11/27/08-01:02:40.341323  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1276
11/27/08-01:04:03.498649  [**] [1:2600338:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.3:59102 -> 195.251.255.142:53
11/27/08-01:14:49.196119  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2275 -> 195.251.234.3:80
11/27/08-01:14:49.396119  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2279 -> 195.251.234.4:80
11/27/08-01:14:49.414695  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2281 -> 195.251.234.4:80
11/27/08-01:14:49.414815  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2281 -> 195.251.234.4:80
11/27/08-01:14:58.205175  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2277 -> 195.251.234.3:80
11/27/08-01:14:58.205310  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2277 -> 195.251.234.3:80
11/27/08-01:15:00.408089  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2339 -> 195.251.234.4:80
11/27/08-01:15:08.117137  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.6
11/27/08-01:15:09.218799  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2429 -> 195.251.234.3:80
11/27/08-01:16:22.308178  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2277 -> 195.251.234.3:80
11/27/08-01:17:58.429193  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2277 -> 195.251.234.3:80
11/27/08-01:18:45.897909  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1371
11/27/08-01:20:26.396251  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1883
11/27/08-01:20:26.550875  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1413
11/27/08-01:20:39.416456  [**] [1:2600338:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.3:59139 -> 195.251.255.142:53
11/27/08-01:21:10.671327  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2277 -> 195.251.234.3:80
11/27/08-01:34:04.484074  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1507
11/27/08-01:34:37.983047  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1499
11/27/08-01:34:54.733696  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1763
11/27/08-01:38:33.289161  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2114 -> 195.251.234.3:80
11/27/08-01:38:33.295711  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2117 -> 195.251.234.4:80
11/27/08-01:38:33.312099  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2120 -> 195.251.234.4:80
11/27/08-01:38:33.312219  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2120 -> 195.251.234.4:80
11/27/08-01:38:42.298600  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2118 -> 195.251.234.3:80
11/27/08-01:38:42.298735  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2118 -> 195.251.234.3:80
11/27/08-01:38:44.301364  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2266 -> 195.251.234.4:80
11/27/08-01:38:44.796933  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-01:38:53.313141  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2391 -> 195.251.234.3:80
11/27/08-01:39:37.447556  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1847
11/27/08-01:39:54.197488  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1111
11/27/08-01:40:06.401093  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2118 -> 195.251.234.3:80
11/27/08-01:40:27.697178  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1871
11/27/08-01:41:42.521715  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2118 -> 195.251.234.3:80
11/27/08-01:43:13.008716  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1416
11/27/08-01:44:03.258104  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1672
11/27/08-01:44:54.763744  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2118 -> 195.251.234.3:80
11/27/08-01:49:03.505733  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1770
11/27/08-01:55:59.753603  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1206
11/27/08-01:59:05.094176  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1545
11/27/08-01:59:55.344188  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1801
11/27/08-02:02:21.099523  [**] [1:2600338:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.3:59224 -> 195.251.255.142:53
11/27/08-02:04:55.593887  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1899
11/27/08-02:16:51.149584  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1151
11/27/08-02:17:24.649284  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1911
11/27/08-02:17:41.399192  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1407
11/27/08-02:22:40.863716  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1755
11/27/08-02:38:32.949778  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1652
11/27/08-02:45:28.261107  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1039
11/27/08-03:15:29.902555  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1692
11/27/08-03:19:05.617385  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1024
11/27/08-03:20:46.116198  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1536
11/27/08-03:21:19.615932  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1296
11/27/08-03:34:40.799463  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1126
11/27/08-03:34:57.548345  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1622
11/27/08-03:35:31.057918  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1382
11/27/08-03:40:47.262957  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1994
11/27/08-03:56:02.569904  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1064
11/27/08-03:59:58.161946  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1428
11/27/08-04:04:58.409344  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1526
11/27/08-04:11:54.653876  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1193
11/27/08-04:12:28.153098  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1953
11/27/08-04:17:44.215437  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1034
11/27/08-04:17:44.369181  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1565
11/27/08-04:23:33.928798  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1638
11/27/08-04:42:44.828078  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1072
11/27/08-04:46:21.326159  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1922
11/27/08-05:14:08.967803  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1303
11/27/08-05:14:42.467278  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1295
11/27/08-05:16:22.965390  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1575
11/27/08-05:19:58.682013  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1907
11/27/08-05:39:09.581187  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1341
11/27/08-05:41:33.038372  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2589 -> 195.251.234.3:80
11/27/08-05:41:33.146159  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2594 -> 195.251.234.4:80
11/27/08-05:41:36.141554  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.4:80
11/27/08-05:41:36.141674  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.4:80
11/27/08-05:41:42.047626  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-05:41:42.047763  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-05:41:47.154000  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2684 -> 195.251.234.4:80
11/27/08-05:41:47.650998  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-05:41:53.062645  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2946 -> 195.251.234.3:80
11/27/08-05:43:06.150997  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-05:44:42.271892  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-05:47:54.513854  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-05:49:59.388502  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1279
11/27/08-05:56:55.634820  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1947
11/27/08-06:00:51.226182  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1542
11/27/08-06:12:47.723099  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1076
11/27/08-06:17:47.184662  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1424
11/27/08-06:18:14.808513  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1984 -> 195.251.234.4:80
11/27/08-06:18:14.817898  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1986 -> 195.251.234.4:80
11/27/08-06:18:14.818033  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1986 -> 195.251.234.4:80
11/27/08-06:18:17.711224  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1980 -> 195.251.234.3:80
11/27/08-06:18:20.715010  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1996 -> 195.251.234.3:80
