME_NET any -> [185.97.32.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.97.32.6/; sid:900679578; rev:1;) alert tcp $HOME_NET any -> [27.72.73.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.73.229/; sid:900679577; rev:1;) alert tcp $HOME_NET any -> [51.52.204.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.52.204.110/; sid:900679576; rev:1;) alert tcp $HOME_NET any -> [75.97.208.9] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.97.208.9/; sid:900679575; rev:1;) alert tcp $HOME_NET any -> [198.72.196.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.72.196.89/; sid:900679574; rev:1;) alert tcp $HOME_NET any -> [110.10.106.151] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.10.106.151/; sid:900679573; rev:1;) alert tcp $HOME_NET any -> [45.78.205.197] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.78.205.197/; sid:900679572; rev:1;) alert tcp $HOME_NET any -> [172.223.235.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.223.235.13/; sid:900679571; rev:1;) alert tcp $HOME_NET any -> [24.116.40.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.116.40.208/; sid:900679570; rev:1;) alert tcp $HOME_NET any -> [120.234.52.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.234.52.74/; sid:900679568; rev:1;) alert tcp $HOME_NET any -> [76.11.12.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.11.12.191/; sid:900607242; rev:1;) alert tcp $HOME_NET any -> [190.92.45.2] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.45.2/; sid:900678579; rev:1;) alert tcp $HOME_NET any -> [27.130.227.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.130.227.129/; sid:900678577; rev:1;) alert tcp $HOME_NET any -> [197.86.204.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.86.204.44/; sid:900678576; rev:1;) alert tcp $HOME_NET any -> [179.50.246.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.50.246.148/; sid:900678574; rev:1;) alert tcp $HOME_NET any -> [178.119.124.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.119.124.32/; sid:900678573; rev:1;) alert tcp $HOME_NET any -> [189.160.157.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.157.135/; sid:900678571; rev:1;) alert tcp $HOME_NET any -> [131.196.250.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.196.250.33/; sid:900678570; rev:1;) alert tcp $HOME_NET any -> [165.255.44.4] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.44.4/; sid:900678567; rev:1;) alert tcp $HOME_NET any -> [187.233.134.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.134.190/; sid:900678565; rev:1;) alert tcp $HOME_NET any -> [75.130.67.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.130.67.114/; sid:900678563; rev:1;) alert tcp $HOME_NET any -> [50.254.140.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.254.140.98/; sid:900678560; rev:1;) alert tcp $HOME_NET any -> [187.150.225.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.225.24/; sid:900678559; rev:1;) alert tcp $HOME_NET any -> [70.169.53.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.169.53.30/; sid:900678558; rev:1;) alert tcp $HOME_NET any -> [209.183.136.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.183.136.202/; sid:900678557; rev:1;) alert tcp $HOME_NET any -> [190.181.12.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.181.12.115/; sid:900678556; rev:1;) alert tcp $HOME_NET any -> [187.178.233.140] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.233.140/; sid:900678555; rev:1;) alert tcp $HOME_NET any -> [217.36.122.251] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.36.122.251/; sid:900678554; rev:1;) alert tcp $HOME_NET any -> [201.172.102.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.172.102.133/; sid:900678553; rev:1;) alert tcp $HOME_NET any -> [190.96.46.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.46.39/; sid:900678552; rev:1;) alert tcp $HOME_NET any -> [189.225.81.201] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.81.201/; sid:900678551; rev:1;) alert tcp $HOME_NET any -> [86.158.152.76] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.158.152.76/; sid:900678522; rev:1;) alert tcp $HOME_NET any -> [96.48.17.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.48.17.38/; sid:900678517; rev:1;) alert tcp $HOME_NET any -> [217.165.147.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.147.33/; sid:900678515; rev:1;) alert tcp $HOME_NET any -> [173.8.46.45] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.46.45/; sid:900678514; rev:1;) alert tcp $HOME_NET any -> [68.199.249.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.199.249.130/; sid:900678512; rev:1;) alert tcp $HOME_NET any -> [81.140.49.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.140.49.231/; sid:900678510; rev:1;) alert tcp $HOME_NET any -> [81.135.42.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.135.42.193/; sid:900678506; rev:1;) alert tcp $HOME_NET any -> [82.20.167.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.20.167.102/; sid:900678504; rev:1;) alert tcp $HOME_NET any -> [98.191.228.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.191.228.247/; sid:900678503; rev:1;) alert tcp $HOME_NET any -> [77.159.55.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.159.55.80/; sid:900678500; rev:1;) alert tcp $HOME_NET any -> [154.116.24.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.116.24.85/; sid:900678499; rev:1;) alert tcp $HOME_NET any -> [203.170.78.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.170.78.42/; sid:900678498; rev:1;) alert tcp $HOME_NET any -> [105.246.34.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.246.34.222/; sid:900678497; rev:1;) alert tcp $HOME_NET any -> [197.245.110.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.110.91/; sid:900678496; rev:1;) alert tcp $HOME_NET any -> [153.122.38.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.122.38.158/; sid:900678494; rev:1;) alert tcp $HOME_NET any -> [203.192.248.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.192.248.123/; sid:900678493; rev:1;) alert tcp $HOME_NET any -> [181.39.148.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.148.122/; sid:900678492; rev:1;) alert tcp $HOME_NET any -> [103.210.49.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.210.49.242/; sid:900678491; rev:1;) alert tcp $HOME_NET any -> [71.32.75.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.32.75.57/; sid:900678490; rev:1;) alert tcp $HOME_NET any -> [67.55.249.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.55.249.84/; sid:900678489; rev:1;) alert tcp $HOME_NET any -> [96.89.6.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.89.6.21/; sid:900678488; rev:1;) alert tcp $HOME_NET any -> [103.69.91.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.69.91.106/; sid:900678487; rev:1;) alert tcp $HOME_NET any -> [108.2.108.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.2.108.124/; sid:900678486; rev:1;) alert tcp $HOME_NET any -> [72.216.21.186] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.216.21.186/; sid:900678485; rev:1;) alert tcp $HOME_NET any -> [88.248.51.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.248.51.109/; sid:900678484; rev:1;) alert tcp $HOME_NET any -> [189.212.177.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.212.177.73/; sid:900607224; rev:1;) alert tcp $HOME_NET any -> [108.14.245.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.14.245.9/; sid:900607218; rev:1;) alert tcp $HOME_NET any -> [174.95.0.69] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.95.0.69/; sid:900607189; rev:1;) alert tcp $HOME_NET any -> [185.106.208.180] 8081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.106.208.180/; sid:900607239; rev:1;) alert tcp $HOME_NET any -> [104.131.33.184] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.33.184/; sid:900607238; rev:1;) alert tcp $HOME_NET any -> [169.1.104.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.104.160/; sid:900677377; rev:1;) alert tcp $HOME_NET any -> [105.247.156.214] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.156.214/; sid:900677375; rev:1;) alert tcp $HOME_NET any -> [139.59.242.76] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.242.76/; sid:900677371; rev:1;) alert tcp $HOME_NET any -> [187.206.141.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.206.141.29/; sid:900677369; rev:1;) alert tcp $HOME_NET any -> [197.89.76.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.76.170/; sid:900677368; rev:1;) alert tcp $HOME_NET any -> [187.235.92.145] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.92.145/; sid:900677367; rev:1;) alert tcp $HOME_NET any -> [181.174.98.54] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.174.98.54/; sid:900677364; rev:1;) alert tcp $HOME_NET any -> [108.167.87.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.167.87.107/; sid:900677362; rev:1;) alert tcp $HOME_NET any -> [177.224.77.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.224.77.214/; sid:900677361; rev:1;) alert tcp $HOME_NET any -> [70.93.62.213] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.93.62.213/; sid:900677360; rev:1;) alert tcp $HOME_NET any -> [139.162.237.94] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.237.94/; sid:900677358; rev:1;) alert tcp $HOME_NET any -> [70.123.90.225] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.90.225/; sid:900677357; rev:1;) alert tcp $HOME_NET any -> [187.178.20.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.20.47/; sid:900677356; rev:1;) alert tcp $HOME_NET any -> [211.227.213.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.227.213.49/; sid:900677355; rev:1;) alert tcp $HOME_NET any -> [94.60.108.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.60.108.236/; sid:900677354; rev:1;) alert tcp $HOME_NET any -> [220.144.39.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.144.39.175/; sid:900677353; rev:1;) alert tcp $HOME_NET any -> [201.153.196.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.196.51/; sid:900677352; rev:1;) alert tcp $HOME_NET any -> [189.146.10.42] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.10.42/; sid:900677351; rev:1;) alert tcp $HOME_NET any -> [187.198.200.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.200.242/; sid:900677350; rev:1;) alert tcp $HOME_NET any -> [201.132.110.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.132.110.134/; sid:900677349; rev:1;) alert tcp $HOME_NET any -> [177.242.11.145] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.11.145/; sid:900677348; rev:1;) alert tcp $HOME_NET any -> [194.150.118.20] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.20/; sid:900607190; rev:1;) alert tcp $HOME_NET any -> [81.215.200.158] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.215.200.158/; sid:900677099; rev:1;) alert tcp $HOME_NET any -> [138.201.197.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.197.13/; sid:900677097; rev:1;) alert tcp $HOME_NET any -> [106.68.9.33] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.68.9.33/; sid:900677096; rev:1;) alert tcp $HOME_NET any -> [85.104.57.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.57.45/; sid:900677095; rev:1;) alert tcp $HOME_NET any -> [207.112.18.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.112.18.150/; sid:900677094; rev:1;) alert tcp $HOME_NET any -> [104.220.90.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.90.107/; sid:900677093; rev:1;) alert tcp $HOME_NET any -> [105.184.68.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.68.110/; sid:900677088; rev:1;) alert tcp $HOME_NET any -> [85.246.79.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.246.79.84/; sid:900677085; rev:1;) alert tcp $HOME_NET any -> [190.86.177.157] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.86.177.157/; sid:900677084; rev:1;) alert tcp $HOME_NET any -> [216.74.200.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.74.200.97/; sid:900677083; rev:1;) alert tcp $HOME_NET any -> [81.151.15.109] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.151.15.109/; sid:900677081; rev:1;) alert tcp $HOME_NET any -> [63.141.2.116] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.141.2.116/; sid:900677079; rev:1;) alert tcp $HOME_NET any -> [85.100.125.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.100.125.179/; sid:900677077; rev:1;) alert tcp $HOME_NET any -> [130.180.10.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.180.10.18/; sid:900677076; rev:1;) alert tcp $HOME_NET any -> [80.218.122.178] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.218.122.178/; sid:900677074; rev:1;) alert tcp $HOME_NET any -> [62.75.143.128] 8081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.143.128/; sid:900677072; rev:1;) alert tcp $HOME_NET any -> [174.64.65.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.64.65.21/; sid:900677071; rev:1;) alert tcp $HOME_NET any -> [184.191.59.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.191.59.24/; sid:900677069; rev:1;) alert tcp $HOME_NET any -> [75.76.172.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.76.172.226/; sid:900677068; rev:1;) alert tcp $HOME_NET any -> [108.52.190.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.52.190.19/; sid:900677066; rev:1;) alert tcp $HOME_NET any -> [148.74.143.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.74.143.194/; sid:900677065; rev:1;) alert tcp $HOME_NET any -> [64.68.15.56] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.68.15.56/; sid:900677064; rev:1;) alert tcp $HOME_NET any -> [98.5.202.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.5.202.134/; sid:900677063; rev:1;) alert tcp $HOME_NET any -> [70.168.211.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.211.61/; sid:900677062; rev:1;) alert tcp $HOME_NET any -> [50.100.59.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.100.59.190/; sid:900607212; rev:1;) alert tcp $HOME_NET any -> [128.199.128.71] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.128.71/; sid:900607207; rev:1;) alert tcp $HOME_NET any -> [73.84.157.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.84.157.141/; sid:900676910; rev:1;) alert tcp $HOME_NET any -> [24.212.245.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.212.245.241/; sid:900607216; rev:1;) alert tcp $HOME_NET any -> [71.179.11.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.179.11.122/; sid:900607260; rev:1;) alert tcp $HOME_NET any -> [118.69.187.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.187.243/; sid:900607211; rev:1;) alert tcp $HOME_NET any -> [189.226.52.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.52.162/; sid:900676689; rev:1;) alert tcp $HOME_NET any -> [98.114.129.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.114.129.111/; sid:900676688; rev:1;) alert tcp $HOME_NET any -> [172.114.223.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.223.47/; sid:900676687; rev:1;) alert tcp $HOME_NET any -> [42.201.193.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.201.193.254/; sid:900676686; rev:1;) alert tcp $HOME_NET any -> [50.84.214.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.84.214.75/; sid:900676682; rev:1;) alert tcp $HOME_NET any -> [144.139.171.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.171.201/; sid:900676681; rev:1;) alert tcp $HOME_NET any -> [74.211.83.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.211.83.122/; sid:900676679; rev:1;) alert tcp $HOME_NET any -> [66.68.162.