#
# $Id: bleeding-compromised.rules
# Rules to block known hostile or compromised hosts. These lists are updated daily or better from many sources
#
# More information available at www.emergingthreats.net
#
# Please submit any feedback or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list
#
#*************************************************************
#
#  Copyright (c) 2003-2008, Emerging Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#

#  VERSION 1150

#  Generated 2008-05-16 01:03:02 EDT

alert ip [116.123.47.80,118.105.175.83,118.170.10.71,118.8.99.66,12.203.124.239,12.206.45.226,12.207.175.128,12.214.76.225,12.72.60.11,121.138.89.65,121.176.46.126,121.177.232.170,121.191.14.16,121.191.14.5,121.205.89.137,122.100.138.14,122.134.64.155,122.135.62.63,122.36.152.119,123.111.50.177,123.201.0.243,123.201.160.94,123.202.126.38,123.202.135.131,123.202.153.243,123.202.193.70,123.202.213.55,123.202.46.61,123.202.78.216,123.203.110.141] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (1)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510000; rev:1150; fwsam: src, 24 hours;)
alert ip [123.203.130.72,123.203.166.69,123.203.26.174,123.98.168.173,124.100.18.23,124.102.13.69,124.244.188.195,124.44.186.96,124.49.196.48,124.8.196.187,124.8.197.145,124.8.197.165,124.8.202.109,124.80.101.135,125.103.43.19,125.113.132.155,125.114.251.143,125.131.0.177,125.131.8.182,125.137.128.114,125.209.2.170,125.224.1.3,125.224.11.235,125.224.13.5,125.224.6.86,125.59.108.27,125.59.158.99,125.59.36.48,125.59.66.183,125.65.77.25] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (2)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510001; rev:1150; fwsam: src, 24 hours;)
alert ip [128.241.236.105,129.118.198.184,137.28.241.233,168.226.17.126,172.163.165.232,189.24.43.151,190.172.148.203,190.172.169.82,190.95.66.63,193.151.254.200,193.151.255.25,193.226.12.65,193.43.223.144,194.146.204.0/22,194.45.229.209,195.138.107.171,195.146.73.83,195.188.108.151,195.245.119.105,195.39.196.44,200.95.131.94,201.231.231.54,201.233.56.249,201.4.110.39,202.104.186.4,202.107.52.179,202.131.185.125,202.131.30.82,202.131.30.83,202.134.151.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (3)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510002; rev:1150; fwsam: src, 24 hours;)
alert ip [202.134.182.72,202.222.19.53,202.55.33.190,203.109.65.153,203.109.65.190,203.198.250.43,203.232.238.121,203.80.202.154,204.111.223.68,204.13.161.105,204.8.169.150,204.8.169.182,204.8.169.214,204.8.169.246,206.72.28.129,207.189.104.86,207.215.246.94,208.102.90.84,208.104.136.173,208.127.129.182,208.53.148.111,208.53.175.92,208.53.185.98,208.73.212.12,208.87.149.150,209.133.11.161,209.133.11.197,209.160.32.113,209.160.65.45,209.170.120.43] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (4)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510003; rev:1150; fwsam: src, 24 hours;)
alert ip [209.183.3.38,209.47.46.150,209.47.46.151,209.47.46.152,209.47.46.153,209.47.46.154,209.47.46.170,209.47.46.200,209.62.20.175,209.66.122.203,209.8.255.52,209.85.51.151,210.106.5.135,210.117.32.97,210.230.197.56,210.245.202.70,211.10.44.37,211.109.19.45,211.13.38.139,211.201.61.232,211.201.61.233,211.220.54.44,211.221.23.229,211.223.7.49,211.230.76.109,211.62.103.127,211.95.73.162,212.15.152.185,212.220.42.50,212.220.96.14] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (5)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510004; rev:1150; fwsam: src, 24 hours;)