11/27/08-06:18:20.715261  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1996 -> 195.251.234.3:80
11/27/08-06:18:25.820837  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2032 -> 195.251.234.4:80
11/27/08-06:18:30.733977  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.3
11/27/08-06:18:31.728318  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2046 -> 195.251.234.3:80
11/27/08-06:18:37.434242  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1448
11/27/08-06:19:50.825294  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1996 -> 195.251.234.3:80
11/27/08-06:21:26.946383  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1996 -> 195.251.234.3:80
11/27/08-06:23:36.744583  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1265
11/27/08-06:25:32.744949  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1834
11/27/08-06:39:28.832713  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1393
11/27/08-06:41:24.829551  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1963
11/27/08-07:00:33.851152  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1836
11/27/08-07:00:50.600920  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1332
11/27/08-07:01:24.100650  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1092
11/27/08-07:15:02.034088  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1418
11/27/08-07:15:02.188108  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1948
11/27/08-07:20:01.497915  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1765
11/27/08-07:20:51.747401  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1789
11/27/08-07:35:37.491783  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 58.63.144.21 -> 195.251.234.4
11/27/08-07:39:29.144578  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1463
11/27/08-07:40:02.644226  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1223
11/27/08-07:40:19.394083  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1719
11/27/08-07:43:03.513806  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1839 -> 195.251.234.3:80
11/27/08-07:43:03.518236  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1840 -> 195.251.234.4:80
11/27/08-07:43:03.533141  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1844 -> 195.251.234.4:80
11/27/08-07:43:03.533262  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1844 -> 195.251.234.4:80
11/27/08-07:43:12.523264  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1843 -> 195.251.234.3:80
11/27/08-07:43:12.523430  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1843 -> 195.251.234.3:80
11/27/08-07:43:14.421808  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.6
11/27/08-07:43:14.526634  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1954 -> 195.251.234.4:80
11/27/08-07:43:23.537627  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2206 -> 195.251.234.3:80
11/27/08-07:44:36.626651  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1843 -> 195.251.234.3:80
11/27/08-07:45:02.891774  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1321
11/27/08-07:46:12.747585  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1843 -> 195.251.234.3:80
11/27/08-07:49:24.989297  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1843 -> 195.251.234.3:80
11/27/08-07:57:48.701040  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1830
11/27/08-07:57:48.854414  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1360
11/27/08-08:06:37.193613  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2083 -> 195.251.234.3:80
11/27/08-08:06:37.392882  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2087 -> 195.251.234.4:80
11/27/08-08:06:37.402426  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2089 -> 195.251.234.4:80
11/27/08-08:06:37.402546  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2089 -> 195.251.234.4:80
11/27/08-08:06:46.203015  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2085 -> 195.251.234.3:80
11/27/08-08:06:46.203249  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2085 -> 195.251.234.3:80
11/27/08-08:06:48.405681  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2233 -> 195.251.234.4:80
11/27/08-08:06:56.114610  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.6
11/27/08-08:06:57.217010  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2450 -> 195.251.234.3:80
11/27/08-08:08:10.305692  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2085 -> 195.251.234.3:80
11/27/08-08:09:46.426502  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2085 -> 195.251.234.3:80
11/27/08-08:11:26.787915  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1686
11/27/08-08:12:50.537121  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1702
11/27/08-08:12:58.668685  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2085 -> 195.251.234.3:80
11/27/08-08:13:07.286155  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1198
11/27/08-08:13:40.786832  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1958
11/27/08-08:17:16.501570  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1290
11/27/08-08:18:40.250364  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1306
11/27/08-08:18:57.000235  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1570
11/27/08-08:19:30.500119  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1562
11/27/08-08:24:48.583362  [**] [1:2600338:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.3:59884 -> 195.251.255.142:53
11/27/08-08:30:36.104809  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2590 -> 195.251.234.4:80
11/27/08-08:30:36.110165  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2591 -> 195.251.234.3:80
11/27/08-08:30:36.123532  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2595 -> 195.251.234.4:80
11/27/08-08:30:36.123657  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2595 -> 195.251.234.4:80
11/27/08-08:30:45.114430  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.3:80
11/27/08-08:30:45.114577  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.3:80
11/27/08-08:30:47.116285  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2900 -> 195.251.234.4:80
11/27/08-08:30:47.613091  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-08:30:56.128297  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3011 -> 195.251.234.3:80
11/27/08-08:32:09.216889  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.3:80
11/27/08-08:33:45.337693  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.3:80
11/27/08-08:36:57.579873  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2596 -> 195.251.234.3:80
11/27/08-08:43:07.444194  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1733
11/27/08-08:48:57.157445  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1105
11/27/08-08:49:13.907653  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1601
11/27/08-08:50:37.656671  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1617
11/27/08-08:53:21.824042  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2557 -> 195.251.234.3:80
11/27/08-08:53:21.923807  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2564 -> 195.251.234.4:80
11/27/08-08:53:21.942271  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2566 -> 195.251.234.4:80
11/27/08-08:53:21.942392  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2566 -> 195.251.234.4:80
11/27/08-08:53:30.832933  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2560 -> 195.251.234.3:80
11/27/08-08:53:30.833057  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2560 -> 195.251.234.3:80
11/27/08-08:53:32.833260  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.6
11/27/08-08:53:32.935362  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2697 -> 195.251.234.4:80
11/27/08-08:53:41.866463  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2795 -> 195.251.234.3:80
11/27/08-08:54:54.936026  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2560 -> 195.251.234.3:80
11/27/08-08:56:31.056985  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2560 -> 195.251.234.3:80
11/27/08-08:59:43.298957  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2560 -> 195.251.234.3:80
11/27/08-09:04:49.089910  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1703
11/27/08-09:15:04.850533  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1044
11/27/08-09:15:55.099388  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1300
11/27/08-09:16:06.941508  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1179 -> 195.251.234.3:80
11/27/08-09:16:07.041506  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1185 -> 195.251.234.4:80