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.68.162.209/; sid:900676675; rev:1;) alert tcp $HOME_NET any -> [32.215.161.182] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.215.161.182/; sid:900676673; rev:1;) alert tcp $HOME_NET any -> [87.74.234.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.74.234.72/; sid:900676671; rev:1;) alert tcp $HOME_NET any -> [173.61.22.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.61.22.150/; sid:900676670; rev:1;) alert tcp $HOME_NET any -> [141.134.33.159] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.134.33.159/; sid:900676669; rev:1;) alert tcp $HOME_NET any -> [184.162.73.170] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.162.73.170/; sid:900676666; rev:1;) alert tcp $HOME_NET any -> [189.160.238.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.238.108/; sid:900676665; rev:1;) alert tcp $HOME_NET any -> [69.75.57.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.75.57.178/; sid:900676663; rev:1;) alert tcp $HOME_NET any -> [181.140.10.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.10.69/; sid:900676659; rev:1;) alert tcp $HOME_NET any -> [75.164.168.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.164.168.56/; sid:900676658; rev:1;) alert tcp $HOME_NET any -> [81.155.103.153] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.155.103.153/; sid:900676657; rev:1;) alert tcp $HOME_NET any -> [2.50.150.28] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.150.28/; sid:900676655; rev:1;) alert tcp $HOME_NET any -> [68.203.137.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.203.137.105/; sid:900676654; rev:1;) alert tcp $HOME_NET any -> [5.197.57.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.197.57.205/; sid:900676653; rev:1;) alert tcp $HOME_NET any -> [136.56.30.168] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.56.30.168/; sid:900676652; rev:1;) alert tcp $HOME_NET any -> [76.120.104.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.120.104.107/; sid:900676651; rev:1;) alert tcp $HOME_NET any -> [213.123.182.53] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.123.182.53/; sid:900676650; rev:1;) alert tcp $HOME_NET any -> [201.145.118.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.145.118.199/; sid:900676647; rev:1;) alert tcp $HOME_NET any -> [189.190.154.29] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.154.29/; sid:900676643; rev:1;) alert tcp $HOME_NET any -> [159.192.247.138] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.192.247.138/; sid:900676642; rev:1;) alert tcp $HOME_NET any -> [160.226.162.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.226.162.79/; sid:900676641; rev:1;) alert tcp $HOME_NET any -> [39.53.38.131] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.53.38.131/; sid:900676640; rev:1;) alert tcp $HOME_NET any -> [187.193.97.96] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.97.96/; sid:900676638; rev:1;) alert tcp $HOME_NET any -> [1.22.155.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.22.155.6/; sid:900676637; rev:1;) alert tcp $HOME_NET any -> [189.207.123.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.207.123.105/; sid:900676636; rev:1;) alert tcp $HOME_NET any -> [189.161.67.1] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.161.67.1/; sid:900676634; rev:1;) alert tcp $HOME_NET any -> [190.180.108.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.108.38/; sid:900676632; rev:1;) alert tcp $HOME_NET any -> [190.144.78.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.78.74/; sid:900676629; rev:1;) alert tcp $HOME_NET any -> [189.219.205.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.219.205.50/; sid:900676628; rev:1;) alert tcp $HOME_NET any -> [200.68.112.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.112.41/; sid:900676627; rev:1;) alert tcp $HOME_NET any -> [200.56.104.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.56.104.44/; sid:900676626; rev:1;) alert tcp $HOME_NET any -> [209.204.201.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.204.201.18/; sid:900676625; rev:1;) alert tcp $HOME_NET any -> [41.79.155.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.79.155.118/; sid:900676624; rev:1;) alert tcp $HOME_NET any -> [181.29.82.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.82.117/; sid:900676623; rev:1;) alert tcp $HOME_NET any -> [201.146.211.106] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.211.106/; sid:900676622; rev:1;) alert tcp $HOME_NET any -> [201.102.224.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.102.224.23/; sid:900676621; rev:1;) alert tcp $HOME_NET any -> [81.21.85.89] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.85.89/; sid:900676620; rev:1;) alert tcp $HOME_NET any -> [67.198.114.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.198.114.216/; sid:900676619; rev:1;) alert tcp $HOME_NET any -> [209.191.212.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.191.212.138/; sid:900676612; rev:1;) alert tcp $HOME_NET any -> [24.55.35.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.55.35.218/; sid:900676611; rev:1;) alert tcp $HOME_NET any -> [47.195.11.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.195.11.237/; sid:900676607; rev:1;) alert tcp $HOME_NET any -> [73.82.149.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.82.149.238/; sid:900676606; rev:1;) alert tcp $HOME_NET any -> [97.89.63.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.89.63.178/; sid:900676605; rev:1;) alert tcp $HOME_NET any -> [75.176.141.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.176.141.182/; sid:900676603; rev:1;) alert tcp $HOME_NET any -> [91.242.31.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.242.31.70/; sid:900676598; rev:1;) alert tcp $HOME_NET any -> [134.228.82.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.228.82.71/; sid:900676594; rev:1;) alert tcp $HOME_NET any -> [98.250.18.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.250.18.38/; sid:900676590; rev:1;) alert tcp $HOME_NET any -> [73.45.37.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.45.37.36/; sid:900676589; rev:1;) alert tcp $HOME_NET any -> [50.32.101.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.32.101.88/; sid:900676588; rev:1;) alert tcp $HOME_NET any -> [50.79.170.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.79.170.57/; sid:900676587; rev:1;) alert tcp $HOME_NET any -> [24.123.49.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.49.250/; sid:900676584; rev:1;) alert tcp $HOME_NET any -> [51.52.199.32] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.52.199.32/; sid:900676583; rev:1;) alert tcp $HOME_NET any -> [24.129.199.213] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.129.199.213/; sid:900676582; rev:1;) alert tcp $HOME_NET any -> [104.139.112.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.139.112.238/; sid:900676581; rev:1;) alert tcp $HOME_NET any -> [72.250.182.228] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.250.182.228/; sid:900676395; rev:1;) alert tcp $HOME_NET any -> [77.44.50.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.50.42/; sid:900676394; rev:1;) alert tcp $HOME_NET any -> [186.46.219.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.219.90/; sid:900676393; rev:1;) alert tcp $HOME_NET any -> [134.17.26.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.17.26.150/; sid:900676392; rev:1;) alert tcp $HOME_NET any -> [177.240.41.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.240.41.217/; sid:900676388; rev:1;) alert tcp $HOME_NET any -> [64.146.148.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.146.148.10/; sid:900676386; rev:1;) alert tcp $HOME_NET any -> [200.236.122.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.122.54/; sid:900676385; rev:1;) alert tcp $HOME_NET any -> [190.221.222.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.221.222.116/; sid:900676384; rev:1;) alert tcp $HOME_NET any -> [187.207.21.203] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.21.203/; sid:900676383; rev:1;) alert tcp $HOME_NET any -> [187.167.1.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.1.106/; sid:900676380; rev:1;) alert tcp $HOME_NET any -> [160.226.171.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.226.171.143/; sid:900676378; rev:1;) alert tcp $HOME_NET any -> [70.50.1.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.50.1.47/; sid:900676374; rev:1;) alert tcp $HOME_NET any -> [85.105.239.184] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.239.184/; sid:900676373; rev:1;) alert tcp $HOME_NET any -> [177.80.149.26] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.80.149.26/; sid:900676372; rev:1;) alert tcp $HOME_NET any -> [217.91.176.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.91.176.198/; sid:900676371; rev:1;) alert tcp $HOME_NET any -> [101.187.191.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.191.192/; sid:900676370; rev:1;) alert tcp $HOME_NET any -> [51.52.97.155] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.52.97.155/; sid:900676369; rev:1;) alert tcp $HOME_NET any -> [2.50.50.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.50.203/; sid:900676368; rev:1;) alert tcp $HOME_NET any -> [186.4.209.139] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.209.139/; sid:900676367; rev:1;) alert tcp $HOME_NET any -> [105.228.136.172] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.136.172/; sid:900676366; rev:1;) alert tcp $HOME_NET any -> [50.195.229.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.195.229.118/; sid:900676070; rev:1;) alert tcp $HOME_NET any -> [106.187.52.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.187.52.135/; sid:900676067; rev:1;) alert tcp $HOME_NET any -> [202.124.179.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.124.179.78/; sid:900676066; rev:1;) alert tcp $HOME_NET any -> [174.93.1.58] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.93.1.58/; sid:900676065; rev:1;) alert tcp $HOME_NET any -> [201.80.109.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.80.109.183/; sid:900676051; rev:1;) alert tcp $HOME_NET any -> [87.229.23.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.229.23.38/; sid:900676047; rev:1;) alert tcp $HOME_NET any -> [69.70.217.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.217.174/; sid:900676046; rev:1;) alert tcp $HOME_NET any -> [128.2.97.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.2.97.48/; sid:900676045; rev:1;) alert tcp $HOME_NET any -> [24.144.147.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.144.147.216/; sid:900676040; rev:1;) alert tcp $HOME_NET any -> [128.2.96.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.2.96.97/; sid:900607193; rev:1;) alert tcp $HOME_NET any -> [92.134.246.8] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.134.246.8/; sid:900675680; rev:1;) alert tcp $HOME_NET any -> [197.243.230.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.243.230.45/; sid:900675675; rev:1;) alert tcp $HOME_NET any -> [65.94.239.77] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.94.239.77/; sid:900675672; rev:1;) alert tcp $HOME_NET any -> [128.2.97.187] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.2.97.187/; sid:900607183; rev:1;) alert tcp $HOME_NET any -> [176.219.82.79] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.219.82.79/; sid:900674138; rev:1;) alert tcp $HOME_NET any -> [124.121.192.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.121.192.186/; sid:900674137; rev:1;) alert tcp $HOME_NET any -> [189.253.126.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.126.66/; sid:900674136; rev:1;) alert tcp $HOME_NET any -> [185.129.3.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.3.211/; sid:900674134; rev:1;) alert tcp $HOME_NET any -> [73.125.45.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.125.45.48/; sid:900607169; rev:1;) alert tcp $HOME_NET any -> [98.189.120.110] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.189.120.110/; sid:900673208; rev:1;) alert tcp $HOME_NET any -> [92.207.145.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.207.145.74/; sid:900673206; rev:1;) alert tcp $HOME_NET any -> [85.107.167.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.107.167.102/; sid:900673200; rev:1;) alert tcp $HOME_NET any -> [105.225.106.51] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.106.51/; sid:900673193; rev:1;) alert tcp $HOME_NET any -> [70.182.77.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.182.77.205/; sid:900673191; rev:1;) alert tcp $HOME_NET any -> [73.254.114.194] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.254.114.194/; sid:900673187; rev:1;) alert tcp $HOME_NET any -> [98.223.46.139] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.223.46.139/; sid:900673186; rev:1;) alert tcp $HOME_NET any -> [83.110.81.14] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.81.14/; sid:900673177; rev:1;) alert tcp $HOME_NET any -> [81.136.206.155] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.136.206.155/; sid:900673176; rev:1;) alert tcp $HOME_NET any -> [24.223.95.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.223.95.233/; sid:900673175; rev:1;) alert tcp $HOME_NET any -> [68.203.247.140] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.203.247.140/; sid:900673174; rev:1;) alert tcp $HOME_NET any -> [187.141.116.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.141.116.52/; sid:900673172; rev:1;) alert tcp $HOME_NET any -> [81.174.148.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.174.148.49/; sid:900673170; rev:1;) alert tcp $HOME_NET any -> [70.168.121.169] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.121.169/; sid:900673169; rev:1;) alert tcp $HOME_NET any -> [67.52.220.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.52.220.134/; sid:900673168; rev:1;) alert tcp $HOME_NET any -> [24.253.16.214] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.253.16.214/; sid:900672296; rev:1;) alert tcp $HOME_NET any -> [201.170.115.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.170.115.201/; sid:900672283; rev:1;) alert tcp $HOME_NET any -> [2.220.176.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.220.176.75/; sid:900672282; rev:1;) alert tcp $HOME_NET any -> [50.125.99.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.125.99.70/; sid:900672281; rev:1;) alert tcp $HOME_NET any -> [24.98.3.183] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.98.3.183/; sid:900672279; rev:1;) alert tcp $HOME_NET any -> [199.38.204.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.204.218/; sid:900672278; rev:1;) alert tcp $HOME_NET any -> [189.250.174.245] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.174.245/; sid:900672277; rev:1;) alert tcp $HOME_NET any -> [24.90.102.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.90.102.247/; sid:900672276; rev:1;) alert tcp $HOME_NET any -> [198.199.185.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.185.25/; sid:900672242; rev:1;) alert tcp $HOME_NET any -> [178.63.118.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.63.118.195/; sid:900672231; rev:1;) alert tcp $HOME_NET any -> [45.33.14.245] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.14.245/; sid:900672227; rev:1;) alert tcp $HOME_NET any -> [191.99.1.82] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.1.82/; sid:900607176; rev:1;) alert tcp $HOME_NET any -> [24.101.164.