alert ip [212.64.79.171,213.114.230.250,213.141.146.215,213.143.93.207,213.168.109.84,213.168.119.202,213.183.165.134,213.183.165.166,213.183.165.214,213.187.112.164,213.19.94.138,213.202.245.127,213.211.41.253,213.231.24.29,213.231.26.99,213.247.193.126,213.248.28.118,213.37.250.88,213.39.197.126,213.79.72.234,216.130.89.60,216.195.33.44,216.195.44.106,216.195.48.100,216.195.49.132,216.195.61.223,216.40.33.252,216.78.30.66,216.78.30.80,216.8.177.23] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (6)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510005; rev:1150; fwsam: src, 24 hours;)
alert ip [217.116.253.193,217.122.108.3,217.144.146.48,217.172.229.212,217.175.153.227,217.185.12.10,217.185.12.13,217.185.12.4,217.185.22.200,217.194.249.14,217.194.249.17,217.194.249.23,217.194.249.24,217.194.249.89,217.211.174.203,217.217.205.225,217.217.207.160,217.22.120.114,217.22.120.232,217.247.8.51,217.248.60.84,217.75.214.4,218.148.198.109,218.152.61.188,218.152.61.250,218.161.126.16,218.166.99.6,218.170.38.192,218.172.33.51,218.190.210.51] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (7)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510006; rev:1150; fwsam: src, 24 hours;)
alert ip [218.219.219.105,218.220.154.146,218.252.100.137,218.252.150.166,218.252.156.103,218.253.201.3,218.253.25.79,218.253.5.29,218.253.84.66,218.254.157.62,218.254.49.235,218.254.9.205,218.254.94.230,218.255.100.33,218.255.6.56,218.44.249.117,219.19.208.26,219.210.68.13,219.240.79.58,219.68.56.88,220.131.77.165,220.138.122.73,220.138.123.241,220.215.166.245,220.235.57.239,220.75.199.72,221.125.196.140,221.125.213.99,221.126.144.181,221.126.151.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (8)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510007; rev:1150; fwsam: src, 24 hours;)
alert ip [221.126.247.33,221.126.5.237,221.127.110.16,221.127.110.174,221.127.111.156,221.127.111.39,221.127.154.167,221.127.160.52,221.127.161.81,221.127.163.141,221.127.21.11,221.127.21.213,221.127.229.119,221.127.232.30,221.127.233.13,221.127.40.66,221.127.47.244,221.186.188.218,222.107.94.124,222.110.206.221,222.121.141.143,222.121.176.186,222.122.84.200,222.122.84.250,222.166.109.254,222.166.140.108,222.166.156.196,222.166.240.39,222.167.102.224,222.167.120.55] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (9)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510008; rev:1150; fwsam: src, 24 hours;)
alert ip [222.167.77.20,222.73.240.86,222.73.249.57,24.10.38.126,24.118.201.15,24.126.177.248,24.160.222.101,24.167.172.245,24.167.191.212,24.176.222.226,24.18.219.6,24.18.66.100,24.18.69.126,24.19.208.65,24.20.133.35,24.210.212.198,24.210.38.179,24.219.139.184,24.219.209.203,24.239.176.198,24.249.7.46,24.29.80.65,24.30.180.45,24.30.49.148,24.34.8.114,24.59.3.193,24.61.197.36,24.72.163.123,24.74.126.220,24.8.168.128] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (10)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510009; rev:1150; fwsam: src, 24 hours;)
alert ip [24.8.210.227,24.80.109.38,24.85.85.190,24.90.114.185,24.96.188.251,24.99.149.51,4.79.66.194,4.79.66.195,4.79.66.197,41.235.126.239,58.188.59.206,58.190.51.50,58.218.207.188,58.218.207.189,58.240.192.214,59.10.165.247,59.116.25.86,59.121.119.173,59.146.8.56,59.149.121.212,59.149.198.64,59.149.201.184,59.149.23.192,59.149.46.246,59.188.224.111,59.188.228.95,59.26.14.57,60.248.254.175,60.254.242.156,61.10.100.78] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (11)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510010; rev:1150; fwsam: src, 24 hours;)
alert ip [61.10.122.23,61.10.144.196,61.10.192.233,61.10.215.30,61.10.60.5,61.105.185.90,61.129.50.183,61.15.118.102,61.15.14.250,61.174.63.200,61.18.133.69,61.18.162.102,61.18.196.184,61.18.221.154,61.18.225.13,61.18.251.47,61.18.7.35,61.216.171.122,61.217.29.242,61.223.228.183,61.224.148.162,61.231.84.236,61.244.140.29,61.64.12.176,61.79.25.224,61.92.120.6,61.93.124.77,62.109.172.243,62.117.127.125,62.119.28.111] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (12)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510011; rev:1150; fwsam: src, 24 hours;)
