You should probably let the Snort people know that there is a false positive on your plugin usage tracking. I get hundreds of warnings about a sign of possible infection in my network. When I hunted down the details it's because of accessing plugin-usage.edacerton.win and there is a Snort rule that any access to a .win domain could indicate compromise. I don't know if they except specific domains like yours that are known to not be bad.
Snort - Rule Docs: https://snort.org/rule_docs/1-44077
I turned off usage data collection, assuming that will clear up those warnings.