11/27/08-09:16:07.050820  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1187 -> 195.251.234.4:80
11/27/08-09:16:07.051053  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1187 -> 195.251.234.4:80
11/27/08-09:16:09.944860  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1182 -> 195.251.234.3:80
11/27/08-09:16:09.944983  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1182 -> 195.251.234.3:80
11/27/08-09:16:17.069016  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-09:16:18.053789  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1271 -> 195.251.234.4:80
11/27/08-09:16:20.957694  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1334 -> 195.251.234.3:80
11/27/08-09:17:40.054700  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1182 -> 195.251.234.3:80
11/27/08-09:19:16.175504  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1182 -> 195.251.234.3:80
11/27/08-09:20:54.563970  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1648
11/27/08-09:37:22.047565  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2970 -> 195.251.234.3:80
11/27/08-09:37:22.146325  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2975 -> 195.251.234.4:80
11/27/08-09:37:22.155395  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2977 -> 195.251.234.4:80
11/27/08-09:37:22.155531  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2977 -> 195.251.234.4:80
11/27/08-09:37:31.052309  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.3
11/27/08-09:37:31.056251  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2972 -> 195.251.234.3:80
11/27/08-09:37:31.056374  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:2972 -> 195.251.234.3:80
11/27/08-09:37:33.158430  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3089 -> 195.251.234.4:80
11/27/08-09:37:42.070125  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3121 -> 195.251.234.3:80
11/27/08-09:38:55.159267  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2972 -> 195.251.234.3:80
11/27/08-09:40:05.461487  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1082
11/27/08-09:40:22.210939  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1346
11/27/08-09:40:31.280155  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2972 -> 195.251.234.3:80
11/27/08-09:40:55.710728  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1338
11/27/08-09:43:43.522114  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:2972 -> 195.251.234.3:80
11/27/08-09:56:27.790226  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1440
11/27/08-09:57:51.515339  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1688
11/27/08-09:58:08.421341  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1483
11/27/08-09:58:41.764846  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1712
11/27/08-10:11:29.605238  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1313
11/27/08-10:12:19.854842  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1569
11/27/08-10:13:43.603207  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1585
11/27/08-10:17:19.318647  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1917
11/27/08-10:19:33.317606  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1189
11/27/08-10:21:28.381786  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1478
11/27/08-10:25:02.170990  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 118.168.98.154 -> 195.251.234.4
11/27/08-10:26:28.629368  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1576
11/27/08-10:37:20.468182  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1607
11/27/08-10:41:47.216126  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1712
11/27/08-10:42:20.713722  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1472
11/27/08-10:42:37.463158  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1968
11/27/08-10:54:16.284217  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1957
11/27/08-10:55:06.522251  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1213
11/27/08-11:00:05.999587  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1561
11/27/08-11:15:57.919296  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1927
11/27/08-11:15:58.072811  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1458
11/27/08-11:16:14.822740  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1954
11/27/08-11:21:47.633261  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1531
11/27/08-11:52:55.026079  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1498
11/27/08-11:53:11.776721  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1994
11/27/08-11:57:31.211126  [**] [1:2600324:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.12:1025 -> 195.251.255.142:53
11/27/08-11:57:32.207877  [**] [1:2600324:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.12:1025 -> 195.251.255.142:53
11/27/08-11:57:33.208105  [**] [1:2600324:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.12:1025 -> 195.251.255.142:53
11/27/08-11:57:35.207664  [**] [1:2600324:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.12:1025 -> 195.251.255.142:53
11/27/08-11:57:39.207986  [**] [1:2600324:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.net) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.12:1025 -> 195.251.255.142:53
11/27/08-11:58:44.586336  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1571
11/27/08-11:58:44.740143  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1102
11/27/08-11:58:50.988496  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (19 /24s) (# pkts S/M/O/I=110/0/44/2): 53u:36, 80:74, 143:4, 443:40 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-11:59:01.490023  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1366
11/27/08-12:00:25.185357  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 27 IPs (23 /24s) (# pkts S/M/O/I=167/0/47/2): 53u:46, 80:121, 143:4, 443:43 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-12:01:56.567438  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=373/0/58/2): 53u:65, 80:308, 143:4, 443:53, 50023:1 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-12:03:30.320850  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=506/0/68/2): 53u:70, 80:436, 143:5, 443:62, 50023:1 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-12:05:03.353468  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=712/0/78/2): 53u:74, 80:638, 143:5, 443:72, 50023:1 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-12:06:33.507952  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=788/0/91/2): 53u:77, 80:711, 143:7, 443:81, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 195.251.255.143:0
11/27/08-12:07:05.957051  [**] [1:2002400:14] E3[rb] ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 195.251.234.8:1056 -> 207.123.33.126:80
11/27/08-12:07:06.324530  [**] [1:2002400:14] E3[rb] ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 195.251.234.8:1059 -> 194.177.211.103:80
11/27/08-12:07:06.736363  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (20 /24s) (# pkts S/M/O/I=45/0/18/0): 53u:14, 1863:8, 443:8, 80:31, 7001u:2 [**] {TCP} 195.251.234.8:0 -> 195.251.255.142:0
11/27/08-12:08:09.486907  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=891/0/118/2): 53u:99, 80:792, 443:108, 143:7, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 63.245.209.49:0
11/27/08-12:08:37.298453  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (28 /24s) (# pkts S/M/O/I=140/0/24/0): 53u:31, 1863:8, 80:109, 443:14, 7001u:2 [**] {TCP} 195.251.234.8:0 -> 207.46.17.125:0
11/27/08-12:09:48.562231  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=955/0/121/2): 53u:102, 80:853, 443:111, 143:7, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:10:09.987098  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=198/0/60/0): 53u:43, 1863:8, 80:155, 443:50, 7001u:2 [**] {TCP} 195.251.234.8:0 -> 207.46.17.125:0
11/27/08-12:11:24.877731  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1082/0/130/2): 53u:114, 80:968, 443:119, 143:8, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:12:22.674054  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1428
11/27/08-12:13:04.746324  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1088/0/134/2): 53u:114, 80:974, 443:123, 143:8, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:14:38.036445  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=226/0/65/0): 53u:44, 1863:8, 80:182, 443:54, 7001u:2, 7176:1 [**] {TCP} 195.251.234.8:0 -> 207.46.17.125:0