alert ip [62.143.152.81,62.168.252.153,62.178.232.75,62.182.74.185,62.182.74.38,62.189.91.10,62.231.173.139,62.241.239.71,62.245.101.48,62.245.76.138,63.196.198.66,64.124.210.9,64.124.222.176,64.131.251.238,64.149.233.153,64.152.73.150,64.152.73.182,64.152.73.214,64.152.73.246,64.187.43.11,64.187.43.12,64.187.43.13,64.187.43.14,64.187.43.17,64.216.142.58,64.216.58.80,64.233.167.99,64.255.172.50,64.4.228.107,64.80.128.99] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (13)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510012; rev:1150; fwsam: src, 24 hours;)
alert ip [64.86.25.248,65.191.167.122,65.67.158.199,65.73.226.169,65.9.129.188,66.108.249.42,66.133.193.111,66.150.161.133,66.150.161.136,66.150.161.140,66.150.161.141,66.150.161.57,66.153.68.181,66.16.140.96,66.168.57.4,66.177.212.76,66.229.33.118,66.244.251.18,66.252.30.168,66.31.112.245,66.53.212.7,66.61.118.28,66.65.83.149,67.109.145.54,67.140.229.11,67.149.4.92,67.150.121.140,67.160.180.157,67.164.174.54,67.166.150.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (14)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510013; rev:1150; fwsam: src, 24 hours;)
alert ip [67.167.116.26,67.170.167.102,67.172.61.122,67.180.15.177,67.189.82.129,68.112.109.120,68.118.96.10,68.144.184.77,68.178.232.100,68.184.187.98,68.184.32.203,68.186.197.249,68.203.133.108,68.203.203.69,68.230.54.94,68.248.3.76,68.255.31.247,68.44.219.79,68.47.36.35,68.50.253.115,68.51.81.113,68.54.88.33,68.58.19.254,68.60.59.69,68.63.146.167,68.77.83.238,68.92.112.13,69.105.85.147,69.106.250.84,69.109.46.231] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (15)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510014; rev:1150; fwsam: src, 24 hours;)
alert ip [69.111.244.134,69.133.85.192,69.14.233.99,69.14.247.212,69.141.3.10,69.142.26.223,69.152.239.225,69.206.155.102,69.217.52.56,69.217.54.179,69.217.59.8,69.217.60.181,69.221.253.51,69.221.36.10,69.221.68.103,69.227.203.234,69.227.214.28,69.231.162.176,69.231.32.68,69.232.34.176,69.232.49.245,69.234.23.205,69.234.46.105,69.236.23.8,69.237.1.77,69.237.78.29,69.239.241.20,69.242.194.110,69.249.1.149,69.249.35.246] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (16)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510015; rev:1150; fwsam: src, 24 hours;)
alert ip [69.25.27.170,69.25.27.171,69.25.27.172,69.25.27.173,69.25.47.164,69.250.208.150,69.252.172.52,69.253.106.197,69.39.224.10,69.39.224.11,69.39.224.12,69.39.224.13,69.39.226.86,69.39.228.33,69.39.228.37,69.39.228.39,69.39.228.43,69.39.228.45,69.39.228.58,69.42.219.194,69.46.120.10,69.46.120.11,69.64.67.30,69.86.112.138,69.88.196.200,69.92.21.161,70.112.135.212,70.114.31.5,70.126.181.76,70.129.167.148] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (17)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510016; rev:1150; fwsam: src, 24 hours;)
alert ip [70.131.48.19,70.131.51.122,70.216.18.184,70.239.37.6,70.240.117.1,70.252.135.184,70.254.70.217,70.255.39.17,71.12.3.114,71.132.135.87,71.137.248.136,71.170.85.91,71.199.139.146,71.207.246.116,71.208.233.245,71.226.115.90,71.239.231.212,71.62.78.181,71.65.102.22,71.66.119.38,71.74.78.219,71.79.31.229,71.85.114.190,71.87.191.36,71.87.221.229,71.92.146.196,72.138.68.221,72.140.11.139,72.186.156.10,72.190.115.145] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (18)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510017; rev:1150; fwsam: src, 24 hours;)