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.101.164.45/; sid:900607155; rev:1;) alert tcp $HOME_NET any -> [80.153.203.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.153.203.197/; sid:900671622; rev:1;) alert tcp $HOME_NET any -> [67.184.210.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.184.210.222/; sid:900671617; rev:1;) alert tcp $HOME_NET any -> [76.65.107.103] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.65.107.103/; sid:900671615; rev:1;) alert tcp $HOME_NET any -> [187.236.143.141] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.236.143.141/; sid:900671614; rev:1;) alert tcp $HOME_NET any -> [186.1.5.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.1.5.138/; sid:900671611; rev:1;) alert tcp $HOME_NET any -> [189.154.155.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.155.174/; sid:900671610; rev:1;) alert tcp $HOME_NET any -> [99.234.31.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.234.31.250/; sid:900671606; rev:1;) alert tcp $HOME_NET any -> [209.213.232.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.213.232.117/; sid:900671605; rev:1;) alert tcp $HOME_NET any -> [87.140.80.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.140.80.252/; sid:900671604; rev:1;) alert tcp $HOME_NET any -> [76.184.177.217] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.184.177.217/; sid:900671146; rev:1;) alert tcp $HOME_NET any -> [24.40.230.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.40.230.254/; sid:900671142; rev:1;) alert tcp $HOME_NET any -> [174.75.64.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.75.64.15/; sid:900671136; rev:1;) alert tcp $HOME_NET any -> [173.68.6.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.6.147/; sid:900671132; rev:1;) alert tcp $HOME_NET any -> [201.142.170.69] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.170.69/; sid:900671131; rev:1;) alert tcp $HOME_NET any -> [74.142.42.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.142.42.210/; sid:900671130; rev:1;) alert tcp $HOME_NET any -> [118.41.9.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.41.9.171/; sid:900671129; rev:1;) alert tcp $HOME_NET any -> [187.155.1.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.1.227/; sid:900671128; rev:1;) alert tcp $HOME_NET any -> [209.93.151.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.93.151.9/; sid:900671125; rev:1;) alert tcp $HOME_NET any -> [47.17.167.129] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.17.167.129/; sid:900671124; rev:1;) alert tcp $HOME_NET any -> [47.187.51.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.51.132/; sid:900607145; rev:1;) alert tcp $HOME_NET any -> [67.251.11.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.251.11.28/; sid:900670900; rev:1;) alert tcp $HOME_NET any -> [87.159.82.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.159.82.161/; sid:900670899; rev:1;) alert tcp $HOME_NET any -> [173.70.36.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.70.36.136/; sid:900670898; rev:1;) alert tcp $HOME_NET any -> [91.74.59.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.59.161/; sid:900670897; rev:1;) alert tcp $HOME_NET any -> [209.183.22.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.183.22.245/; sid:900607136; rev:1;) alert tcp $HOME_NET any -> [189.135.53.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.53.72/; sid:900607137; rev:1;) alert tcp $HOME_NET any -> [69.198.17.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.198.17.7/; sid:900670648; rev:1;) alert tcp $HOME_NET any -> [118.174.151.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.151.25/; sid:900670641; rev:1;) alert tcp $HOME_NET any -> [84.168.127.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.168.127.125/; sid:900670590; rev:1;) alert tcp $HOME_NET any -> [105.184.211.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.211.23/; sid:900670588; rev:1;) alert tcp $HOME_NET any -> [117.222.46.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.222.46.128/; sid:900670583; rev:1;) alert tcp $HOME_NET any -> [201.183.235.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.235.150/; sid:900670582; rev:1;) alert tcp $HOME_NET any -> [68.14.221.174] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.14.221.174/; sid:900670581; rev:1;) alert tcp $HOME_NET any -> [137.175.248.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.175.248.4/; sid:900670580; rev:1;) alert tcp $HOME_NET any -> [51.52.210.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.52.210.93/; sid:900670575; rev:1;) alert tcp $HOME_NET any -> [189.193.88.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.193.88.137/; sid:900670574; rev:1;) alert tcp $HOME_NET any -> [190.233.119.42] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.233.119.42/; sid:900670573; rev:1;) alert tcp $HOME_NET any -> [181.48.19.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.19.4/; sid:900670572; rev:1;) alert tcp $HOME_NET any -> [184.149.48.160] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.48.160/; sid:900670571; rev:1;) alert tcp $HOME_NET any -> [202.134.191.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.134.191.142/; sid:900670570; rev:1;) alert tcp $HOME_NET any -> [190.120.22.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.22.227/; sid:900670569; rev:1;) alert tcp $HOME_NET any -> [72.46.176.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.46.176.46/; sid:900670566; rev:1;) alert tcp $HOME_NET any -> [66.115.238.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.238.16/; sid:900607134; rev:1;) alert tcp $HOME_NET any -> [82.19.6.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.19.6.143/; sid:900670535; rev:1;) alert tcp $HOME_NET any -> [78.102.51.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.102.51.229/; sid:900670534; rev:1;) alert tcp $HOME_NET any -> [66.191.63.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.191.63.170/; sid:900670531; rev:1;) alert tcp $HOME_NET any -> [71.251.192.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.251.192.132/; sid:900670523; rev:1;) alert tcp $HOME_NET any -> [62.232.246.218] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.232.246.218/; sid:900670522; rev:1;) alert tcp $HOME_NET any -> [93.103.89.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.103.89.117/; sid:900670521; rev:1;) alert tcp $HOME_NET any -> [81.16.240.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.16.240.39/; sid:900670520; rev:1;) alert tcp $HOME_NET any -> [67.245.84.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.245.84.8/; sid:900670519; rev:1;) alert tcp $HOME_NET any -> [35.141.236.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/35.141.236.45/; sid:900670517; rev:1;) alert tcp $HOME_NET any -> [201.183.153.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.153.243/; sid:900670514; rev:1;) alert tcp $HOME_NET any -> [24.194.235.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.194.235.193/; sid:900670510; rev:1;) alert tcp $HOME_NET any -> [81.17.93.134] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.17.93.134/; sid:900670509; rev:1;) alert tcp $HOME_NET any -> [184.70.141.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.70.141.226/; sid:900670508; rev:1;) alert tcp $HOME_NET any -> [213.79.36.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.79.36.67/; sid:900670507; rev:1;) alert tcp $HOME_NET any -> [181.111.255.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.111.255.220/; sid:900670504; rev:1;) alert tcp $HOME_NET any -> [47.206.102.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.206.102.188/; sid:900670503; rev:1;) alert tcp $HOME_NET any -> [174.99.88.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.99.88.121/; sid:900670502; rev:1;) alert tcp $HOME_NET any -> [96.224.240.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.224.240.123/; sid:900670501; rev:1;) alert tcp $HOME_NET any -> [70.90.72.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.90.72.230/; sid:900670500; rev:1;) alert tcp $HOME_NET any -> [63.153.163.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.153.163.207/; sid:900670499; rev:1;) alert tcp $HOME_NET any -> [216.221.65.224] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.65.224/; sid:900670498; rev:1;) alert tcp $HOME_NET any -> [76.7.2.27] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.7.2.27/; sid:900670497; rev:1;) alert tcp $HOME_NET any -> [24.103.167.82] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.103.167.82/; sid:900670496; rev:1;) alert tcp $HOME_NET any -> [66.220.131.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.220.131.199/; sid:900607132; rev:1;) alert tcp $HOME_NET any -> [173.91.213.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.91.213.226/; sid:900607131; rev:1;) alert tcp $HOME_NET any -> [75.133.5.186] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.133.5.186/; sid:900668686; rev:1;) alert tcp $HOME_NET any -> [204.184.25.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.6/; sid:900668675; rev:1;) alert tcp $HOME_NET any -> [76.175.26.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.175.26.109/; sid:900668668; rev:1;) alert tcp $HOME_NET any -> [173.162.75.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.162.75.25/; sid:900668661; rev:1;) alert tcp $HOME_NET any -> [68.15.62.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.15.62.180/; sid:900668652; rev:1;) alert tcp $HOME_NET any -> [209.124.214.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.124.214.139/; sid:900607122; rev:1;) alert tcp $HOME_NET any -> [173.8.189.193] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.189.193/; sid:900607111; rev:1;) alert tcp $HOME_NET any -> [174.136.14.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.136.14.100/; sid:900607112; rev:1;) alert tcp $HOME_NET any -> [70.105.162.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.105.162.74/; sid:900668150; rev:1;) alert tcp $HOME_NET any -> [183.82.101.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.101.78/; sid:900668148; rev:1;) alert tcp $HOME_NET any -> [63.142.32.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.32.242/; sid:900668141; rev:1;) alert tcp $HOME_NET any -> [31.49.122.115] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.49.122.115/; sid:900668133; rev:1;) alert tcp $HOME_NET any -> [77.146.69.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.146.69.15/; sid:900668131; rev:1;) alert tcp $HOME_NET any -> [148.74.40.144] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.74.40.144/; sid:900668129; rev:1;) alert tcp $HOME_NET any -> [2.50.140.26] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.140.26/; sid:900668128; rev:1;) alert tcp $HOME_NET any -> [66.182.222.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.182.222.60/; sid:900668127; rev:1;) alert tcp $HOME_NET any -> [108.170.112.115] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.112.115/; sid:900607109; rev:1;) alert tcp $HOME_NET any -> [46.101.31.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.31.107/; sid:900607105; rev:1;) alert tcp $HOME_NET any -> [5.42.133.223] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.42.133.223/; sid:900607104; rev:1;) alert tcp $HOME_NET any -> [70.164.197.196] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.197.196/; sid:900667551; rev:1;) alert tcp $HOME_NET any -> [84.200.106.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.200.106.120/; sid:900667549; rev:1;) alert tcp $HOME_NET any -> [24.234.77.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.77.178/; sid:900667548; rev:1;) alert tcp $HOME_NET any -> [80.44.127.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.127.202/; sid:900667545; rev:1;) alert tcp $HOME_NET any -> [81.155.182.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.155.182.229/; sid:900667543; rev:1;) alert tcp $HOME_NET any -> [172.114.69.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.69.254/; sid:900667539; rev:1;) alert tcp $HOME_NET any -> [196.210.48.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.48.196/; sid:900667535; rev:1;) alert tcp $HOME_NET any -> [98.212.214.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.212.214.3/; sid:900667531; rev:1;) alert tcp $HOME_NET any -> [162.244.224.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.224.145/; sid:900667530; rev:1;) alert tcp $HOME_NET any -> [107.185.71.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.185.71.104/; sid:900667528; rev:1;) alert tcp $HOME_NET any -> [67.245.168.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.245.168.128/; sid:900667526; rev:1;) alert tcp $HOME_NET any -> [50.192.66.205] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.66.205/; sid:900667525; rev:1;) alert tcp $HOME_NET any -> [69.11.206.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.11.206.67/; sid:900667524; rev:1;) alert tcp $HOME_NET any -> [12.184.95.42] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.184.95.42/; sid:900667523; rev:1;) alert tcp $HOME_NET any -> [24.116.195.90] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.116.195.90/; sid:900667520; rev:1;) alert tcp $HOME_NET any -> [66.110.135.44] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.110.135.44/; sid:900667519; rev:1;) alert tcp $HOME_NET any -> [45.58.199.203] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.58.199.203/; sid:900667518; rev:1;) alert tcp $HOME_NET any -> [207.47.71.46] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.47.71.46/; sid:900667516; rev:1;) alert tcp $HOME_NET any -> [199.0.205.95] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.205.95/; sid:900667515; rev:1;) alert tcp $HOME_NET any -> [96.70.33.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.70.33.201/; sid:900667514; rev:1;) alert tcp $HOME_NET any -> [208.103.119.114] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.103.119.114/; sid:900607100; rev:1;) alert tcp $HOME_NET any -> [173.92.82.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.92.82.65/; sid:900607099; rev:1;) alert tcp $HOME_NET any -> [129.89.67.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.67.210/; sid:900607097; rev:1;) alert tcp $HOME_NET any -> [5.196.73.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.73.78/; sid:900665318; rev:1;) alert tcp $HOME_NET any -> [199.119.78.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.119.78.23/; sid:900665312; rev:1;) alert tcp $HOME_NET any -> [92.15.180.151] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.15.180.151/; sid:900665305; rev:1;) alert tcp $HOME_NET any -> [188.36.125.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.36.125.146/; sid:900665293; rev:1;) alert tcp $HOME_NET any -> [2.50.151.42] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.151.42/; sid:900665291; rev:1;) alert tcp $HOME_NET any -> [187.155.148.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.148.158/; sid:900665290; rev:1;) alert tcp $HOME_NET any -> [66.25.55.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.25.55.225/; sid:900664806; rev:1;) alert tcp $HOME_NET any -> [70.31.145.