11/27/08-12:14:39.947957  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1124/0/167/2): 53u:118, 80:1006, 443:156, 143:8, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:16:17.533363  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1172/0/175/2): 53u:119, 80:1053, 443:162, 143:10, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:16:27.927375  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.107.108 (# pkts S/M/O/I=0/0/10/0) of 10 IPs: 195.251.234.3.23 195.251.234.4.23 195.251.234.6.23 195.251.234.8.23 195.251.234.12.23 195.251.234.13.23 195.251.234.21.23 195.251.234.25.23 195.251.234.29.23 195.251.234.30.23 [**] {TCP} 195.251.107.108:0 -> 195.251.234.3:0
11/27/08-12:18:08.669331  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1176/0/176/2): 53u:119, 80:1057, 443:162, 143:11, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:18:48.540657  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=227/0/65/0): 53u:45, 1863:8, 80:182, 443:54, 7001u:2, 7176:1 [**] {UDP} 195.251.234.8:0 -> 207.46.17.125:0
11/27/08-12:20:02.820478  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1200/0/176/2): 53u:120, 80:1080, 443:162, 143:11, 50023:1, 25:2 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:21:53.927737  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1207/0/181/2): 53u:121, 80:1086, 443:162, 143:14, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:23:45.036065  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1211/0/181/2): 53u:121, 80:1090, 443:162, 143:14, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:25:19.007106  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1216/0/187/2): 53u:122, 80:1094, 443:165, 143:17, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 213.155.154.97:0
11/27/08-12:26:48.195846  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1698
11/27/08-12:27:13.030878  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=301/0/82/0): 53u:60, 1863:8, 80:241, 443:71, 7001u:2, 7176:1 [**] {TCP} 195.251.234.8:0 -> 207.46.17.125:0
11/27/08-12:27:21.695035  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1458
11/27/08-12:27:27.236647  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=1225/0/189/2): 53u:123, 80:1102, 443:165, 143:19, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:28:43.206775  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=333/0/83/0): 53u:70, 1863:8, 80:263, 443:72, 7001u:2, 7176:1 [**] {UDP} 195.251.234.8:0 -> 65.55.197.248:0
11/27/08-12:29:05.071936  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.8:1245 -> 74.125.39.19:80
11/27/08-12:29:07.645060  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=1250/0/197/2): 53u:126, 80:1124, 443:165, 143:27, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:30:07.944088  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1284
11/27/08-12:30:41.443423  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1044
11/27/08-12:30:58.193296  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1540
11/27/08-12:31:09.713868  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=1251/0/213/2): 53u:126, 80:1125, 443:180, 143:28, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:34:00.579925  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=1252/0/217/2): 53u:126, 80:1126, 443:180, 143:32, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:36:17.607808  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=1256/0/217/2): 53u:128, 80:1128, 443:180, 143:32, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:36:31.820512  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=380/0/87/0): 53u:73, 1863:8, 80:307, 443:76, 7001u:2, 7176:1 [**] {TCP} 195.251.234.8:0 -> 65.55.197.248:0
11/27/08-12:37:23.283947  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1233
11/27/08-12:37:40.034072  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1729
11/27/08-12:38:38.483653  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1258/0/226/2): 53u:128, 80:1130, 443:188, 143:33, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:40:24.927533  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1259/0/226/2): 53u:128, 80:1131, 443:188, 143:33, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:40:58.844635  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=381/0/98/0): 53u:73, 1863:8, 80:308, 443:87, 7001u:2, 7176:1 [**] {TCP} 195.251.234.8:0 -> 65.55.197.248:0
11/27/08-12:40:58.844635  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1034
11/27/08-12:42:25.717281  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=1263/0/234/2): 53u:129, 80:1134, 443:196, 143:33, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 69.63.184.28:0
11/27/08-12:42:40.281667  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1595
11/27/08-12:43:13.781079  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1587
11/27/08-12:44:06.862707  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=1349/0/248/2): 53u:146, 80:1203, 443:210, 143:33, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.63.247.203:0
11/27/08-12:45:40.154125  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=1429/0/256/2): 53u:153, 80:1276, 443:218, 143:33, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:46:00.032236  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1181
11/27/08-12:46:33.531053  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1173
11/27/08-12:47:25.774175  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=1458/0/271/2): 53u:154, 80:1304, 443:231, 143:35, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:48:55.772107  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1470/0/283/2): 53u:154, 80:1316, 443:242, 143:36, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:50:25.816849  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1513/0/283/2): 53u:156, 80:1357, 443:242, 143:36, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:52:14.253827  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1533/0/283/2): 53u:159, 80:1374, 443:242, 143:36, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:53:54.114395  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1598/0/283/2): 53u:164, 80:1434, 443:242, 143:36, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:55:09.337717  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1840
11/27/08-12:56:48.203655  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1627/0/283/2): 53u:164, 80:1463, 443:242, 143:36, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-12:58:30.054398  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1695/0/283/2): 53u:165, 80:1530, 443:242, 143:36, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:00:25.553862  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1683
11/27/08-13:00:59.053578  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1444
11/27/08-13:01:15.803518  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1708
11/27/08-13:01:16.436021  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1706/0/285/2): 53u:165, 80:1541, 443:242, 143:38, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:03:10.863450  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1707/0/286/2): 53u:165, 80:1542, 443:242, 143:39, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:03:45.302253  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1269
11/27/08-13:04:35.551819  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1293
11/27/08-13:06:43.307100  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1713/0/286/2): 53u:166, 80:1547, 443:242, 143:39, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:07:08.573482  [**] [1:2002400:14] E3[rb] ET MALWARE Suspicious User Agent (Microsoft Internet Explorer) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 195.251.234.8:1277 -> 194.177.211.103:80
11/27/08-13:08:38.465320  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1721/0/287/2): 53u:168, 80:1553, 443:242, 143:40, 25:4, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:10:28.145202  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1724/0/289/2): 53u:171, 80:1553, 443:242, 143:42, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:12:30.956297  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1755/0/289/2): 53u:175, 80:1580, 443:242, 143:42, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:14:36.047028  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1489
11/27/08-13:15:09.546748  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1249
11/27/08-13:16:17.640439  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1580
11/27/08-13:16:20.624888  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1770/0/290/2): 53u:178, 80:1592, 443:242, 143:43, 25:4, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:16:51.140306  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1572