alert ip [72.20.17.167,72.20.25.181,72.20.35.191,72.231.172.251,72.232.206.42,72.235.39.20,72.24.38.68,72.240.126.32,72.49.152.201,72.51.154.63,74.137.86.21,74.200.26.170,74.200.26.171,74.200.26.172,74.211.30.12,74.64.60.57,74.72.93.117,75.131.206.192,75.139.130.32,75.15.156.82,75.184.120.4,75.3.248.76,75.31.248.97,75.42.180.195,75.45.166.247,75.45.174.134,75.50.20.236,75.54.94.19,75.61.78.223,75.61.86.255] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (19)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510018; rev:1150; fwsam: src, 24 hours;)
alert ip [75.64.19.23,75.66.90.2,75.73.84.33,75.90.2.4,75.90.6.199,76.103.41.28,76.104.85.232,76.106.114.226,76.107.108.192,76.16.253.51,76.17.161.34,76.178.125.190,76.184.109.118,76.189.117.240,76.191.102.169,76.198.243.127,76.199.170.114,76.20.72.123,76.21.62.60,76.212.74.225,76.217.95.117,76.223.245.233,76.224.15.16,76.226.155.89,76.23.12.217,76.234.96.6,76.235.45.118,76.237.3.162,76.239.21.102,76.241.90.195] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (20)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510019; rev:1150; fwsam: src, 24 hours;)
alert ip [76.244.76.199,76.25.168.65,76.25.91.27,76.254.123.51,76.28.249.11,76.97.26.255,76.98.177.40,77.102.218.44,77.108.66.242,77.125.87.224,77.127.35.86,77.238.231.111,77.247.17.244,77.37.134.114,77.41.121.114,77.41.122.222,77.41.122.51,77.41.16.39,77.41.18.198,77.41.18.7,77.41.27.6,77.41.65.122,77.41.66.239,77.41.70.42,77.41.71.222,77.41.89.69,77.41.94.135,77.43.215.147,77.48.52.7,77.51.64.42] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (21)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510020; rev:1150; fwsam: src, 24 hours;)
alert ip [77.51.68.75,77.98.208.119,78.102.194.15,78.102.210.159,78.102.32.212,78.106.0.34,78.106.120.124,78.106.127.168,78.106.138.145,78.106.139.143,78.106.141.118,78.106.155.64,78.106.160.194,78.106.160.50,78.106.160.97,78.106.161.214,78.106.165.249,78.106.169.193,78.106.173.20,78.106.174.164,78.106.174.237,78.106.177.252,78.106.178.196,78.106.179.142,78.106.180.219,78.106.181.238,78.106.185.58,78.106.188.138,78.106.199.135,78.106.202.12] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (22)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510021; rev:1150; fwsam: src, 24 hours;)
alert ip [78.106.202.36,78.106.210.14,78.106.215.145,78.106.215.18,78.106.219.147,78.106.219.180,78.106.23.175,78.106.230.155,78.106.236.119,78.106.24.208,78.106.244.19,78.106.42.244,78.106.42.39,78.106.58.17,78.106.64.102,78.106.7.153,78.106.71.210,78.106.82.248,78.106.83.188,78.106.83.190,78.106.85.220,78.106.88.97,78.106.90.0,78.106.96.93,78.107.138.231,78.107.141.172,78.107.141.234,78.107.143.106,78.107.144.52,78.107.146.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (23)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510022; rev:1150; fwsam: src, 24 hours;)
alert ip [78.107.148.167,78.107.149.224,78.107.150.36,78.107.155.220,78.107.157.102,78.107.158.112,78.107.159.112,78.107.160.166,78.107.160.99,78.107.161.102,78.107.163.103,78.107.163.115,78.107.163.205,78.107.164.226,78.107.165.198,78.107.170.116,78.107.173.126,78.107.173.82,78.107.173.91,78.107.175.200,78.107.250.1,78.107.254.193,78.133.163.55,78.140.214.243,78.156.204.48,78.159.38.201,78.29.223.190,78.36.183.177,78.36.187.251,78.37.169.124] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (24)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510023; rev:1150; fwsam: src, 24 hours;)
alert ip [78.37.214.54,78.42.15.204,78.42.170.19,78.42.190.88,78.42.60.29,78.42.69.82,78.42.70.252,78.48.234.145,78.48.73.165,78.49.187.13,78.53.155.60,78.53.178.192,78.54.32.25,78.60.143.122,78.84.209.230,78.84.87.110,78.90.117.108,78.94.101.221,78.94.33.55,78.99.108.154,78.99.135.122,79.111.10.12,79.111.101.198,79.111.103.227,79.111.104.47,79.111.109.122,79.111.110.0,79.111.12.169,79.111.127.190,79.111.127.234] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (25)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510024; rev:1150; fwsam: src, 24 hours;)