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.31.145.246/; sid:900657939; rev:1;) alert tcp $HOME_NET any -> [72.175.88.95] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.175.88.95/; sid:900657931; rev:1;) alert tcp $HOME_NET any -> [122.170.0.159] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.170.0.159/; sid:900657927; rev:1;) alert tcp $HOME_NET any -> [115.93.72.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.93.72.250/; sid:900657917; rev:1;) alert tcp $HOME_NET any -> [104.137.140.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.137.140.198/; sid:900657149; rev:1;) alert tcp $HOME_NET any -> [65.40.36.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.40.36.197/; sid:900657148; rev:1;) alert tcp $HOME_NET any -> [196.210.171.86] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.171.86/; sid:900657144; rev:1;) alert tcp $HOME_NET any -> [65.100.49.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.100.49.186/; sid:900657133; rev:1;) alert tcp $HOME_NET any -> [129.89.95.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.248/; sid:900657128; rev:1;) alert tcp $HOME_NET any -> [64.109.207.28] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.109.207.28/; sid:900657126; rev:1;) alert tcp $HOME_NET any -> [73.32.49.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.32.49.247/; sid:900657123; rev:1;) alert tcp $HOME_NET any -> [108.13.189.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.13.189.138/; sid:900657122; rev:1;) alert tcp $HOME_NET any -> [197.87.130.102] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.130.102/; sid:900657119; rev:1;) alert tcp $HOME_NET any -> [142.54.70.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.54.70.66/; sid:900657118; rev:1;) alert tcp $HOME_NET any -> [206.167.43.55] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.167.43.55/; sid:900657117; rev:1;) alert tcp $HOME_NET any -> [73.55.33.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.55.33.71/; sid:900657116; rev:1;) alert tcp $HOME_NET any -> [98.198.117.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.198.117.90/; sid:900657114; rev:1;) alert tcp $HOME_NET any -> [47.180.70.59] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.70.59/; sid:900657113; rev:1;) alert tcp $HOME_NET any -> [86.98.213.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.213.136/; sid:900657112; rev:1;) alert tcp $HOME_NET any -> [93.88.93.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.88.93.100/; sid:900657110; rev:1;) alert tcp $HOME_NET any -> [189.144.50.254] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.144.50.254/; sid:900653791; rev:1;) alert tcp $HOME_NET any -> [71.13.121.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.13.121.11/; sid:900653788; rev:1;) alert tcp $HOME_NET any -> [186.46.60.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.60.164/; sid:900653781; rev:1;) alert tcp $HOME_NET any -> [190.55.30.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.30.232/; sid:900653779; rev:1;) alert tcp $HOME_NET any -> [105.247.159.136] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.159.136/; sid:900653769; rev:1;) alert tcp $HOME_NET any -> [208.104.22.125] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.104.22.125/; sid:900651456; rev:1;) alert tcp $HOME_NET any -> [63.230.124.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.230.124.249/; sid:900651449; rev:1;) alert tcp $HOME_NET any -> [162.212.100.241] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.212.100.241/; sid:900650207; rev:1;) alert tcp $HOME_NET any -> [54.38.40.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.40.148/; sid:900650205; rev:1;) alert tcp $HOME_NET any -> [24.245.228.104] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.245.228.104/; sid:900650198; rev:1;) alert tcp $HOME_NET any -> [186.71.69.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.69.226/; sid:900650189; rev:1;) alert tcp $HOME_NET any -> [172.95.38.36] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.95.38.36/; sid:900650188; rev:1;) alert tcp $HOME_NET any -> [81.154.227.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.154.227.235/; sid:900650186; rev:1;) alert tcp $HOME_NET any -> [209.15.84.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.15.84.54/; sid:900650183; rev:1;) alert tcp $HOME_NET any -> [23.25.83.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.83.53/; sid:900650178; rev:1;) alert tcp $HOME_NET any -> [173.184.118.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.184.118.165/; sid:900650176; rev:1;) alert tcp $HOME_NET any -> [5.196.73.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.73.76/; sid:900607089; rev:1;) alert tcp $HOME_NET any -> [71.30.239.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.30.239.13/; sid:900648399; rev:1;) alert tcp $HOME_NET any -> [2.90.246.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.90.246.63/; sid:900648398; rev:1;) alert tcp $HOME_NET any -> [92.99.75.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.99.75.41/; sid:900648012; rev:1;) alert tcp $HOME_NET any -> [105.226.22.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.22.180/; sid:900648004; rev:1;) alert tcp $HOME_NET any -> [209.182.122.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.182.122.217/; sid:900647995; rev:1;) alert tcp $HOME_NET any -> [70.182.9.95] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.182.9.95/; sid:900647984; rev:1;) alert tcp $HOME_NET any -> [71.42.101.146] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.101.146/; sid:900647978; rev:1;) alert tcp $HOME_NET any -> [209.89.46.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.89.46.153/; sid:900647977; rev:1;) alert tcp $HOME_NET any -> [72.64.155.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.64.155.122/; sid:900647976; rev:1;) alert tcp $HOME_NET any -> [38.29.209.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.29.209.76/; sid:900647975; rev:1;) alert tcp $HOME_NET any -> [201.229.10.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.229.10.109/; sid:900647974; rev:1;) alert tcp $HOME_NET any -> [50.27.155.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.27.155.34/; sid:900647973; rev:1;) alert tcp $HOME_NET any -> [186.71.40.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.40.201/; sid:900647616; rev:1;) alert tcp $HOME_NET any -> [201.137.176.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.176.13/; sid:900647615; rev:1;) alert tcp $HOME_NET any -> [190.0.48.254] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.48.254/; sid:900647614; rev:1;) alert tcp $HOME_NET any -> [187.220.160.82] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.220.160.82/; sid:900647611; rev:1;) alert tcp $HOME_NET any -> [94.173.89.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.173.89.227/; sid:900647609; rev:1;) alert tcp $HOME_NET any -> [87.234.207.234] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.234.207.234/; sid:900647608; rev:1;) alert tcp $HOME_NET any -> [217.13.106.203] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.13.106.203/; sid:900647607; rev:1;) alert tcp $HOME_NET any -> [210.2.86.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.86.94/; sid:900647606; rev:1;) alert tcp $HOME_NET any -> [186.129.252.244] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.129.252.244/; sid:900647605; rev:1;) alert tcp $HOME_NET any -> [189.226.41.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.41.158/; sid:900647601; rev:1;) alert tcp $HOME_NET any -> [109.155.31.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.155.31.29/; sid:900647597; rev:1;) alert tcp $HOME_NET any -> [186.4.4.146] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.4.146/; sid:900647596; rev:1;) alert tcp $HOME_NET any -> [105.225.135.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.135.84/; sid:900647595; rev:1;) alert tcp $HOME_NET any -> [192.226.247.73] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.226.247.73/; sid:900647593; rev:1;) alert tcp $HOME_NET any -> [201.227.174.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.227.174.138/; sid:900647592; rev:1;) alert tcp $HOME_NET any -> [189.131.80.59] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.80.59/; sid:900647591; rev:1;) alert tcp $HOME_NET any -> [76.68.81.69] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.68.81.69/; sid:900647590; rev:1;) alert tcp $HOME_NET any -> [189.154.99.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.99.251/; sid:900647589; rev:1;) alert tcp $HOME_NET any -> [109.170.173.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.173.61/; sid:900647588; rev:1;) alert tcp $HOME_NET any -> [174.22.174.8] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.22.174.8/; sid:900647570; rev:1;) alert tcp $HOME_NET any -> [71.174.9.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.174.9.241/; sid:900647561; rev:1;) alert tcp $HOME_NET any -> [80.89.191.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.89.191.118/; sid:900647554; rev:1;) alert tcp $HOME_NET any -> [67.175.118.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.175.118.157/; sid:900647550; rev:1;) alert tcp $HOME_NET any -> [173.63.125.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.125.138/; sid:900647549; rev:1;) alert tcp $HOME_NET any -> [50.33.142.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.33.142.65/; sid:900647548; rev:1;) alert tcp $HOME_NET any -> [24.147.23.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.147.23.121/; sid:900647546; rev:1;) alert tcp $HOME_NET any -> [106.51.49.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.49.236/; sid:900647544; rev:1;) alert tcp $HOME_NET any -> [206.19.205.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.19.205.185/; sid:900647541; rev:1;) alert tcp $HOME_NET any -> [190.143.132.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.143.132.114/; sid:900647540; rev:1;) alert tcp $HOME_NET any -> [157.185.77.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.185.77.14/; sid:900647535; rev:1;) alert tcp $HOME_NET any -> [212.42.116.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.42.116.254/; sid:900647527; rev:1;) alert tcp $HOME_NET any -> [190.131.167.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.167.194/; sid:900647524; rev:1;) alert tcp $HOME_NET any -> [50.82.91.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.82.91.22/; sid:900647519; rev:1;) alert tcp $HOME_NET any -> [73.255.170.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.255.170.101/; sid:900647517; rev:1;) alert tcp $HOME_NET any -> [2.111.242.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.111.242.27/; sid:900647516; rev:1;) alert tcp $HOME_NET any -> [73.54.96.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.54.96.183/; sid:900647514; rev:1;) alert tcp $HOME_NET any -> [187.155.3.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.3.203/; sid:900647513; rev:1;) alert tcp $HOME_NET any -> [78.100.162.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.162.222/; sid:900647512; rev:1;) alert tcp $HOME_NET any -> [204.184.25.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.164/; sid:900647511; rev:1;) alert tcp $HOME_NET any -> [186.71.61.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.91/; sid:900647509; rev:1;) alert tcp $HOME_NET any -> [181.142.74.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.142.74.233/; sid:900647508; rev:1;) alert tcp $HOME_NET any -> [173.175.250.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.175.250.244/; sid:900647507; rev:1;) alert tcp $HOME_NET any -> [211.115.111.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.115.111.19/; sid:900647505; rev:1;) alert tcp $HOME_NET any -> [71.8.233.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.8.233.246/; sid:900647502; rev:1;) alert tcp $HOME_NET any -> [47.49.12.98] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.49.12.98/; sid:900647501; rev:1;) alert tcp $HOME_NET any -> [108.191.59.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.191.59.73/; sid:900647500; rev:1;) alert tcp $HOME_NET any -> [70.184.197.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.197.174/; sid:900647499; rev:1;) alert tcp $HOME_NET any -> [186.71.61.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.93/; sid:900647497; rev:1;) alert tcp $HOME_NET any -> [47.186.71.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.186.71.56/; sid:900647496; rev:1;) alert tcp $HOME_NET any -> [187.250.146.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.146.185/; sid:900647493; rev:1;) alert tcp $HOME_NET any -> [75.134.186.41] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.134.186.41/; sid:900647491; rev:1;) alert tcp $HOME_NET any -> [14.1.39.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.1.39.3/; sid:900647489; rev:1;) alert tcp $HOME_NET any -> [98.102.111.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.102.111.70/; sid:900647488; rev:1;) alert tcp $HOME_NET any -> [47.16.187.196] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.16.187.196/; sid:900647487; rev:1;) alert tcp $HOME_NET any -> [216.162.104.123] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.162.104.123/; sid:900647485; rev:1;) alert tcp $HOME_NET any -> [94.205.172.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.205.172.98/; sid:900647484; rev:1;) alert tcp $HOME_NET any -> [100.16.243.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.16.243.115/; sid:900647483; rev:1;) alert tcp $HOME_NET any -> [97.68.6.155] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.68.6.155/; sid:900647482; rev:1;) alert tcp $HOME_NET any -> [67.244.5.26] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.244.5.26/; sid:900647480; rev:1;) alert tcp $HOME_NET any -> [23.25.247.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.25.247.205/; sid:900647479; rev:1;) alert tcp $HOME_NET any -> [205.144.212.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.144.212.191/; sid:900647478; rev:1;) alert tcp $HOME_NET any -> [121.221.143.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.221.143.34/; sid:900647474; rev:1;) alert tcp $HOME_NET any -> [71.178.167.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.178.167.218/; sid:900647473; rev:1;) alert tcp $HOME_NET any -> [65.190.37.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.190.37.88/; sid:900647472; rev:1;) alert tcp $HOME_NET any -> [86.98.19.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.19.67/; sid:900647471; rev:1;) alert tcp $HOME_NET any -> [71.12.111.50] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.12.111.50/; sid:900647470; rev:1;) alert tcp $HOME_NET any -> [104.219.132.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.219.132.28/; sid:900647469; rev:1;) alert tcp $HOME_NET any -> [76.184.189.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.184.189.139/; sid:900647468; rev:1;) alert tcp $HOME_NET any -> [50.196.17.73] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.196.17.73/; sid:900647467; rev:1;) alert tcp $HOME_NET any -> [67.248.193.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.193.201/; sid:900647466; rev:1;) alert tcp $HOME_NET any -> [72.77.1.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.77.1.8/; sid:900607085; rev:1;) alert tcp $HOME_NET any -> [115.74.210.59] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.74.210.59/; sid:900647419; rev:1;) alert tcp $HOME_NET any -> [76.80.69.