This repository was archived by the owner on Mar 17, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompromised.rules
More file actions
75 lines (72 loc) · 25.9 KB
/
compromised.rules
File metadata and controls
75 lines (72 loc) · 25.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#
# $Id: emerging-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
#Sources include:
#
# Daniel Gerzo's BruteForceBlocker
# http://danger.rulez.sk/projects/bruteforceblocker/
#
# The OpenBL
# http://www.openbl.org/ (formerly sshbl.org)
#
# And the Emerging Threats Sandnet and SidReporter Projects
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
# Copyright (c) 2003-2019, Emerging Threats
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
# following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
# disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
# following disclaimer in the documentation and/or other materials provided with the distribution.
# * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# VERSION 5409
# Generated 2020-04-20 00:30:01 EDT
alert ip [101.36.164.114,101.78.168.168,101.78.240.26,103.114.106.36,103.120.203.142,103.125.191.136,103.13.122.156,103.133.105.180,103.136.40.100,103.138.109.68,103.14.229.253,103.216.112.230,103.221.222.179,103.226.248.72,103.228.110.24,103.27.237.67,103.69.71.58,103.89.90.114,103.99.1.31,103.99.3.45,104.131.53.42,104.131.73.105,104.140.114.106,104.140.242.35,104.154.165.78,104.154.244.76,104.200.134.151,104.200.134.181,104.206.252.71,104.211.143.123] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 1"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500000; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [104.215.122.38,104.236.30.107,104.236.72.187,104.244.73.16,104.244.73.248,104.244.75.191,104.248.114.191,104.248.138.38,104.248.146.214,104.248.151.177,104.248.181.156,104.248.254.60,104.248.255.29,104.248.46.226,104.248.48.99,104.248.56.77,104.41.153.74,106.12.155.146,106.12.191.64,106.13.178.249,106.13.62.145,106.75.7.111,107.174.244.100,107.175.214.70,108.61.192.62,110.52.140.106,110.73.182.205,110.77.134.15,111.203.196.62,111.26.180.130] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 2"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500002; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [111.51.65.33,111.53.52.245,113.172.33.168,113.190.37.142,113.199.41.33,113.96.149.63,114.67.74.50,114.86.88.149,115.182.197.162,115.68.187.150,115.94.161.43,116.105.215.232,116.105.216.179,116.230.61.209,116.240.199.23,116.52.2.62,117.198.98.191,117.247.191.18,117.52.87.230,117.73.8.142,118.166.121.101,118.36.234.138,118.45.190.167,1.186.45.162,118.70.216.153,119.194.23.211,119.28.133.210,120.138.8.103,120.194.108.100,120.220.15.5] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 3"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500004; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [121.15.171.83,122.170.158.136,122.175.13.46,122.188.208.110,122.201.93.240,122.52.251.100,1.227.255.70,124.156.181.81,1.251.0.135,125.227.130.2,126.145.129.198,128.14.38.2,128.199.143.193,128.199.176.219,128.199.51.22,129.144.62.179,129.146.74.189,129.154.66.222,129.213.35.134,129.226.163.23,129.226.179.66,129.226.56.27,130.61.108.58,130.61.137.193,131.153.30.68,131.255.227.166,13.126.72.29,132.145.177.124,132.145.34.57,134.0.35.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 4"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500006; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [134.122.118.21,134.122.121.169,134.122.127.161,134.122.29.203,134.122.31.0,134.122.50.84,134.122.57.124,134.122.93.216,134.122.94.215,134.209.100.103,134.209.109.246,134.209.165.47,134.209.168.112,134.209.176.162,134.209.192.106,134.209.246.25,134.209.92.110,134.209.95.75,134.249.177.31,13.67.118.88,137.110.222.32,13.75.232.117,137.74.195.204,138.128.244.134,138.128.244.63,138.197.148.135,138.197.173.210,138.68.61.182,139.219.140.60,139.59.150.183] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 5"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500008; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [139.59.31.205,139.59.44.58,139.59.61.186,139.59.68.159,139.59.71.104,139.59.90.0,139.99.34.219,139.99.71.227,14.143.103.174,141.98.81.108,141.98.81.110,141.98.81.112,141.98.81.206,141.98.81.84,141.98.9.137,141.98.9.159,141.98.9.160,14.215.88.241,142.4.212.119,142.44.243.190,142.93.122.58,142.93.127.16,142.93.15.76,142.93.178.254,142.93.204.176,142.93.204.89,142.93.255.41,144.217.105.209,144.217.255.89,144.217.58.