alert ip [79.111.127.92,79.111.13.148,79.111.15.221,79.111.15.68,79.111.17.104,79.111.17.26,79.111.17.67,79.111.18.202,79.111.184.190,79.111.188.16,79.111.188.26,79.111.19.36,79.111.190.155,79.111.190.67,79.111.191.251,79.111.191.30,79.111.21.135,79.111.22.175,79.111.22.249,79.111.22.71,79.111.23.38,79.111.25.185,79.111.26.180,79.111.26.82,79.111.27.123,79.111.27.39,79.111.27.88,79.111.30.101,79.111.35.178,79.111.36.175] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (26)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510025; rev:1150; fwsam: src, 24 hours;)
alert ip [79.111.4.240,79.111.57.218,79.111.57.224,79.111.57.251,79.111.79.188,79.111.79.227,79.111.8.133,79.111.80.118,79.111.84.156,79.111.94.23,79.111.94.85,79.111.95.100,79.111.96.157,79.111.97.44,79.113.175.62,79.113.226.72,79.113.30.72,79.113.53.194,79.116.193.81,79.116.34.141,79.117.137.218,79.120.16.137,79.120.18.251,79.120.21.121,79.120.22.89,79.120.32.105,79.120.49.168,79.120.50.127,79.120.59.194,79.120.62.109] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (27)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510026; rev:1150; fwsam: src, 24 hours;)
alert ip [79.120.62.178,79.120.63.58,79.120.65.88,79.120.69.41,79.120.81.245,79.120.83.45,79.120.83.48,79.120.86.75,79.120.88.87,79.120.90.255,79.16.146.143,79.164.107.68,79.164.109.145,79.164.110.233,79.164.114.123,79.164.120.165,79.164.122.5,79.164.123.11,79.164.124.149,79.164.126.17,79.164.126.172,79.164.126.25,79.164.144.196,79.164.147.167,79.164.149.235,79.164.150.241,79.164.152.54,79.164.152.85,79.164.157.94,79.164.171.104] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (28)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510027; rev:1150; fwsam: src, 24 hours;)
alert ip [79.164.235.114,79.164.235.139,79.164.238.104,79.165.161.212,79.165.162.174,79.165.162.192,79.165.165.6,79.165.166.88,79.165.169.135,79.165.176.22,79.165.177.14,79.165.177.197,79.165.180.247,79.165.180.53,79.165.182.215,79.165.209.158,79.172.65.217,79.172.67.31,79.172.68.82,79.172.69.230,79.172.73.77,79.172.74.194,79.172.77.25,79.172.77.78,79.172.79.214,79.172.82.70,79.172.83.3,79.172.84.187,79.172.86.178,79.172.86.83] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (29)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510028; rev:1150; fwsam: src, 24 hours;)
alert ip [79.172.87.86,79.172.91.151,79.172.95.249,79.176.120.142,79.179.146.171,79.181.173.65,79.19.18.49,79.207.145.181,79.207.181.77,79.234.213.84,79.234.226.77,79.24.251.124,79.32.35.94,79.33.68.24,80.128.156.39,80.128.165.37,80.2.178.77,80.217.208.182,80.57.15.125,80.6.0.25,80.80.150.225,80.93.180.10,80.93.181.150,80.93.188.134,81.104.255.142,81.17.16.252,81.172.121.126,81.172.125.44,81.190.232.196,81.196.87.60] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (30)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510029; rev:1150; fwsam: src, 24 hours;)
alert ip [81.210.139.201,81.210.142.20,81.210.184.26,81.222.177.166,81.222.186.241,81.38.18.177,81.95.144.0/20,82.114.220.175,82.130.162.213,82.138.18.125,82.144.170.205,82.148.31.39,82.192.6.24,82.193.102.108,82.193.111.153,82.2.187.45,82.211.5.111,82.212.53.87,82.22.246.190,82.24.72.93,82.43.76.142,82.47.52.46,82.80.128.192,82.82.128.208,82.83.155.100,82.83.189.165,82.98.86.173,83.135.181.131,83.15.125.10,83.170.252.144] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (31)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510030; rev:1150; fwsam: src, 24 hours;)