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.80.69.186/; sid:900647414; rev:1;) alert tcp $HOME_NET any -> [70.15.123.149] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.123.149/; sid:900647412; rev:1;) alert tcp $HOME_NET any -> [45.50.46.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.50.46.248/; sid:900647407; rev:1;) alert tcp $HOME_NET any -> [41.220.122.154] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.122.154/; sid:900647397; rev:1;) alert tcp $HOME_NET any -> [98.16.151.239] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.16.151.239/; sid:900647395; rev:1;) alert tcp $HOME_NET any -> [100.35.58.232] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.58.232/; sid:900647391; rev:1;) alert tcp $HOME_NET any -> [70.117.34.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.117.34.154/; sid:900647386; rev:1;) alert tcp $HOME_NET any -> [104.166.245.140] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.166.245.140/; sid:900647385; rev:1;) alert tcp $HOME_NET any -> [24.167.25.9] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.167.25.9/; sid:900647384; rev:1;) alert tcp $HOME_NET any -> [73.49.109.200] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.49.109.200/; sid:900647382; rev:1;) alert tcp $HOME_NET any -> [65.101.77.240] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.101.77.240/; sid:900647381; rev:1;) alert tcp $HOME_NET any -> [98.220.219.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.220.219.68/; sid:900647380; rev:1;) alert tcp $HOME_NET any -> [93.88.93.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.88.93.99/; sid:900647379; rev:1;) alert tcp $HOME_NET any -> [203.94.66.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.94.66.109/; sid:900647378; rev:1;) alert tcp $HOME_NET any -> [202.65.172.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.65.172.254/; sid:900607075; rev:1;) alert tcp $HOME_NET any -> [187.243.199.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.199.54/; sid:900607073; rev:1;) alert tcp $HOME_NET any -> [104.236.206.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.206.44/; sid:900607072; rev:1;) alert tcp $HOME_NET any -> [72.46.213.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.46.213.222/; sid:900647376; rev:1;) alert tcp $HOME_NET any -> [199.0.205.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.205.131/; sid:900647374; rev:1;) alert tcp $HOME_NET any -> [189.194.251.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.251.114/; sid:900647371; rev:1;) alert tcp $HOME_NET any -> [95.141.175.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.141.175.240/; sid:900647370; rev:1;) alert tcp $HOME_NET any -> [174.106.101.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.101.58/; sid:900647369; rev:1;) alert tcp $HOME_NET any -> [68.132.248.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.132.248.98/; sid:900647368; rev:1;) alert tcp $HOME_NET any -> [68.117.154.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.117.154.235/; sid:900647365; rev:1;) alert tcp $HOME_NET any -> [67.53.103.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.53.103.202/; sid:900647362; rev:1;) alert tcp $HOME_NET any -> [142.255.116.215] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.255.116.215/; sid:900647360; rev:1;) alert tcp $HOME_NET any -> [173.175.154.68] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.175.154.68/; sid:900647358; rev:1;) alert tcp $HOME_NET any -> [73.52.173.117] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.52.173.117/; sid:900647355; rev:1;) alert tcp $HOME_NET any -> [70.31.145.0] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.31.145.0/; sid:900647354; rev:1;) alert tcp $HOME_NET any -> [189.190.199.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.199.2/; sid:900647353; rev:1;) alert tcp $HOME_NET any -> [172.114.12.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.12.186/; sid:900647349; rev:1;) alert tcp $HOME_NET any -> [68.97.124.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.97.124.74/; sid:900647348; rev:1;) alert tcp $HOME_NET any -> [70.124.45.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.124.45.152/; sid:900647346; rev:1;) alert tcp $HOME_NET any -> [199.119.78.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.119.78.19/; sid:900647344; rev:1;) alert tcp $HOME_NET any -> [212.129.56.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.56.179/; sid:900647343; rev:1;) alert tcp $HOME_NET any -> [50.244.180.57] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.244.180.57/; sid:900647342; rev:1;) alert tcp $HOME_NET any -> [174.113.155.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.113.155.237/; sid:900647341; rev:1;) alert tcp $HOME_NET any -> [66.158.158.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.158.158.93/; sid:900647340; rev:1;) alert tcp $HOME_NET any -> [192.119.217.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.119.217.134/; sid:900647339; rev:1;) alert tcp $HOME_NET any -> [187.167.68.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.68.2/; sid:900647338; rev:1;) alert tcp $HOME_NET any -> [71.222.28.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.222.28.66/; sid:900647337; rev:1;) alert tcp $HOME_NET any -> [75.142.183.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.142.183.116/; sid:900647336; rev:1;) alert tcp $HOME_NET any -> [24.142.228.30] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.142.228.30/; sid:900607068; rev:1;) alert tcp $HOME_NET any -> [72.64.140.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.64.140.179/; sid:900607069; rev:1;) alert tcp $HOME_NET any -> [5.32.119.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.119.58/; sid:900647334; rev:1;) alert tcp $HOME_NET any -> [208.97.32.81] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.97.32.81/; sid:900647331; rev:1;) alert tcp $HOME_NET any -> [190.131.6.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.6.100/; sid:900647330; rev:1;) alert tcp $HOME_NET any -> [173.195.17.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.195.17.3/; sid:900647329; rev:1;) alert tcp $HOME_NET any -> [202.141.245.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.141.245.30/; sid:900647328; rev:1;) alert tcp $HOME_NET any -> [24.163.83.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.163.83.34/; sid:900647327; rev:1;) alert tcp $HOME_NET any -> [80.69.56.5] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.69.56.5/; sid:900647325; rev:1;) alert tcp $HOME_NET any -> [91.74.59.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.59.162/; sid:900647324; rev:1;) alert tcp $HOME_NET any -> [173.197.222.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.197.222.214/; sid:900647319; rev:1;) alert tcp $HOME_NET any -> [73.70.43.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.70.43.159/; sid:900647318; rev:1;) alert tcp $HOME_NET any -> [129.89.95.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.236/; sid:900647313; rev:1;) alert tcp $HOME_NET any -> [24.224.45.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.224.45.166/; sid:900647311; rev:1;) alert tcp $HOME_NET any -> [98.190.202.177] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.190.202.177/; sid:900647307; rev:1;) alert tcp $HOME_NET any -> [75.80.225.46] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.80.225.46/; sid:900647306; rev:1;) alert tcp $HOME_NET any -> [111.93.226.226] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.93.226.226/; sid:900647305; rev:1;) alert tcp $HOME_NET any -> [82.28.208.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.28.208.186/; sid:900647304; rev:1;) alert tcp $HOME_NET any -> [100.38.109.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.38.109.244/; sid:900647303; rev:1;) alert tcp $HOME_NET any -> [118.100.82.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.100.82.121/; sid:900647302; rev:1;) alert tcp $HOME_NET any -> [212.35.73.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.35.73.58/; sid:900647301; rev:1;) alert tcp $HOME_NET any -> [96.3.21.210] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.3.21.210/; sid:900647300; rev:1;) alert tcp $HOME_NET any -> [54.37.131.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.131.63/; sid:900647299; rev:1;) alert tcp $HOME_NET any -> [218.90.156.188] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.90.156.188/; sid:900647298; rev:1;) alert tcp $HOME_NET any -> [54.39.58.168] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.39.58.168/; sid:900647297; rev:1;) alert tcp $HOME_NET any -> [103.59.201.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.59.201.76/; sid:900647296; rev:1;) alert tcp $HOME_NET any -> [109.75.36.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.75.36.105/; sid:900647295; rev:1;) alert tcp $HOME_NET any -> [129.89.95.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.186/; sid:900647294; rev:1;) alert tcp $HOME_NET any -> [198.24.120.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.24.120.198/; sid:900647293; rev:1;) alert tcp $HOME_NET any -> [181.129.60.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.60.162/; sid:900607064; rev:1;) alert tcp $HOME_NET any -> [192.241.213.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.213.184/; sid:900607050; rev:1;) alert tcp $HOME_NET any -> [198.0.2.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.0.2.222/; sid:900607048; rev:1;) alert tcp $HOME_NET any -> [206.188.160.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.188.160.216/; sid:900607047; rev:1;) alert tcp $HOME_NET any -> [191.98.2.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.2.121/; sid:900607046; rev:1;) alert tcp $HOME_NET any -> [32.215.247.229] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.215.247.229/; sid:900607042; rev:1;) alert tcp $HOME_NET any -> [41.164.246.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.164.246.202/; sid:900607041; rev:1;) alert tcp $HOME_NET any -> [67.162.60.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.162.60.50/; sid:900607045; rev:1;) alert tcp $HOME_NET any -> [74.212.243.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.212.243.26/; sid:900607039; rev:1;) alert tcp $HOME_NET any -> [178.18.125.1] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.18.125.1/; sid:900607049; rev:1;) alert tcp $HOME_NET any -> [75.66.253.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.66.253.46/; sid:900607032; rev:1;) alert tcp $HOME_NET any -> [71.202.205.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.202.205.235/; sid:900607031; rev:1;) alert tcp $HOME_NET any -> [47.201.208.154] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.201.208.154/; sid:900647103; rev:1;) alert tcp $HOME_NET any -> [190.147.41.94] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.41.94/; sid:900647100; rev:1;) alert tcp $HOME_NET any -> [79.78.160.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.78.160.225/; sid:900647099; rev:1;) alert tcp $HOME_NET any -> [71.71.3.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.71.3.84/; sid:900647098; rev:1;) alert tcp $HOME_NET any -> [199.120.92.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.120.92.245/; sid:900647085; rev:1;) alert tcp $HOME_NET any -> [71.165.252.144] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.165.252.144/; sid:900647083; rev:1;) alert tcp $HOME_NET any -> [73.178.169.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.178.169.180/; sid:900647082; rev:1;) alert tcp $HOME_NET any -> [12.238.114.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.238.114.130/; sid:900647081; rev:1;) alert tcp $HOME_NET any -> [70.183.113.54] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.113.54/; sid:900647078; rev:1;) alert tcp $HOME_NET any -> [129.89.95.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.241/; sid:900647077; rev:1;) alert tcp $HOME_NET any -> [186.85.246.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.246.153/; sid:900647076; rev:1;) alert tcp $HOME_NET any -> [73.27.38.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.27.38.128/; sid:900647075; rev:1;) alert tcp $HOME_NET any -> [47.150.11.161] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.150.11.161/; sid:900647074; rev:1;) alert tcp $HOME_NET any -> [96.95.159.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.95.159.237/; sid:900647073; rev:1;) alert tcp $HOME_NET any -> [71.8.1.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.8.1.188/; sid:900647072; rev:1;) alert tcp $HOME_NET any -> [71.177.184.128] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.177.184.128/; sid:900647071; rev:1;) alert tcp $HOME_NET any -> [73.183.145.218] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.183.145.218/; sid:900647016; rev:1;) alert tcp $HOME_NET any -> [65.175.135.119] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.175.135.119/; sid:900647001; rev:1;) alert tcp $HOME_NET any -> [71.52.70.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.52.70.233/; sid:900646999; rev:1;) alert tcp $HOME_NET any -> [97.89.253.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.89.253.146/; sid:900646994; rev:1;) alert tcp $HOME_NET any -> [129.89.95.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.199/; sid:900646993; rev:1;) alert tcp $HOME_NET any -> [129.89.95.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.89.95.110/; sid:900646992; rev:1;) alert tcp $HOME_NET any -> [108.246.196.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.246.196.73/; sid:900646991; rev:1;) alert tcp $HOME_NET any -> [203.45.160.97] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.45.160.97/; sid:900646892; rev:1;) alert tcp $HOME_NET any -> [201.103.149.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.149.80/; sid:900646891; rev:1;) alert tcp $HOME_NET any -> [80.11.163.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.163.139/; sid:900646889; rev:1;) alert tcp $HOME_NET any -> [104.231.112.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.231.112.63/; sid:900646887; rev:1;) alert tcp $HOME_NET any -> [86.191.189.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.191.189.233/; sid:900646882; rev:1;) alert tcp $HOME_NET any -> [71.214.17.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.214.17.130/; sid:900646881; rev:1;) alert tcp $HOME_NET any -> [69.203.91.33] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.203.91.33/; sid:900646880; rev:1;) alert tcp $HOME_NET any -> [97.105.96.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.105.96.246/; sid:900646879; rev:1;) alert tcp $HOME_NET any -> [70.25.63.178] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.25.63.178/; sid:900646878; rev:1;) alert tcp $HOME_NET any -> [142.44.244.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.244.100/; sid:900646874; rev:1;) alert tcp $HOME_NET any -> [73.4.58.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.4.58.41/; sid:900646873; rev:1;) alert tcp $HOME_NET any -> [213.112.99.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.112.99.246/; sid:900646872; rev:1;) alert tcp $HOME_NET any -> [70.183.177.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.177.22/; sid:900646871; rev:1;) alert tcp $HOME_NET any -> [197.249.20.80] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.249.20.80/; sid:900646869; rev:1;) alert tcp $HOME_NET any -> [75.71.154.