11/27/08-13:18:38.420906  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1772/0/308/2): 53u:180, 80:1592, 443:250, 143:51, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:19:21.709891  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1340 -> 195.251.234.3:80
11/27/08-13:19:27.417036  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1362 -> 195.251.234.4:80
11/27/08-13:19:27.426946  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1371 -> 195.251.234.4:80
11/27/08-13:19:27.427066  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1371 -> 195.251.234.4:80
11/27/08-13:19:30.720344  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1342 -> 195.251.234.3:80
11/27/08-13:19:30.720512  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1342 -> 195.251.234.3:80
11/27/08-13:19:34.521699  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.8
11/27/08-13:19:38.429396  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1396 -> 195.251.234.4:80
11/27/08-13:19:38.926481  [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-13:19:41.733568  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1404 -> 195.251.234.3:80
11/27/08-13:20:04.568493  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1459 -> 195.251.234.25:80
11/27/08-13:20:04.584821  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1461 -> 195.251.234.25:80
11/27/08-13:20:04.585067  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1461 -> 195.251.234.25:80
11/27/08-13:20:26.700525  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1141
11/27/08-13:20:32.497031  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=231/0/27/0) of 10 IPs: 195.251.234.3.{80,31337} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.13.{80,443} 195.251.234.12.{80,443} 195.251.234.21.{80,443} 195.251.234.25.{80,31337} 195.251.234.29.80 195.251.234.30.80 [**] {TCP} 195.251.232.23:0 -> 195.251.234.4:0
11/27/08-13:20:35.602474  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:1542 -> 195.251.234.25:80
11/27/08-13:20:54.823234  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1342 -> 195.251.234.3:80
11/27/08-13:21:56.292608  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1772/0/309/2): 53u:180, 80:1592, 443:250, 143:52, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:22:30.943844  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1342 -> 195.251.234.3:80
11/27/08-13:23:27.819694  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1772/0/311/2): 53u:180, 80:1592, 443:251, 143:53, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:23:46.448826  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.234.13 -> 127.0.0.1
11/27/08-13:23:46.448826  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1727
11/27/08-13:24:58.870730  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1854/0/318/2): 53u:193, 80:1661, 443:258, 143:53, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:25:26.947984  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1239
11/27/08-13:25:43.185898  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=256/0/50/0) of 10 IPs: 195.251.234.3.{80,31337} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.13.{80,443} 195.251.234.12.{80,443} 195.251.234.21.{80,443} 195.251.234.25.{80,31337,443} 195.251.234.29.{80,443} 195.251.234.30.{80,443} [**] {TCP} 195.251.232.23:0 -> 195.251.234.4:0
11/27/08-13:25:43.185898  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:1342 -> 195.251.234.3:80
11/27/08-13:28:38.439916  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1866/0/319/2): 53u:193, 80:1673, 443:258, 143:54, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:29:10.461696  [**] [777:7777001:1] E1[bh] Detected moderate malware scan by 91.103.213.33 (# pkts S/M/O/I=0/5/0/0) of 5 IPs: 195.251.234.8.10000 195.251.234.12.10000 195.251.234.25.10000 195.251.234.6.10000 195.251.234.21.10000 [**] {TCP} 91.103.213.33:0 -> 195.251.234.8:0
11/27/08-13:29:10.462603  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1271/0/604/0): 53u:1248, 67u:77, 123u:462, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:30:10.861339  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1886/0/319/2): 53u:193, 80:1693, 443:258, 143:54, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:30:28.133727  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1386
11/27/08-13:31:29.841302  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1278/0/604/0): 53u:1255, 67u:77, 123u:462, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:32:02.124032  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1892/0/320/2): 53u:193, 80:1699, 443:258, 143:55, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:33:42.756997  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1280/0/604/0): 53u:1257, 67u:77, 123u:462, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:35:06.932530  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1892/0/329/2): 53u:193, 80:1699, 443:266, 143:56, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:35:52.421236  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1281/0/604/0): 53u:1258, 67u:77, 123u:462, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:36:04.809194  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (19 /24s) (# pkts S/M/O/I=147/0/143/0): 1900u:68, 3702u:2, 5355u:62, 53u:46, 80:101, 6881u:4, 2711:2, 16001u:2, 21037u:1, 6771u:1, 58203u:1 [**] {UDP} 195.251.234.19:0 -> 239.255.255.250:0
11/27/08-13:37:34.821334  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/726/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:38:04.639315  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1893/0/331/2): 53u:194, 80:1699, 443:266, 143:58, 25:6, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:38:23.834819  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1282/0/604/0): 53u:1259, 67u:77, 123u:462, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:39:04.818465  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1131/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {TCP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:39:37.240020  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4576 -> 195.251.234.3:80
11/27/08-13:39:37.344425  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4580 -> 195.251.234.4:80
11/27/08-13:39:37.360373  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4582 -> 195.251.234.4:80
11/27/08-13:39:37.360745  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4582 -> 195.251.234.4:80
11/27/08-13:39:46.250286  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4578 -> 195.251.234.3:80
11/27/08-13:39:46.250651  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4578 -> 195.251.234.3:80
11/27/08-13:39:47.377984  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.4
11/27/08-13:39:48.352706  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4624 -> 195.251.234.4:80
11/27/08-13:39:56.269176  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1286/0/612/0): 53u:1263, 67u:78, 123u:468, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:39:57.263895  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4639 -> 195.251.234.3:80
11/27/08-13:40:17.194336  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4692 -> 195.251.234.25:80
11/27/08-13:40:17.221242  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4694 -> 195.251.234.25:80
11/27/08-13:40:17.221404  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4694 -> 195.251.234.25:80
11/27/08-13:40:36.491391  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1170/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:40:48.126696  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=191/0/30/0) of 10 IPs: 195.251.234.3.{80,31337} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.12.{80,443} 195.251.234.13.{80,443} 195.251.234.19.{80,443} 195.251.234.21.{80,443} 195.251.234.25.{80,31337} 195.251.234.30.80 [**] {TCP} 195.251.232.23:0 -> 195.251.234.4:0
11/27/08-13:40:48.234318  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:4763 -> 195.251.234.25:80
11/27/08-13:41:10.353574  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4578 -> 195.251.234.3:80
11/27/08-13:41:30.153540  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1293/0/614/0): 53u:1270, 67u:78, 123u:468, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:42:06.984642  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1220/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:42:28.910836  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (13 /24s) (# pkts S/M/O/I=81/0/25/0): 80:61, 143:4, 1459:2, 1542:1, 4692:2, 4763:1, 53u:20, 443:15 [**] {TCP} 195.251.234.25:0 -> 195.251.232.23:0