alert ip [83.170.252.151,83.170.252.170,83.170.254.41,83.208.181.16,83.208.86.81,83.218.200.75,83.241.36.78,83.25.238.83,83.27.38.117,83.36.220.20,83.5.248.34,83.86.76.86,83.87.85.117,84.110.127.60,84.110.184.239,84.110.210.123,84.122.45.194,84.123.165.218,84.123.170.243,84.125.253.27,84.125.45.95,84.127.139.123,84.153.106.51,84.234.130.136,84.245.81.172,84.253.67.20,84.255.253.171,84.47.131.130,84.47.30.233,84.50.142.215] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (32)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510031; rev:1150; fwsam: src, 24 hours;)
alert ip [84.51.81.151,84.51.81.86,84.51.83.143,84.51.83.88,84.51.87.136,84.51.90.93,84.52.191.79,84.56.92.248,84.62.142.27,85.113.163.2,85.132.210.128,85.135.118.158,85.152.69.69,85.159.45.140,85.159.45.204,85.17.52.47,85.176.224.139,85.179.62.150,85.179.89.13,85.180.152.182,85.180.181.159,85.183.152.233,85.183.156.44,85.197.99.230,85.207.211.116,85.216.177.83,85.216.195.224,85.216.239.38,85.216.250.102,85.216.250.191] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (33)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510032; rev:1150; fwsam: src, 24 hours;)
alert ip [85.216.32.61,85.216.34.43,85.216.49.45,85.225.157.56,85.249.178.153,85.249.253.54,85.249.253.58,85.249.8.154,85.250.156.97,85.250.21.223,85.255.112.0/20,85.29.194.24,85.29.236.245,85.30.194.164,85.65.227.93,85.91.105.8,86.101.111.215,86.107.255.50,86.121.83.107,86.124.88.172,86.156.164.123,86.27.176.30,86.57.57.186,86.61.14.1,87.118.108.117,87.123.173.131,87.205.193.216,87.224.144.201,87.228.104.252,87.228.105.122] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (34)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510033; rev:1150; fwsam: src, 24 hours;)
alert ip [87.228.111.243,87.228.14.177,87.228.26.49,87.228.34.2,87.228.49.198,87.228.65.253,87.228.68.111,87.228.82.241,87.237.43.106,88.131.30.111,88.134.189.114,88.134.42.29,88.134.46.194,88.134.58.73,88.134.64.236,88.165.154.196,88.168.60.188,88.198.65.51,88.64.142.227,88.64.148.1,88.66.202.254,88.66.204.252,88.67.178.250,88.67.188.18,88.67.190.91,88.67.249.185,88.67.41.186,88.70.111.209,88.70.42.203,88.80.228.96] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (35)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510034; rev:1150; fwsam: src, 24 hours;)
alert ip [88.80.245.43,89.102.177.50,89.102.249.52,89.102.250.103,89.103.54.185,89.109.51.156,89.110.51.13,89.112.16.20,89.112.18.216,89.112.20.109,89.112.20.249,89.112.21.208,89.112.29.235,89.112.30.250,89.112.31.62,89.112.8.22,89.137.156.230,89.138.150.47,89.139.36.224,89.142.62.189,89.149.210.95,89.165.200.61,89.169.133.54,89.169.157.55,89.169.16.29,89.169.166.78,89.169.17.17,89.169.17.245,89.169.173.223,89.169.174.62] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (36)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510035; rev:1150; fwsam: src, 24 hours;)
alert ip [89.169.178.62,89.169.180.139,89.169.184.21,89.169.21.210,89.169.43.144,89.169.53.178,89.169.55.251,89.173.133.74,89.173.145.230,89.173.157.135,89.173.157.16,89.173.17.65,89.173.18.71,89.173.21.202,89.173.30.57,89.173.43.157,89.173.46.52,89.176.109.124,89.176.242.105,89.178.10.202,89.178.101.23,89.178.117.127,89.178.124.69,89.178.125.246,89.178.136.94,89.178.145.112,89.178.149.207,89.178.153.234,89.178.157.156,89.178.158.186] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (37)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510036; rev:1150; fwsam: src, 24 hours;)