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.71.154.27/; sid:900646868; rev:1;) alert tcp $HOME_NET any -> [187.155.30.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.30.88/; sid:900646867; rev:1;) alert tcp $HOME_NET any -> [98.163.53.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.163.53.175/; sid:900646866; rev:1;) alert tcp $HOME_NET any -> [72.172.196.22] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.172.196.22/; sid:900646865; rev:1;) alert tcp $HOME_NET any -> [67.68.235.25] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.68.235.25/; sid:900646807; rev:1;) alert tcp $HOME_NET any -> [213.14.153.124] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.153.124/; sid:900646304; rev:1;) alert tcp $HOME_NET any -> [210.2.132.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.2.132.43/; sid:900646300; rev:1;) alert tcp $HOME_NET any -> [189.157.20.25] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.20.25/; sid:900646286; rev:1;) alert tcp $HOME_NET any -> [189.207.27.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.207.27.120/; sid:900646284; rev:1;) alert tcp $HOME_NET any -> [149.28.245.24] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.28.245.24/; sid:900646279; rev:1;) alert tcp $HOME_NET any -> [72.23.181.97] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.23.181.97/; sid:900646277; rev:1;) alert tcp $HOME_NET any -> [87.103.114.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.103.114.98/; sid:900646267; rev:1;) alert tcp $HOME_NET any -> [50.92.101.60] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.92.101.60/; sid:900646248; rev:1;) alert tcp $HOME_NET any -> [118.190.60.27] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.190.60.27/; sid:900646247; rev:1;) alert tcp $HOME_NET any -> [123.108.230.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.108.230.202/; sid:900646244; rev:1;) alert tcp $HOME_NET any -> [187.221.120.238] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.221.120.238/; sid:900646243; rev:1;) alert tcp $HOME_NET any -> [24.71.172.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.71.172.74/; sid:900646242; rev:1;) alert tcp $HOME_NET any -> [88.249.25.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.25.67/; sid:900633553; rev:1;) alert tcp $HOME_NET any -> [70.124.102.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.124.102.43/; sid:900633551; rev:1;) alert tcp $HOME_NET any -> [124.123.42.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.123.42.93/; sid:900632032; rev:1;) alert tcp $HOME_NET any -> [183.82.115.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.115.87/; sid:900632012; rev:1;) alert tcp $HOME_NET any -> [82.229.236.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.229.236.82/; sid:900632010; rev:1;) alert tcp $HOME_NET any -> [117.200.99.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.200.99.180/; sid:900631912; rev:1;) alert tcp $HOME_NET any -> [197.89.193.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.193.54/; sid:900631911; rev:1;) alert tcp $HOME_NET any -> [169.0.95.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.95.123/; sid:900631184; rev:1;) alert tcp $HOME_NET any -> [84.223.69.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.223.69.136/; sid:900631181; rev:1;) alert tcp $HOME_NET any -> [24.80.108.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.80.108.69/; sid:900631175; rev:1;) alert tcp $HOME_NET any -> [145.100.122.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.100.122.6/; sid:900631172; rev:1;) alert tcp $HOME_NET any -> [86.209.63.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.209.63.32/; sid:900631169; rev:1;) alert tcp $HOME_NET any -> [178.42.242.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.42.242.48/; sid:900631161; rev:1;) alert tcp $HOME_NET any -> [94.214.32.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.214.32.123/; sid:900631159; rev:1;) alert tcp $HOME_NET any -> [169.0.251.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.251.156/; sid:900631111; rev:1;) alert tcp $HOME_NET any -> [83.6.151.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.6.151.210/; sid:900631107; rev:1;) alert tcp $HOME_NET any -> [82.178.100.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.178.100.118/; sid:900630841; rev:1;) alert tcp $HOME_NET any -> [124.120.73.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.120.73.43/; sid:900630838; rev:1;) alert tcp $HOME_NET any -> [117.193.151.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.193.151.136/; sid:900630831; rev:1;) alert tcp $HOME_NET any -> [59.100.1.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.100.1.89/; sid:900630830; rev:1;) alert tcp $HOME_NET any -> [88.249.182.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.182.27/; sid:900630829; rev:1;) alert tcp $HOME_NET any -> [87.191.131.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.191.131.208/; sid:900629092; rev:1;) alert tcp $HOME_NET any -> [181.41.88.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.41.88.6/; sid:900629087; rev:1;) alert tcp $HOME_NET any -> [187.162.170.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.170.206/; sid:900628362; rev:1;) alert tcp $HOME_NET any -> [115.160.247.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.160.247.148/; sid:900628360; rev:1;) alert tcp $HOME_NET any -> [190.213.120.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.213.120.246/; sid:900628358; rev:1;) alert tcp $HOME_NET any -> [189.199.94.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.199.94.178/; sid:900628035; rev:1;) alert tcp $HOME_NET any -> [217.160.20.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.20.223/; sid:900628023; rev:1;) alert tcp $HOME_NET any -> [219.91.180.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.91.180.69/; sid:900626954; rev:1;) alert tcp $HOME_NET any -> [144.217.246.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.246.53/; sid:900626944; rev:1;) alert tcp $HOME_NET any -> [46.93.105.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.93.105.101/; sid:900626943; rev:1;) alert tcp $HOME_NET any -> [64.88.221.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.88.221.110/; sid:900626925; rev:1;) alert tcp $HOME_NET any -> [64.109.207.1] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.109.207.1/; sid:900626512; rev:1;) alert tcp $HOME_NET any -> [178.42.34.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.42.34.226/; sid:900626149; rev:1;) alert tcp $HOME_NET any -> [189.152.34.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.152.34.255/; sid:900626136; rev:1;) alert tcp $HOME_NET any -> [92.129.224.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.129.224.177/; sid:900626135; rev:1;) alert tcp $HOME_NET any -> [66.228.38.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.38.180/; sid:900626013; rev:1;) alert tcp $HOME_NET any -> [188.246.6.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.246.6.94/; sid:900626011; rev:1;) alert tcp $HOME_NET any -> [169.0.65.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.65.187/; sid:900626005; rev:1;) alert tcp $HOME_NET any -> [83.6.156.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.6.156.43/; sid:900626004; rev:1;) alert tcp $HOME_NET any -> [92.129.101.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.129.101.150/; sid:900625998; rev:1;) alert tcp $HOME_NET any -> [122.165.201.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.165.201.64/; sid:900625996; rev:1;) alert tcp $HOME_NET any -> [152.169.230.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.230.60/; sid:900625993; rev:1;) alert tcp $HOME_NET any -> [190.103.30.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.30.118/; sid:900625992; rev:1;) alert tcp $HOME_NET any -> [108.175.236.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.175.236.246/; sid:900625989; rev:1;) alert tcp $HOME_NET any -> [132.204.161.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.204.161.158/; sid:900625695; rev:1;) alert tcp $HOME_NET any -> [89.81.202.64] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.81.202.64/; sid:900625694; rev:1;) alert tcp $HOME_NET any -> [67.187.20.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.187.20.176/; sid:900625580; rev:1;) alert tcp $HOME_NET any -> [37.210.210.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.210.225/; sid:900625579; rev:1;) alert tcp $HOME_NET any -> [71.246.52.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.246.52.87/; sid:900625576; rev:1;) alert tcp $HOME_NET any -> [60.243.114.122] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.243.114.122/; sid:900625572; rev:1;) alert tcp $HOME_NET any -> [166.130.140.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.130.140.213/; sid:900625571; rev:1;) alert tcp $HOME_NET any -> [190.99.34.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.99.34.60/; sid:900625566; rev:1;) alert tcp $HOME_NET any -> [62.113.223.234] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.113.223.234/; sid:900625560; rev:1;) alert tcp $HOME_NET any -> [37.59.51.53] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.51.53/; sid:900625555; rev:1;) alert tcp $HOME_NET any -> [173.175.79.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.175.79.89/; sid:900625551; rev:1;) alert tcp $HOME_NET any -> [190.163.36.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.163.36.169/; sid:900625550; rev:1;) alert tcp $HOME_NET any -> [190.146.128.35] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.128.35/; sid:900625538; rev:1;) alert tcp $HOME_NET any -> [67.198.63.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.198.63.157/; sid:900625537; rev:1;) alert tcp $HOME_NET any -> [187.192.180.144] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.180.144/; sid:900625529; rev:1;) alert tcp $HOME_NET any -> [200.124.245.125] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.245.125/; sid:900625528; rev:1;) alert tcp $HOME_NET any -> [190.130.236.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.130.236.183/; sid:900625526; rev:1;) alert tcp $HOME_NET any -> [197.82.220.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.82.220.82/; sid:900623618; rev:1;) alert tcp $HOME_NET any -> [77.154.197.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.154.197.178/; sid:900623597; rev:1;) alert tcp $HOME_NET any -> [217.8.51.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.8.51.144/; sid:900623596; rev:1;) alert tcp $HOME_NET any -> [183.88.1.238] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.88.1.238/; sid:900623591; rev:1;) alert tcp $HOME_NET any -> [96.242.234.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.242.234.105/; sid:900623587; rev:1;) alert tcp $HOME_NET any -> [91.134.186.49] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.134.186.49/; sid:900622820; rev:1;) alert tcp $HOME_NET any -> [77.72.254.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.72.254.210/; sid:900622809; rev:1;) alert tcp $HOME_NET any -> [67.176.238.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.176.238.209/; sid:900622808; rev:1;) alert tcp $HOME_NET any -> [207.68.223.75] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.68.223.75/; sid:900622807; rev:1;) alert tcp $HOME_NET any -> [66.61.15.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.61.15.55/; sid:900622806; rev:1;) alert tcp $HOME_NET any -> [24.248.225.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.248.225.107/; sid:900622805; rev:1;) alert tcp $HOME_NET any -> [65.34.131.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.34.131.135/; sid:900622804; rev:1;) alert tcp $HOME_NET any -> [98.172.71.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.172.71.14/; sid:900622803; rev:1;) alert tcp $HOME_NET any -> [179.52.236.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.236.96/; sid:900622802; rev:1;) alert tcp $HOME_NET any -> [74.139.102.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.139.102.161/; sid:900622800; rev:1;) alert tcp $HOME_NET any -> [98.191.195.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.191.195.92/; sid:900622799; rev:1;) alert tcp $HOME_NET any -> [158.181.186.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.181.186.171/; sid:900622797; rev:1;) alert tcp $HOME_NET any -> [199.189.228.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.189.228.60/; sid:900622796; rev:1;) alert tcp $HOME_NET any -> [72.69.87.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.69.87.90/; sid:900622795; rev:1;) alert tcp $HOME_NET any -> [50.84.95.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.84.95.206/; sid:900622794; rev:1;) alert tcp $HOME_NET any -> [78.246.224.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.246.224.252/; sid:900622484; rev:1;) alert tcp $HOME_NET any -> [206.248.60.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.248.60.218/; sid:900622483; rev:1;) alert tcp $HOME_NET any -> [120.63.205.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.63.205.18/; sid:900622476; rev:1;) alert tcp $HOME_NET any -> [66.220.110.56] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.220.110.56/; sid:900622474; rev:1;) alert tcp $HOME_NET any -> [142.169.147.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.169.147.106/; sid:900622465; rev:1;) alert tcp $HOME_NET any -> [95.154.148.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.154.148.38/; sid:900622461; rev:1;) alert tcp $HOME_NET any -> [89.217.155.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.217.155.84/; sid:900622460; rev:1;) alert tcp $HOME_NET any -> [91.205.122.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.122.42/; sid:900622458; rev:1;) alert tcp $HOME_NET any -> [24.43.62.131] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.43.62.131/; sid:900622457; rev:1;) alert tcp $HOME_NET any -> [121.135.19.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.135.19.214/; sid:900622456; rev:1;) alert tcp $HOME_NET any -> [179.42.195.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.42.195.195/; sid:900622453; rev:1;) alert tcp $HOME_NET any -> [65.41.38.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.41.38.155/; sid:900622448; rev:1;) alert tcp $HOME_NET any -> [77.157.40.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.157.40.119/; sid:900622447; rev:1;) alert tcp $HOME_NET any -> [46.4.251.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.251.184/; sid:900619575; rev:1;) alert tcp $HOME_NET any -> [79.84.13.156] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.84.13.156/; sid:900617810; rev:1;) alert tcp $HOME_NET any -> [92.129.84.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.129.84.121/; sid:900617809; rev:1;) alert tcp $HOME_NET any -> [125.99.157.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.157.3/; sid:900617805; rev:1;) alert tcp $HOME_NET any -> [165.255.91.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.91.69/; sid:900617799; rev:1;) alert tcp $HOME_NET any -> [217.160.93.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.93.187/; sid:900616302; rev:1;) alert tcp $HOME_NET any -> [125.129.212.89] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.129.212.89/; sid:900616301; rev:1;) alert tcp $HOME_NET any -> [169.0.250.