Update your signatures, the new signature is written to take into account the actual known C&C sites. It was updated last night it seems and I am no longer getting a flood.

Same here, hundreds of web request getting flagged as if we're attacking these sites, but all the packets are my clients requesting from them. There are alphanumeric strings that seem to match the signature of an attack, but to me they seem to be mor...