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 6"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500010; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [144.217.6.146,144.217.96.161,144.91.108.237,144.91.73.5,144.91.81.116,144.91.88.62,144.91.94.94,14.49.38.47,145.108.225.24,145.239.136.42,146.185.141.95,146.185.182.192,147.135.211.59,147.160.0.4,148.153.87.4,148.215.18.103,148.233.136.34,148.66.133.135,148.66.134.12,148.66.135.237,148.72.214.69,149.202.102.36,149.91.88.20,150.136.161.255,150.136.233.141,150.158.120.45,150.95.115.145,152.89.239.85,153.122.33.234,153.126.209.197] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 7"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500012; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [154.222.138.182,155.138.129.153,155.138.220.148,155.138.224.79,155.4.117.13,156.38.97.106,157.119.73.117,157.230.188.53,157.230.47.57,157.230.54.248,157.245.104.96,157.245.109.223,157.245.131.52,157.245.45.202,158.175.142.42,158.193.152.102,158.69.123.134,159.203.162.39,159.65.130.10,159.65.166.236,159.65.8.107,159.89.236.238,159.89.52.25,160.16.75.119,161.35.12.1,161.35.14.251,161.35.19.57,161.35.20.169,161.35.29.193,162.219.178.50] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 8"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500014; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [162.242.251.22,162.243.166.145,163.172.105.58,163.172.128.194,163.172.141.236,163.172.166.223,163.172.209.154,163.172.220.189,163.172.233.173,163.172.89.149,163.172.90.145,163.172.90.77,163.172.90.79,164.132.109.197,164.52.24.164,164.52.34.58,164.52.34.59,164.68.100.157,164.68.124.231,164.68.127.40,165.22.110.2,165.22.192.60,165.22.208.25,165.22.212.122,165.22.60.7,165.22.68.228,165.227.197.180,165.22.73.97,165.227.54.212,167.172.103.156] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 9"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500016; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [167.172.139.212,167.172.144.86,167.172.152.99,167.172.154.50,167.172.33.42,167.172.35.121,167.71.115.245,167.71.14.44,167.71.169.144,167.71.177.106,167.71.239.181,167.71.50.255,167.86.126.12,167.86.66.67,167.86.71.24,167.86.99.209,167.99.152.121,167.99.170.160,167.99.172.18,167.99.236.118,167.99.77.21,167.99.94.147,168.205.133.65,168.235.97.12,168.63.123.150,169.57.37.248,170.130.205.109,170.253.58.141,173.249.11.127,173.249.39.196] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 10"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500018; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [174.136.15.182,174.83.190.0,175.126.123.151,176.113.115.222,176.123.3.17,176.123.6.23,176.31.116.214,177.12.72.63,177.42.198.36,178.128.123.209,178.128.164.211,178.128.173.238,178.128.211.250,178.128.224.94,178.128.59.172,178.128.83.204,178.156.202.142,178.196.104.182,178.21.11.80,178.33.66.88,178.57.106.250,178.62.5.126,178.62.99.41,180.101.228.203,180.167.65.86,180.76.247.6,180.76.52.25,180.96.27.75,181.46.201.4,18.185.125.27] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 11"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500020; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [18.191.236.228,182.107.61.18,18.221.97.242,182.221.133.139,182.76.52.102,183.111.126.36,183.2.168.102,183.235.33.238,183.82.1.45,185.10.68.239,185.132.53.122,185.132.53.211,185.144.101.213,185.153.196.230,185.153.197.14,185.181.162.49,185.181.8.240,185.202.1.164,185.202.1.223,185.202.1.240,185.216.140.250,185.220.100.240,185.220.100.241,185.220.100.242,185.220.100.243,185.220.100.244,185.220.100.249,185.220.100.252,185.220.100.253,185.220.101.131] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 12"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500022; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [185.220.101.136,185.220.101.146,185.220.101.17,185.220.101.19,185.220.101.193,185.220.101.198,185.220.101.199,185.220.101.2,185.220.101.200,185.220.103.4,185.220.103.7,185.220.60.26,185.223.28.251,185.238.29.62,185.244.39.123,185.244.39.177,185.244.39.29,185.244.39.46,186.10.248.158,187.32.22.155,188.165.204.81,188.166.150.230,188.166.45.125,188.166.8.93,188.40.103.197,188.41.241.69,188.95.231.105,189.17.30.18,189.199.252.187,190.107.28.228] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 