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.250.138/; sid:900616300; rev:1;) alert tcp $HOME_NET any -> [178.42.196.228] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.42.196.228/; sid:900616298; rev:1;) alert tcp $HOME_NET any -> [179.52.46.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.52.46.11/; sid:900616297; rev:1;) alert tcp $HOME_NET any -> [105.228.39.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.39.7/; sid:900616295; rev:1;) alert tcp $HOME_NET any -> [222.112.169.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.112.169.133/; sid:900616293; rev:1;) alert tcp $HOME_NET any -> [86.209.63.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.209.63.166/; sid:900616292; rev:1;) alert tcp $HOME_NET any -> [62.159.33.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.159.33.122/; sid:900616290; rev:1;) alert tcp $HOME_NET any -> [199.167.209.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.167.209.11/; sid:900616288; rev:1;) alert tcp $HOME_NET any -> [119.18.8.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.18.8.51/; sid:900616287; rev:1;) alert tcp $HOME_NET any -> [65.25.17.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.25.17.131/; sid:900616284; rev:1;) alert tcp $HOME_NET any -> [72.49.55.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.49.55.42/; sid:900616283; rev:1;) alert tcp $HOME_NET any -> [50.37.10.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.37.10.78/; sid:900616282; rev:1;) alert tcp $HOME_NET any -> [70.167.17.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.167.17.7/; sid:900616281; rev:1;) alert tcp $HOME_NET any -> [136.243.197.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.197.230/; sid:900616280; rev:1;) alert tcp $HOME_NET any -> [81.21.67.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.67.85/; sid:900616279; rev:1;) alert tcp $HOME_NET any -> [37.120.170.231] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.170.231/; sid:900616278; rev:1;) alert tcp $HOME_NET any -> [106.187.91.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.187.91.235/; sid:900615913; rev:1;) alert tcp $HOME_NET any -> [209.64.82.90] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.64.82.90/; sid:900611649; rev:1;) alert tcp $HOME_NET any -> [197.89.76.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.76.181/; sid:900611589; rev:1;) alert tcp $HOME_NET any -> [70.169.22.188] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.169.22.188/; sid:900611152; rev:1;) alert tcp $HOME_NET any -> [74.195.13.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.195.13.150/; sid:900610582; rev:1;) alert tcp $HOME_NET any -> [128.100.126.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.100.126.113/; sid:900610497; rev:1;) alert tcp $HOME_NET any -> [72.45.212.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.45.212.62/; sid:900610494; rev:1;) alert tcp $HOME_NET any -> [164.160.161.118] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.160.161.118/; sid:900610488; rev:1;) alert tcp $HOME_NET any -> [50.28.34.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.28.34.12/; sid:900610474; rev:1;) alert tcp $HOME_NET any -> [72.52.216.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.52.216.110/; sid:900610473; rev:1;) alert tcp $HOME_NET any -> [80.68.90.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.68.90.117/; sid:900610472; rev:1;) alert tcp $HOME_NET any -> [188.226.223.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.226.223.31/; sid:900610471; rev:1;) alert tcp $HOME_NET any -> [64.182.125.5] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.182.125.5/; sid:900610470; rev:1;) alert tcp $HOME_NET any -> [107.189.165.5] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.189.165.5/; sid:900610469; rev:1;) alert tcp $HOME_NET any -> [205.178.137.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.178.137.221/; sid:900610467; rev:1;) alert tcp $HOME_NET any -> [185.25.184.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.25.184.214/; sid:900610466; rev:1;) alert tcp $HOME_NET any -> [37.139.8.197] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.8.197/; sid:900610465; rev:1;) alert tcp $HOME_NET any -> [174.140.167.85] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.140.167.85/; sid:900610462; rev:1;) alert tcp $HOME_NET any -> [220.227.247.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.227.247.45/; sid:900610459; rev:1;) alert tcp $HOME_NET any -> [186.177.2.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.2.236/; sid:900610458; rev:1;) alert tcp $HOME_NET any -> [220.118.213.112] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.118.213.112/; sid:900610457; rev:1;) alert tcp $HOME_NET any -> [192.227.112.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.112.57/; sid:900610456; rev:1;) alert tcp $HOME_NET any -> [176.63.175.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.175.211/; sid:900610455; rev:1;) alert tcp $HOME_NET any -> [70.183.98.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.183.98.85/; sid:900610454; rev:1;) alert tcp $HOME_NET any -> [24.197.75.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.197.75.204/; sid:900610453; rev:1;) alert tcp $HOME_NET any -> [67.20.224.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.20.224.109/; sid:900610452; rev:1;) alert tcp $HOME_NET any -> [50.84.214.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.84.214.74/; sid:900610451; rev:1;) alert tcp $HOME_NET any -> [66.241.172.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.241.172.43/; sid:900610450; rev:1;) alert tcp $HOME_NET any -> [172.95.69.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.95.69.60/; sid:900610449; rev:1;) alert tcp $HOME_NET any -> [92.129.229.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.129.229.225/; sid:900610448; rev:1;) alert tcp $HOME_NET any -> [50.1.34.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.1.34.100/; sid:900610447; rev:1;) alert tcp $HOME_NET any -> [5.36.225.194] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.36.225.194/; sid:900610446; rev:1;) alert tcp $HOME_NET any -> [69.129.91.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.129.91.38/; sid:900610445; rev:1;) alert tcp $HOME_NET any -> [200.113.184.198] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.184.198/; sid:900610444; rev:1;) alert tcp $HOME_NET any -> [173.78.254.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.78.254.86/; sid:900610443; rev:1;) alert tcp $HOME_NET any -> [69.41.8.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.41.8.88/; sid:900610442; rev:1;) alert tcp $HOME_NET any -> [104.157.254.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.157.254.106/; sid:900610441; rev:1;) alert tcp $HOME_NET any -> [5.197.15.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.197.15.19/; sid:900610440; rev:1;) alert tcp $HOME_NET any -> [156.212.247.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.212.247.178/; sid:900610439; rev:1;) alert tcp $HOME_NET any -> [66.42.182.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.42.182.18/; sid:900610438; rev:1;) alert tcp $HOME_NET any -> [146.88.218.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.88.218.179/; sid:900610437; rev:1;) alert tcp $HOME_NET any -> [208.102.59.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.102.59.69/; sid:900610436; rev:1;) alert tcp $HOME_NET any -> [75.128.208.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.128.208.218/; sid:900610435; rev:1;) alert tcp $HOME_NET any -> [173.11.129.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.11.129.38/; sid:900610434; rev:1;) alert tcp $HOME_NET any -> [165.255.190.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.190.3/; sid:900610424; rev:1;) alert tcp $HOME_NET any -> [75.165.194.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.165.194.138/; sid:900610408; rev:1;) alert tcp $HOME_NET any -> [178.62.103.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.103.94/; sid:900610329; rev:1;) alert tcp $HOME_NET any -> [66.76.26.33] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.76.26.33/; sid:900610310; rev:1;) alert tcp $HOME_NET any -> [190.245.255.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.255.136/; sid:900610305; rev:1;) alert tcp $HOME_NET any -> [75.152.52.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.152.52.109/; sid:900610300; rev:1;) alert tcp $HOME_NET any -> [189.244.231.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.231.189/; sid:900610290; rev:1;) alert tcp $HOME_NET any -> [187.188.50.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.50.181/; sid:900610283; rev:1;) alert tcp $HOME_NET any -> [197.245.46.11] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.46.11/; sid:900610266; rev:1;) alert tcp $HOME_NET any -> [98.100.177.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.100.177.74/; sid:900609702; rev:1;) alert tcp $HOME_NET any -> [24.217.117.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.217.117.217/; sid:900609701; rev:1;) alert tcp $HOME_NET any -> [50.73.183.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.73.183.69/; sid:900609700; rev:1;) alert tcp $HOME_NET any -> [5.9.252.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.252.80/; sid:900609699; rev:1;) alert tcp $HOME_NET any -> [23.239.2.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.2.11/; sid:900609697; rev:1;) alert tcp $HOME_NET any -> [216.105.170.139] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.105.170.139/; sid:900609695; rev:1;) alert tcp $HOME_NET any -> [197.249.165.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.249.165.27/; sid:900609694; rev:1;) alert tcp $HOME_NET any -> [92.236.135.55] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.236.135.55/; sid:900609693; rev:1;) alert tcp $HOME_NET any -> [50.31.146.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.146.101/; sid:900609692; rev:1;) alert tcp $HOME_NET any -> [46.38.238.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.38.238.8/; sid:900609691; rev:1;) alert tcp $HOME_NET any -> [217.91.43.150] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.91.43.150/; sid:900609690; rev:1;) alert tcp $HOME_NET any -> [191.242.178.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.242.178.46/; sid:900609689; rev:1;) alert tcp $HOME_NET any -> [46.4.100.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.4.100.178/; sid:900609687; rev:1;) alert tcp $HOME_NET any -> [115.78.95.230] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.78.95.230/; sid:900609684; rev:1;) alert tcp $HOME_NET any -> [87.248.77.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.248.77.159/; sid:900609682; rev:1;) alert tcp $HOME_NET any -> [177.230.13.59] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.13.59/; sid:900609680; rev:1;) alert tcp $HOME_NET any -> [206.255.140.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.255.140.203/; sid:900609677; rev:1;) alert tcp $HOME_NET any -> [66.115.90.89] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.90.89/; sid:900609676; rev:1;) alert tcp $HOME_NET any -> [72.67.198.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.67.198.45/; sid:900609675; rev:1;) alert tcp $HOME_NET any -> [184.186.78.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.78.177/; sid:900609673; rev:1;) alert tcp $HOME_NET any -> [216.230.231.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.230.231.74/; sid:900609672; rev:1;) alert tcp $HOME_NET any -> [174.110.151.45] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.110.151.45/; sid:900609671; rev:1;) alert tcp $HOME_NET any -> [139.162.216.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.216.32/; sid:900609670; rev:1;) alert tcp $HOME_NET any -> [212.83.128.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.128.139/; sid:900609669; rev:1;) alert tcp $HOME_NET any -> [70.184.125.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.125.132/; sid:900609668; rev:1;) alert tcp $HOME_NET any -> [217.128.211.244] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.128.211.244/; sid:900609666; rev:1;) alert tcp $HOME_NET any -> [104.220.152.118] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.152.118/; sid:900609665; rev:1;) alert tcp $HOME_NET any -> [70.52.42.192] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.52.42.192/; sid:900609664; rev:1;) alert tcp $HOME_NET any -> [189.236.94.20] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.94.20/; sid:900609663; rev:1;) alert tcp $HOME_NET any -> [96.94.189.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.94.189.130/; sid:900609662; rev:1;) alert tcp $HOME_NET any -> [216.26.207.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.26.207.135/; sid:900608904; rev:1;) alert tcp $HOME_NET any -> [109.99.161.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.99.161.132/; sid:900608902; rev:1;) alert tcp $HOME_NET any -> [157.52.12.152] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.52.12.152/; sid:900608897; rev:1;) alert tcp $HOME_NET any -> [12.32.68.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.32.68.154/; sid:900608895; rev:1;) alert tcp $HOME_NET any -> [96.232.248.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.232.248.52/; sid:900608884; rev:1;) alert tcp $HOME_NET any -> [187.206.72.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.206.72.243/; sid:900608882; rev:1;) alert tcp $HOME_NET any -> [197.87.144.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.87.144.210/; sid:900608211; rev:1;) alert tcp $HOME_NET any -> [117.198.84.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.198.84.111/; sid:900608207; rev:1;) alert tcp $HOME_NET any -> [165.255.91.240] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.91.240/; sid:900608198; rev:1;) alert tcp $HOME_NET any -> [70.182.250.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.182.250.187/; sid:900608184; rev:1;) alert tcp $HOME_NET any -> [70.168.7.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.7.6/; sid:900608167; rev:1;) alert tcp $HOME_NET any -> [197.248.56.130] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.248.56.130/; sid:900608166; rev:1;) alert tcp $HOME_NET any -> [70.166.97.82] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.166.97.82/; sid:900608164; rev:1;) alert tcp $HOME_NET any -> [47.188.131.94] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.188.131.94/; sid:900608160; rev:1;) alert tcp $HOME_NET any -> [184.180.177.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.180.177.28/; sid:900608147; rev:1;) alert tcp $HOME_NET any -> [85.164.23.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.164.23.19/; sid:900608146; rev:1;) alert tcp $HOME_NET any -> [88.79.210.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.79.210.243/; sid:900608144; rev:1;) alert tcp $HOME_NET any -> [110.143.116.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.116.201/; sid:900608143; rev:1;) alert tcp $HOME_NET any -> [41.169.36.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.169.36.237/; sid:900607397; rev:1;) alert tcp $HOME_NET any -> [200.77.78.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.77.78.38/; sid:900607393; rev:1;) alert tcp $HOME_NET any -> [189.157.242.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.157.242.117/; sid:900607388; rev:1;) alert tcp $HOME_NET any -> [201.173.143.119] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.173.143.119/; sid:900607386; rev:1;) alert tcp $HOME_NET any -> [12.149.72.