11/27/08-13:42:46.473947  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4578 -> 195.251.234.3:80
11/27/08-13:43:38.819479  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1293/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {TCP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:43:40.844747  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1899/0/332/2): 53u:195, 80:1704, 443:266, 143:59, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:44:07.607270  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=199/0/33/0): 80:164, 143:4, 1459:2, 1542:1, 4692:2, 4763:1, 53u:35, 443:23 [**] {UDP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-13:44:32.197985  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1295/0/615/0): 53u:1272, 67u:78, 123u:468, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:45:08.698145  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1367/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:45:39.488342  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=227/0/33/0): 80:192, 143:4, 1459:2, 1542:1, 4692:2, 4763:1, 53u:35, 443:23 [**] {TCP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-13:45:39.732286  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/333/2): 53u:195, 80:1707, 443:266, 143:60, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:45:58.715906  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=217/0/53/0) of 11 IPs: 195.251.234.3.{80,31337} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.12.{80,443} 195.251.234.13.{80,443} 195.251.234.19.{80,443} 195.251.234.21.{80,443} 195.251.234.25.{80,31337,443} 195.251.234.30.{80,443} 195.251.234.29.{80,443} [**] {TCP} 195.251.232.23:0 -> 195.251.234.4:0
11/27/08-13:45:58.715906  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:4578 -> 195.251.234.3:80
11/27/08-13:46:33.359690  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (15 /24s) (# pkts S/M/O/I=104/6/24/5): 110:21, 53u:36, 80:68, 1341:1, 5353u:2 [**] {TCP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:46:41.782087  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1475/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:46:44.658753  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1297/0/615/0): 53u:1274, 67u:78, 123u:468, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:47:18.170917  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=257/0/35/0): 80:220, 143:5, 1459:2, 1542:1, 4692:2, 4763:1, 53u:37, 443:24 [**] {TCP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-13:48:11.890451  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1553/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:48:24.146047  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1298/0/615/0): 53u:1275, 67u:78, 123u:468, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:48:38.415673  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/334/2): 53u:195, 80:1707, 443:266, 143:61, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:49:34.747171  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (16 /24s) (# pkts S/M/O/I=112/6/24/5): 110:21, 53u:38, 80:74, 1341:1, 5353u:2 [**] {UDP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:49:41.273913  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1615/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:50:17.209178  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1305/0/622/0): 53u:1282, 67u:79, 123u:474, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:50:39.757456  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/343/2): 53u:195, 80:1707, 443:274, 143:62, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:51:12.627209  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1672/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:51:15.434650  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (18 /24s) (# pkts S/M/O/I=120/6/24/5): 110:21, 53u:40, 80:80, 1341:1, 5353u:2 [**] {UDP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:52:42.191825  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/1939/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:53:00.801264  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 29 IPs (23 /24s) (# pkts S/M/O/I=136/6/78/5): 110:21, 53u:56, 80:80, 1341:1, 5353u:26, 123u:30 [**] {UDP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:53:13.652450  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1307/0/622/0): 53u:1284, 67u:79, 123u:474, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:53:48.090565  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1380
11/27/08-13:54:04.840186  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1876
11/27/08-13:54:13.278659  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/2429/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:54:31.120630  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 29 IPs (23 /24s) (# pkts S/M/O/I=139/6/85/5): 110:21, 53u:57, 80:82, 1341:1, 5353u:27, 123u:36 [**] {UDP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:55:22.713786  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1308/0/622/0): 53u:1285, 67u:79, 123u:474, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:55:39.782738  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/344/2): 53u:195, 80:1707, 443:274, 143:63, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:55:44.685234  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/2523/0): 1900u:71, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:56:27.074568  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=323/0/36/0): 80:285, 143:6, 1459:2, 1542:1, 4692:2, 4763:1, 53u:38, 443:24 [**] {TCP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-13:56:41.160639  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=142/6/96/5): 110:21, 53u:58, 80:84, 1341:1, 5353u:28, 123u:46 [**] {UDP} 195.251.234.21:0 -> 195.251.255.143:0
11/27/08-13:57:15.001188  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/2617/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:57:45.957739  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1310/0/622/0): 53u:1287, 67u:79, 123u:474, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-13:58:38.403772  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/345/2): 53u:195, 80:1707, 443:274, 143:64, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-13:58:45.524291  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/2736/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-13:58:54.104971  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=155/6/107/5): 110:21, 53u:61, 80:94, 1341:1, 5353u:29, 123u:56 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-13:59:04.306765  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1224
11/27/08-13:59:16.293590  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1316/0/629/0): 53u:1292, 67u:80, 123u:480, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:00:15.011527  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/2858/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-14:00:39.776944  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/346/2): 53u:195, 80:1707, 443:274, 143:65, 25:6, 50023:1 [**] {TCP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-14:01:00.893927  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=156/6/117/5): 110:21, 53u:61, 80:95, 1341:1, 5353u:30, 123u:65 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:01:29.804153  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1325/0/629/0): 53u:1301, 67u:80, 123u:480, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:01:45.478573  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/3001/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-14:03:13.773803  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=157/6/128/5): 110:21, 53u:61, 80:96, 1341:1, 5353u:30, 123u:76 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:03:15.933476  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/3144/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {UDP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-14:04:06.470080  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1903/0/346/2): 53u:196, 80:1707, 443:274, 143:65, 25:6, 50023:1 [**] {UDP} 195.251.234.12:0 -> 194.0.185.1:0