alert ip [89.178.16.184,89.178.162.32,89.178.163.186,89.178.166.199,89.178.177.18,89.178.178.54,89.178.18.90,89.178.223.3,89.178.23.236,89.178.233.45,89.178.238.160,89.178.252.222,89.178.253.38,89.178.29.209,89.178.56.172,89.18.17.163,89.20.145.205,89.20.146.104,89.20.146.96,89.20.147.158,89.20.147.75,89.20.149.62,89.20.151.64,89.20.152.229,89.20.152.53,89.20.153.233,89.20.153.44,89.20.153.77,89.20.154.245,89.20.155.21] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (38)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510037; rev:1150; fwsam: src, 24 hours;)
alert ip [89.20.156.205,89.20.156.218,89.208.11.170,89.208.13.21,89.208.165.143,89.208.180.150,89.208.181.56,89.208.181.91,89.208.193.139,89.208.196.135,89.208.196.153,89.208.197.4,89.208.66.158,89.208.66.179,89.208.7.129,89.208.7.133,89.208.9.205,89.208.9.94,89.222.163.135,89.228.149.198,89.232.42.253,89.238.7.18,89.240.193.88,89.244.208.125,89.244.221.96,89.246.0.220,89.246.10.160,89.246.10.238,89.246.105.88,89.246.15.214] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (39)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510038; rev:1150; fwsam: src, 24 hours;)
alert ip [89.246.23.242,89.246.33.226,89.246.52.61,89.248.165.45,89.248.99.109,89.254.130.184,89.254.137.188,89.39.162.70,89.77.183.126,89.77.235.81,89.78.213.143,89.78.235.81,90.146.16.81,90.150.209.194,90.151.101.178,90.151.134.234,90.151.136.235,90.151.89.152,90.157.7.76,90.189.163.83,90.189.45.139,90.33.88.72,90.39.5.49,91.122.104.230,91.122.157.19,91.122.99.138,91.123.69.210,91.127.12.118,91.127.130.221,91.127.205.181] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (40)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510039; rev:1150; fwsam: src, 24 hours;)
alert ip [91.127.30.75,91.127.5.250,91.127.64.195,91.189.246.244,91.193.169.31,91.196.73.166,91.201.48.27,91.201.48.48,91.201.51.125,91.47.254.19,91.64.86.84,91.66.104.204,91.66.113.55,91.66.151.15,91.66.83.97,91.67.120.7,91.67.121.173,91.89.156.53,91.89.189.54,91.89.211.244,91.89.249.138,91.90.196.121,91.92.224.87,91.96.8.196,92.100.2.95,92.100.29.11,92.100.99.10,92.112.187.126,92.112.20.245,92.114.169.81] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (41)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510040; rev:1150; fwsam: src, 24 hours;)
alert ip [92.114.184.20,92.114.189.130,92.114.215.104,92.226.151.35,92.227.88.226,92.245.42.172,92.50.117.48,92.50.88.178,92.74.113.164,92.74.113.98,92.74.116.45,93.100.137.13,93.100.34.32,93.80.0.66,93.80.105.35,93.80.108.105,93.80.113.102,93.80.115.107,93.80.116.198,93.80.118.161,93.80.118.255,93.80.122.219,93.80.122.31,93.80.126.155,93.80.129.63,93.80.129.81,93.80.129.86,93.80.134.162,93.80.135.250,93.80.136.154] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (42)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510041; rev:1150; fwsam: src, 24 hours;)
alert ip [93.80.137.174,93.80.138.204,93.80.138.64,93.80.139.182,93.80.140.117,93.80.142.88,93.80.146.137,93.80.150.208,93.80.178.26,93.80.191.189,93.80.208.27,93.80.212.166,93.80.234.52,93.80.239.118,93.80.25.89,93.80.26.75,93.80.31.39,93.80.31.63,93.80.33.143,93.80.35.149,93.80.50.166,93.80.69.2,93.80.85.215,93.80.91.135,93.80.92.207,93.80.96.138,93.81.117.218,93.81.124.242,93.81.48.201,93.81.5.30] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (43)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510042; rev:1150; fwsam: src, 24 hours;)
alert ip [93.81.78.236,93.81.99.164,97.87.185.179,98.134.101.226,98.172.115.10,98.194.29.241,98.196.227.72,98.196.33.76,98.196.96.108,98.199.11.245,98.200.11.115,98.209.114.202,98.209.234.167,98.220.136.2,98.221.151.60,99.131.131.27,99.138.182.103,99.141.225.104,99.145.228.71,99.147.233.240,99.150.205.234,99.150.57.166,99.165.198.14,99.174.161.223,99.241.174.137,99.248.119.110,99.248.51.249] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or Hostile Host Traffic - BLOCKING (44)"; reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2510043; rev:1150; fwsam: src, 24 hours;)