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.149.72.170/; sid:900607379; rev:1;) alert tcp $HOME_NET any -> [201.237.32.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.237.32.61/; sid:900606625; rev:1;) alert tcp $HOME_NET any -> [99.224.5.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.224.5.162/; sid:900606559; rev:1;) alert tcp $HOME_NET any -> [178.21.113.145] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.21.113.145/; sid:900606554; rev:1;) alert tcp $HOME_NET any -> [72.0.255.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.0.255.155/; sid:900606552; rev:1;) alert tcp $HOME_NET any -> [70.182.77.184] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.182.77.184/; sid:900606551; rev:1;) alert tcp $HOME_NET any -> [203.201.60.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.201.60.206/; sid:900606550; rev:1;) alert tcp $HOME_NET any -> [177.99.167.185] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.99.167.185/; sid:900606549; rev:1;) alert tcp $HOME_NET any -> [68.2.97.91] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.2.97.91/; sid:900606539; rev:1;) alert tcp $HOME_NET any -> [76.72.225.30] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.72.225.30/; sid:900606538; rev:1;) alert tcp $HOME_NET any -> [24.229.49.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.229.49.37/; sid:900606535; rev:1;) alert tcp $HOME_NET any -> [24.74.74.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.74.74.183/; sid:900606532; rev:1;) alert tcp $HOME_NET any -> [121.50.43.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.50.43.110/; sid:900606528; rev:1;) alert tcp $HOME_NET any -> [186.71.61.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.90/; sid:900606524; rev:1;) alert tcp $HOME_NET any -> [204.29.213.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.29.213.242/; sid:900605168; rev:1;) alert tcp $HOME_NET any -> [24.234.175.215] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.175.215/; sid:900605165; rev:1;) alert tcp $HOME_NET any -> [45.73.1.90] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.1.90/; sid:900605163; rev:1;) alert tcp $HOME_NET any -> [187.156.24.43] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.156.24.43/; sid:900605152; rev:1;) alert tcp $HOME_NET any -> [92.27.116.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.116.104/; sid:900605149; rev:1;) alert tcp $HOME_NET any -> [210.186.144.29] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.186.144.29/; sid:900605141; rev:1;) alert tcp $HOME_NET any -> [187.162.64.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.64.157/; sid:900605100; rev:1;) alert tcp $HOME_NET any -> [202.142.47.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.142.47.78/; sid:900605099; rev:1;) alert tcp $HOME_NET any -> [83.110.221.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.221.178/; sid:900605098; rev:1;) alert tcp $HOME_NET any -> [103.205.177.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.205.177.229/; sid:900605097; rev:1;) alert tcp $HOME_NET any -> [24.216.0.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.216.0.134/; sid:900605096; rev:1;) alert tcp $HOME_NET any -> [200.71.62.76] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.62.76/; sid:900605095; rev:1;) alert tcp $HOME_NET any -> [175.107.201.101] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.201.101/; sid:900605094; rev:1;) alert tcp $HOME_NET any -> [89.211.227.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.227.36/; sid:900605093; rev:1;) alert tcp $HOME_NET any -> [189.223.184.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.184.214/; sid:900605092; rev:1;) alert tcp $HOME_NET any -> [81.28.204.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.28.204.179/; sid:900605091; rev:1;) alert tcp $HOME_NET any -> [82.211.30.202] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.211.30.202/; sid:900605090; rev:1;) alert tcp $HOME_NET any -> [119.59.124.163] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.59.124.163/; sid:900605089; rev:1;) alert tcp $HOME_NET any -> [98.144.2.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.2.113/; sid:900605088; rev:1;) alert tcp $HOME_NET any -> [216.46.44.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.46.44.93/; sid:900605087; rev:1;) alert tcp $HOME_NET any -> [108.51.20.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.20.17/; sid:900605086; rev:1;) alert tcp $HOME_NET any -> [154.0.171.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.0.171.246/; sid:900605085; rev:1;) alert tcp $HOME_NET any -> [190.131.159.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.159.89/; sid:900605084; rev:1;) alert tcp $HOME_NET any -> [187.169.238.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.169.238.239/; sid:900605083; rev:1;) alert tcp $HOME_NET any -> [1.186.249.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.186.249.82/; sid:900605082; rev:1;) alert tcp $HOME_NET any -> [201.171.60.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.171.60.208/; sid:900605081; rev:1;) alert tcp $HOME_NET any -> [186.71.51.26] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.51.26/; sid:900605080; rev:1;) alert tcp $HOME_NET any -> [73.8.195.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.8.195.237/; sid:900605079; rev:1;) alert tcp $HOME_NET any -> [200.92.160.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.92.160.32/; sid:900605078; rev:1;) alert tcp $HOME_NET any -> [189.197.62.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.197.62.222/; sid:900605077; rev:1;) alert tcp $HOME_NET any -> [216.251.87.242] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.87.242/; sid:900605076; rev:1;) alert tcp $HOME_NET any -> [190.149.199.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.149.199.14/; sid:900605075; rev:1;) alert tcp $HOME_NET any -> [12.162.84.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.162.84.2/; sid:900605074; rev:1;) alert tcp $HOME_NET any -> [177.240.22.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.240.22.159/; sid:900605073; rev:1;) alert tcp $HOME_NET any -> [174.61.97.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.61.97.253/; sid:900605072; rev:1;) alert tcp $HOME_NET any -> [12.182.146.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.182.146.226/; sid:900605071; rev:1;) alert tcp $HOME_NET any -> [69.178.134.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.178.134.242/; sid:900605070; rev:1;) alert tcp $HOME_NET any -> [70.184.98.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.98.78/; sid:900605069; rev:1;) alert tcp $HOME_NET any -> [80.227.184.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.227.184.182/; sid:900605068; rev:1;) alert tcp $HOME_NET any -> [191.98.70.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.70.46/; sid:900605067; rev:1;) alert tcp $HOME_NET any -> [89.186.26.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.26.180/; sid:900605066; rev:1;) alert tcp $HOME_NET any -> [104.236.24.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.24.85/; sid:900605065; rev:1;) alert tcp $HOME_NET any -> [62.212.34.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.212.34.102/; sid:900605064; rev:1;) alert tcp $HOME_NET any -> [148.240.32.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.32.203/; sid:900605063; rev:1;) alert tcp $HOME_NET any -> [133.242.208.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.208.183/; sid:900605062; rev:1;) alert tcp $HOME_NET any -> [162.251.81.235] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.251.81.235/; sid:900605061; rev:1;) alert tcp $HOME_NET any -> [189.153.146.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.146.187/; sid:900605060; rev:1;) alert tcp $HOME_NET any -> [134.228.77.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.228.77.144/; sid:900605059; rev:1;) alert tcp $HOME_NET any -> [49.212.135.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.212.135.76/; sid:900605058; rev:1;) alert tcp $HOME_NET any -> [187.189.210.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.210.58/; sid:900605057; rev:1;) alert tcp $HOME_NET any -> [37.120.175.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.175.15/; sid:900605056; rev:1;) alert tcp $HOME_NET any -> [68.175.14.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.175.14.70/; sid:900605055; rev:1;) alert tcp $HOME_NET any -> [208.84.149.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.84.149.100/; sid:900605054; rev:1;) alert tcp $HOME_NET any -> [201.174.147.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.174.147.134/; sid:900605053; rev:1;) alert tcp $HOME_NET any -> [65.92.138.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.92.138.49/; sid:900605052; rev:1;) alert tcp $HOME_NET any -> [187.167.192.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.192.22/; sid:900605051; rev:1;) alert tcp $HOME_NET any -> [24.244.177.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.244.177.40/; sid:900605050; rev:1;) alert tcp $HOME_NET any -> [200.116.74.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.74.2/; sid:900605049; rev:1;) alert tcp $HOME_NET any -> [89.186.26.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.186.26.179/; sid:900605048; rev:1;) alert tcp $HOME_NET any -> [203.198.129.4] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.198.129.4/; sid:900605047; rev:1;) alert tcp $HOME_NET any -> [177.231.104.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.104.163/; sid:900605046; rev:1;) alert tcp $HOME_NET any -> [190.154.42.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.42.106/; sid:900605045; rev:1;) alert tcp $HOME_NET any -> [89.0.156.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.0.156.133/; sid:900605044; rev:1;) alert tcp $HOME_NET any -> [193.251.43.125] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.251.43.125/; sid:900605043; rev:1;) alert tcp $HOME_NET any -> [50.240.176.107] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.240.176.107/; sid:900605042; rev:1;) alert tcp $HOME_NET any -> [146.185.170.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.170.222/; sid:900605041; rev:1;) alert tcp $HOME_NET any -> [144.217.246.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.246.66/; sid:900605040; rev:1;) alert tcp $HOME_NET any -> [173.165.110.17] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.165.110.17/; sid:900605039; rev:1;) alert tcp $HOME_NET any -> [222.214.218.192] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.192/; sid:900605038; rev:1;) alert tcp $HOME_NET any -> [24.119.116.230] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.119.116.230/; sid:900605037; rev:1;) alert tcp $HOME_NET any -> [199.119.78.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.119.78.38/; sid:900605036; rev:1;) alert tcp $HOME_NET any -> [216.21.168.27] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.21.168.27/; sid:900605035; rev:1;) alert tcp $HOME_NET any -> [178.18.134.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.18.134.182/; sid:900605034; rev:1;) alert tcp $HOME_NET any -> [157.7.164.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.164.23/; sid:900605033; rev:1;) alert tcp $HOME_NET any -> [194.150.118.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.8/; sid:900605032; rev:1;) alert tcp $HOME_NET any -> [46.105.131.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.69/; sid:900605031; rev:1;) alert tcp $HOME_NET any -> [187.178.17.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.17.209/; sid:900605030; rev:1;) alert tcp $HOME_NET any -> [79.129.120.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.120.103/; sid:900605029; rev:1;) alert tcp $HOME_NET any -> [27.50.89.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.50.89.209/; sid:900605028; rev:1;) alert tcp $HOME_NET any -> [108.16.207.129] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.207.129/; sid:900605027; rev:1;) alert tcp $HOME_NET any -> [142.44.244.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.244.43/; sid:900605026; rev:1;) alert tcp $HOME_NET any -> [194.88.246.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.88.246.242/; sid:900605025; rev:1;) alert tcp $HOME_NET any -> [24.173.127.246] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.173.127.246/; sid:900605024; rev:1;) alert tcp $HOME_NET any -> [71.244.60.231] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.60.231/; sid:900605023; rev:1;) alert tcp $HOME_NET any -> [46.105.131.87] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.87/; sid:900605022; rev:1;) alert tcp $HOME_NET any -> [78.47.182.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.182.42/; sid:900605021; rev:1;) alert tcp $HOME_NET any -> [190.180.12.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.12.199/; sid:900605020; rev:1;) alert tcp $HOME_NET any -> [69.17.170.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.17.170.58/; sid:900605019; rev:1;) alert tcp $HOME_NET any -> [199.119.78.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.119.78.9/; sid:900605018; rev:1;) alert tcp $HOME_NET any -> [110.143.187.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.187.76/; sid:900605017; rev:1;) alert tcp $HOME_NET any -> [80.153.201.243] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.153.201.243/; sid:900605016; rev:1;) alert tcp $HOME_NET any -> [206.210.104.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.210.104.194/; sid:900605015; rev:1;) alert tcp $HOME_NET any -> [118.244.214.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.244.214.210/; sid:900605014; rev:1;) alert tcp $HOME_NET any -> [203.45.184.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.45.184.52/; sid:900605013; rev:1;) alert tcp $HOME_NET any -> [149.62.173.247] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.62.173.247/; sid:900605012; rev:1;) alert tcp $HOME_NET any -> [108.170.54.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.54.171/; sid:900605011; rev:1;) alert tcp $HOME_NET any -> [94.16.88.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.16.88.56/; sid:900605010; rev:1;) alert tcp $HOME_NET any -> [144.217.246.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.246.57/; sid:900605009; rev:1;) alert tcp $HOME_NET any -> [193.136.199.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.136.199.16/; sid:900605008; rev:1;) alert tcp $HOME_NET any -> [24.121.176.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.121.176.48/; sid:900605007; rev:1;) alert tcp $HOME_NET any -> [89.242.14.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.242.14.231/; sid:900605006; rev:1;) alert tcp $HOME_NET any -> [70.119.165.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.165.108/; sid:900605005; rev:1;) alert tcp $HOME_NET any -> [50.67.42.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.67.42.25/; sid:900605004; rev:1;) alert tcp $HOME_NET any -> [27.109.24.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.24.214/; sid:900605104; rev:1;) alert tcp $HOME_NET any -> [70.124.101.195] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.124.101.195/; sid:900605003; rev:1;) alert tcp $HOME_NET any -> [110.142.247.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.247.110/; sid:900605002; rev:1;) alert tcp $HOME_NET any -> [151.237.93.131] 20 (msg:"Feodo