13"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500024; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [190.121.130.37,190.129.72.66,190.154.48.51,191.234.160.243,192.119.77.3,192.241.133.191,192.241.255.92,192.42.116.16,193.112.248.85,193.187.118.237,193.39.187.57,193.56.28.104,193.56.28.68,193.70.40.191,193.70.43.220,194.105.205.42,194.180.224.130,194.180.224.137,194.180.224.150,194.180.224.251,194.61.26.34,195.154.164.235,195.158.2.74,195.201.243.138,195.206.105.217,195.231.0.27,195.231.3.132,195.231.3.230,195.231.3.37,195.231.3.68] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 14"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500026; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [195.231.4.201,195.231.8.111,195.231.8.141,195.231.8.23,195.24.202.149,196.207.254.250,196.244.191.50,196.41.56.26,197.248.154.82,197.254.119.94,197.254.69.197,198.12.152.199,198.144.189.250,198.199.123.225,198.199.74.118,198.38.84.190,198.55.50.196,199.119.144.1,199.119.144.21,199.247.13.223,199.33.126.114,199.66.90.147,200.120.196.221,200.122.237.98,200.73.129.182,200.73.83.179,201.140.123.130,201.163.15.214,201.182.66.18,202.4.126.118] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 15"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500028; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [202.43.114.124,202.43.164.162,202.73.58.61,203.144.162.142,203.154.189.18,203.195.169.76,203.229.246.118,205.185.120.163,205.185.123.120,205.185.124.122,205.185.124.153,206.189.228.120,206.189.24.67,206.189.28.79,206.72.196.219,206.81.12.242,207.180.198.112,207.180.216.252,207.180.226.80,207.180.227.177,207.180.236.111,207.180.244.29,208.113.133.117,208.97.141.8,209.141.47.192,209.141.51.254,209.141.52.28,209.141.55.11,209.141.58.29,209.97.159.204] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 16"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500030; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [210.103.187.19,210.126.5.91,210.48.146.61,211.253.9.160,212.109.195.159,212.109.198.55,212.20.1.230,212.248.1.58,212.47.232.66,212.64.93.9,212.68.249.25,212.92.108.34,212.92.112.161,213.136.68.33,213.136.70.26,213.136.74.238,213.136.75.16,213.136.76.108,213.136.93.52,213.176.63.219,213.184.249.113,213.202.233.221,213.238.181.236,213.32.95.58,213.74.121.58,213.74.176.36,217.114.209.25,217.20.113.137,217.61.107.174,218.246.34.214] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 17"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500032; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [218.255.6.106,218.88.164.159,219.137.65.125,220.242.25.19,221.229.218.141,221.229.252.42,222.124.22.43,222.161.223.147,222.187.227.139,222.188.89.146,222.195.83.218,2.226.157.66,222.75.167.182,223.194.70.146,223.82.114.14,23.250.7.86,23.91.72.11,24.18.92.61,27.111.42.70,27.78.14.83,31.14.131.223,31.184.198.75,31.184.199.114,31.184.254.151,31.186.48.216,34.64.240.147,34.64.85.26,34.66.225.80,34.70.209.151,34.87.0.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 18"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500034; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [35.184.162.66,35.197.133.238,35.202.144.33,35.221.83.181,35.222.66.88,35.223.204.233,35.224.52.125,35.229.254.103,35.247.225.85,36.111.164.37,37.187.172.56,37.187.183.89,37.187.69.69,37.220.93.126,37.49.226.115,37.49.226.116,37.49.226.151,37.49.226.181,37.49.230.103,37.49.230.14,37.49.230.141,37.49.230.180,37.72.172.174,38.132.124.204,39.152.24.226,3.93.78.191,40.115.30.190,40.115.4.136,40.118.102.111,40.66.55.217] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 19"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500036; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [40.70.134.175,40.85.148.97,40.89.178.114,41.110.24.29,41.231.5.110,41.234.66.22,41.78.74.67,41.78.74.68,42.112.20.32,42.118.242.184,42.157.163.103,42.236.75.183,43.254.30.99,45.131.5.25,45.137.183.59,45.141.84.25,45.141.86.128,45.14.224.113,45.14.224.117,45.14.224.131,45.14.224.199,45.148.10.197,45.148.10.213,45.148.10.50,45.148.10.96,45.148.120.141,45.227.255.4,45.32.102.64,45.33.70.146,45.55.195.