11/27/08-14:04:18.043907  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1326/0/629/0): 53u:1302, 67u:80, 123u:480, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:04:22.382047  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=323/0/37/0): 80:285, 143:7, 1459:2, 1542:1, 4692:2, 4763:1, 53u:38, 443:24 [**] {TCP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-14:04:50.811509  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=157/6/161/5): 110:21, 53u:61, 80:96, 1341:1, 5353u:56, 123u:83 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:05:48.130059  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1904/0/362/2): 53u:197, 80:1707, 443:282, 25:8, 143:71, 50023:1 [**] {TCP} 195.251.234.12:0 -> 195.251.255.132:0
11/27/08-14:06:16.888951  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1328/0/629/0): 53u:1304, 67u:80, 123u:480, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:06:25.790476  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=157/6/168/5): 110:21, 53u:61, 80:96, 1341:1, 5353u:57, 123u:89 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:06:27.093463  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=323/0/39/0): 80:285, 143:9, 1459:2, 1542:1, 4692:2, 4763:1, 53u:38, 443:24 [**] {TCP} 195.251.234.25:0 -> 62.1.2.102:0
11/27/08-14:07:03.312832  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (17 /24s) (# pkts S/M/O/I=100/49/37/2): 1900u:3, 53u:22, 80:78, 443:34 [**] {TCP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:08:23.802632  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1330/0/629/0): 53u:1306, 67u:80, 123u:480, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:08:34.836970  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=157/6/179/5): 110:21, 53u:61, 80:96, 1341:1, 5353u:59, 123u:98 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:08:34.937109  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (18 /24s) (# pkts S/M/O/I=141/50/43/2): 1900u:3, 53u:25, 80:116, 443:40 [**] {UDP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:08:37.519615  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1904/0/365/2): 53u:197, 80:1707, 443:282, 25:8, 143:74, 50023:1 [**] {TCP} 195.251.234.12:0 -> 195.251.255.132:0
11/27/08-14:10:07.848047  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1940/0/372/2): 53u:207, 80:1733, 443:284, 25:8, 143:79, 50023:1 [**] {UDP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:10:08.671915  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (19 /24s) (# pkts S/M/O/I=146/50/49/2): 1900u:3, 53u:26, 80:120, 443:46 [**] {TCP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:10:16.869704  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1337/0/636/0): 53u:1313, 67u:81, 123u:486, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:10:39.351957  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=158/6/189/5): 110:21, 53u:62, 80:96, 1341:1, 5353u:59, 123u:108 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:11:38.249906  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=263/51/54/2): 1900u:3, 53u:42, 80:221, 443:51 [**] {UDP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:11:45.299688  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1948/0/373/2): 53u:208, 80:1740, 443:284, 25:8, 143:80, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:12:14.293994  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:1251 -> 199.7.50.72:80
11/27/08-14:12:15.205368  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:1254 -> 199.7.50.72:80
11/27/08-14:12:50.858429  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=164/6/200/5): 110:21, 53u:63, 80:101, 1341:1, 5353u:60, 123u:118 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:13:06.275187  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1341/0/636/0): 53u:1317, 67u:81, 123u:486, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:13:14.799436  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=348/52/62/2): 1900u:3, 443:59, 53u:51, 80:297 [**] {TCP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:13:14.799436  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.24:1030
11/27/08-14:13:15.739920  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1310
11/27/08-14:04:19.011778  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (30 /24s) (# pkts S/M/O/I=179/0/3177/0): 1900u:76, 3702u:2, 5355u:62, 53u:48, 80:2, 54755u:1, 20671u:1, 38316u:1, 50001u:1, 50001:2, 10705:2, 53419:1 [**] {TCP} 195.251.234.19:0 -> 85.229.132.193:0
11/27/08-14:14:27.325361  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1959/0/373/2): 53u:209, 80:1750, 443:284, 25:8, 143:80, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:14:53.146061  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=348/52/63/2): 1900u:3, 443:60, 53u:51, 80:297 [**] {TCP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:15:02.824557  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=164/6/211/5): 110:21, 53u:63, 80:101, 1341:1, 5353u:60, 123u:129 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:15:03.197540  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1343/0/636/0): 53u:1319, 67u:81, 123u:486, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:16:14.594759  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:1261 -> 199.7.57.72:80
11/27/08-14:16:23.917968  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=370/53/80/2): 1900u:3, 443:77, 53u:55, 80:315 [**] {UDP} 195.251.234.24:0 -> 195.251.234.255:0
11/27/08-14:16:26.039852  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1973/0/374/2): 53u:209, 80:1764, 443:285, 25:8, 143:80, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:16:51.456653  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1642
11/27/08-14:17:10.831795  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=165/6/221/5): 110:21, 53u:63, 80:102, 1341:1, 5353u:60, 123u:139 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:17:58.007870  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=401/55/133/2): 1900u:3, 443:130, 80:345, 53u:56 [**] {TCP} 195.251.234.24:0 -> 86.53.218.75:0
11/27/08-14:18:00.928018  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1976/0/378/2): 53u:210, 80:1766, 443:289, 25:8, 143:80, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:18:24.117784  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1348/0/636/0): 53u:1324, 67u:81, 123u:486, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:18:50.833512  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=166/6/229/5): 110:21, 53u:63, 80:103, 1341:1, 5353u:60, 123u:147 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:19:28.524025  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=466/55/147/2): 1900u:3, 443:144, 80:396, 53u:70 [**] {TCP} 195.251.234.24:0 -> 86.53.218.75:0
11/27/08-14:20:17.168095  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1355/0/643/0): 53u:1331, 67u:82, 123u:492, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:20:42.834862  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=166/6/237/5): 110:21, 53u:63, 80:103, 1341:1, 5353u:60, 123u:155 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:20:59.695883  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=520/56/157/2): 1900u:3, 443:154, 80:443, 53u:77 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:21:51.701895  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=1999/0/384/2): 53u:211, 80:1788, 443:293, 25:8, 143:82, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:21:51.701895  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1508
11/27/08-14:22:17.837659  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=166/6/246/5): 110:21, 53u:63, 80:103, 1341:1, 5353u:61, 123u:163 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:22:25.201332  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1268
11/27/08-14:22:35.101874  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=535/56/164/2): 1900u:3, 443:161, 80:457, 53u:78 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:23:44.537366  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2006/0/384/2): 53u:212, 80:1794, 443:293, 25:8, 143:82, 50023:1 [**] {UDP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:23:54.838703  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=169/6/253/5): 110:21, 53u:64, 80:105, 1341:1, 5353u:61, 123u:170 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:24:09.265979  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=552/56/172/2): 1900u:3, 443:169, 80:474, 53u:78 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:25:30.839671  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=169/6/261/5): 110:21, 53u:64, 80:105, 1341:1, 5353u:61, 123u:178 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:25:46.073886  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=681/56/180/2): 1900u:3, 443:177, 80:593, 53u:88 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:25:58.523427  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1359/0/643/0): 53u:1335, 67u:82, 123u:492, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:27:08.841702  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=172/6/268/5): 110:21, 53u:65, 80:107, 1341:1, 5353u:61, 123u:185 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:27:24.511976  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1085