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 20"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500038; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [45.63.117.80,45.63.83.160,45.67.14.20,45.67.14.21,45.67.14.22,45.77.82.109,45.84.196.200,45.93.251.205,45.95.168.131,45.95.168.132,45.95.168.133,45.95.168.145,45.95.168.162,45.95.168.200,45.95.168.205,45.95.168.243,45.95.168.245,45.95.168.247,45.95.168.248,45.95.168.251,45.95.168.98,46.101.1.131,46.101.136.110,46.101.199.212,46.105.31.249,46.209.198.171,47.151.246.31,50.115.168.161,50.115.168.179,50.66.167.29] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 21"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500040; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [51.15.0.99,51.15.100.153,51.15.102.138,51.15.110.205,51.15.111.139,51.15.111.221,51.15.119.193,51.15.1.226,51.15.126.41,51.15.12.83,51.15.198.38,51.15.203.121,51.15.212.164,51.15.222.27,51.15.225.148,51.15.233.192,51.15.240.174,51.15.244.108,51.15.254.159,51.15.2.66,51.15.49.2,51.15.53.102,51.15.53.95,51.15.55.79,51.15.60.28,51.15.65.180,51.15.80.2,51.158.111.157,51.158.115.37,51.15.82.93] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 22"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500042; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [51.15.85.152,51.158.69.104,51.159.67.102,51.161.32.134,51.161.68.187,51.178.182.207,51.178.52.245,51.178.62.209,51.178.86.80,51.178.87.140,51.254.231.218,5.135.190.67,5.135.78.50,5.135.78.52,51.38.107.116,51.38.57.78,51.38.93.186,51.38.94.74,5.144.132.4,51.68.11.191,51.68.91.162,51.75.129.23,51.75.144.43,51.75.246.191,51.75.251.202,51.75.69.196,51.75.96.193,51.77.136.211,51.77.197.197,51.77.58.185] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 23"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500044; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [51.79.145.232,51.79.87.227,5.182.211.138,5.182.211.152,5.182.211.180,5.182.211.181,5.182.211.184,51.83.106.117,5.189.137.101,51.89.143.82,5.189.167.107,51.89.167.245,5.189.169.160,5.189.189.241,51.89.227.81,51.89.88.98,51.91.140.218,51.91.68.149,51.91.91.217,5.206.224.242,52.1.131.202,52.142.160.188,52.174.50.120,52.231.11.38,5.253.86.213,5.39.163.82,5.39.67.236,54.37.10.222,54.37.67.226,54.38.177.98] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 24"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500046; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [5.58.13.206,58.215.176.20,58.49.35.5,58.8.143.35,59.10.5.156,60.17.136.50,60.174.210.48,60.251.136.161,60.29.123.202,61.28.108.122,61.84.196.50,62.102.148.68,62.171.132.67,62.171.140.79,62.171.142.113,62.171.152.123,62.171.158.15,62.171.159.20,62.171.161.253,62.171.167.23,62.171.167.73,62.171.172.225,62.171.172.231,62.171.175.206,62.171.177.173,62.171.178.154,62.171.182.154,62.171.182.192,62.171.183.29,62.171.186.127] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 25"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500048; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [62.171.191.143,62.171.191.253,62.171.191.7,62.210.110.192,62.210.245.159,62.210.45.239,62.33.140.2,62.60.135.47,64.202.189.16,64.20.35.166,64.20.63.147,64.225.104.135,64.225.120.175,64.227.17.18,64.227.19.245,64.227.21.179,64.227.21.227,64.227.47.182,64.227.68.83,64.52.109.192,66.42.91.218,66.45.248.251,66.45.251.156,67.19.31.138,67.199.169.16,67.205.141.53,67.207.93.206,67.247.123.8,68.183.102.246,68.183.190.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 26"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500050; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [68.183.196.84,68.183.90.182,68.183.90.78,68.5.173.208,68.71.22.10,69.90.201.136,69.90.201.165,71.202.97.198,74.121.190.124,74.97.19.201,76.74.148.3,77.247.181.162,77.249.144.101,78.47.207.144,79.142.50.23,79.143.181.172,79.147.26.211,80.211.187.228,80.211.58.190,80.229.157.225,80.241.214.222,80.82.69.248,81.0.100.136,81.169.248.234,81.198.171.29,81.246.218.220,81.249.47.231,81.4.111.88,82.177.39.21,82.223.66.26] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 27"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500052; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)
alert ip [82.65.34.74,84.17.51.176,84.38.184.126,84.88.40.36,85.10.204.189,85.192.33.34,85.209.0.94,85.25.199.69,86.36.20.20,87.106.194.189,87.27.206.172,88.85.111.147,89.163.153.41,89.208.210.91,89.208.84.44,89.238.154.114,89.248.168.229,89.248.174.151,89.34.27.10,90.63.235.122,91.121.177.192,91.121.86.77,91.241.19.42,91.3.36.177,92.116.168.98,92.222.205.183,92.222.67.68,92.222.88.254,92.246.76.177,92.53.64.203] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic group 28"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2500054; rev:5409; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag COMPROMISED, signature_severity Major, created_at 2011_04_28, updated_at 2020_04_20;)