11/27/08-14:27:25.450276  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.19:1366
11/27/08-14:27:29.402913  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (17 /24s) (# pkts S/M/O/I=697/57/199/2): 1900u:3, 443:196, 80:608, 53u:89 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:27:30.834025  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2021/0/396/2): 53u:217, 80:1804, 443:305, 25:8, 143:82, 50023:1 [**] {UDP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:27:41.260986  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1581
11/27/08-14:27:42.200599  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.19:1862
11/27/08-14:27:45.932380  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1360/0/643/0): 53u:1336, 67u:82, 123u:492, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:28:14.761112  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1341
11/27/08-14:28:42.842696  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=172/6/276/5): 110:21, 53u:65, 80:107, 1341:1, 5353u:61, 123u:193 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:29:00.144454  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (16 /24s) (# pkts S/M/O/I=706/57/228/2): 1900u:3, 443:225, 80:616, 53u:90 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:29:11.180811  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2032/0/397/2): 53u:219, 80:1813, 443:305, 25:8, 143:83, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:29:16.262214  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1366/0/650/0): 53u:1342, 67u:83, 123u:498, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:29:50.845313  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:1466 -> 199.7.48.72:80
11/27/08-14:30:23.843173  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=173/6/283/5): 110:21, 53u:65, 80:108, 1341:1, 5353u:61, 123u:200 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:30:30.537382  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=860/57/282/2): 1900u:3, 443:279, 80:750, 53u:110 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:31:01.009320  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1167
11/27/08-14:31:29.731765  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=1371/0/650/0): 53u:1347, 67u:83, 123u:498, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:31:59.842931  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/291/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:61, 123u:208 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:32:03.145087  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=928/57/287/2): 1900u:3, 443:284, 80:813, 53u:115 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:33:23.980678  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.234.24 -> 221.2.70.46
11/27/08-14:33:36.843590  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/298/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:61, 123u:215 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:33:45.639428  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=1007/58/300/2): 1900u:3, 443:296, 80:885, 53u:122, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:34:31.016397  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1374/0/650/0): 53u:1349, 67u:83, 123u:498, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:35:11.843282  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/306/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:61, 123u:223 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:35:15.590049  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (19 /24s) (# pkts S/M/O/I=1031/58/324/2): 1900u:3, 443:320, 80:907, 53u:124, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:36:45.243097  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1118/59/343/2): 1900u:3, 443:339, 80:985, 53u:133, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:36:51.843844  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/313/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:61, 123u:230 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:37:00.597161  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1375/0/650/0): 53u:1350, 67u:83, 123u:498, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:30:06.192434  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2038/0/399/2): 53u:220, 80:1818, 443:305, 25:8, 143:85, 50023:1 [**] {TCP} 195.251.234.12:0 -> 62.41.81.19:0
11/27/08-14:37:42.852248  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1356
11/27/08-14:38:16.351306  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1116
11/27/08-14:38:22.205432  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/321/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:62, 123u:237 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:38:30.691132  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1153/59/353/2): 1900u:3, 443:349, 80:1018, 53u:135, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:38:33.101705  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1612
11/27/08-14:38:38.086371  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1378/0/650/0): 53u:1353, 67u:83, 123u:498, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:40:04.844187  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=175/6/329/5): 110:21, 53u:65, 80:110, 1341:1, 5353u:62, 123u:245 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:40:13.992480  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (20 /24s) (# pkts S/M/O/I=1215/59/362/2): 1900u:3, 443:358, 80:1077, 53u:138, 37083:1 [**] {UDP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:40:16.764308  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1384/0/657/0): 53u:1359, 67u:84, 123u:504, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:41:41.843969  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=178/6/337/5): 110:21, 53u:66, 80:112, 1341:1, 5353u:62, 123u:253 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:41:45.808335  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1366/59/387/2): 1900u:3, 443:383, 80:1210, 53u:156, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:41:51.912588  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1917
11/27/08-14:43:15.844106  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=178/6/344/5): 110:21, 53u:66, 80:112, 1341:1, 5353u:62, 123u:260 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:43:17.395174  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1523/59/395/2): 1900u:3, 443:391, 80:1354, 53u:169, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.17:0
11/27/08-14:43:41.187675  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (19 /24s) (# pkts S/M/O/I=127/0/6/0): 53u:19, 25:2, 143:4, 80:108 [**] {TCP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:44:54.843186  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=178/6/352/5): 110:21, 53u:66, 80:112, 1341:1, 5353u:62, 123u:268 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:45:14.502314  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1644/60/401/2): 1900u:3, 443:397, 80:1464, 53u:180, 37083:1 [**] {TCP} 195.251.234.24:0 -> 62.189.244.254:0
11/27/08-14:45:21.864951  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (19 /24s) (# pkts S/M/O/I=145/0/6/0): 53u:19, 25:2, 143:4, 80:126 [**] {TCP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:45:35.995536  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1386/0/657/0): 53u:1361, 67u:84, 123u:504, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:46:26.842374  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=179/6/359/5): 110:21, 53u:66, 80:113, 1341:1, 5353u:62, 123u:275 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:46:53.095156  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1295
11/27/08-14:47:08.727271  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1658/60/424/2): 1900u:3, 443:420, 80:1477, 53u:181, 37083:1 [**] {TCP} 195.251.234.24:0 -> 62.189.244.254:0
11/27/08-14:47:11.206004  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (20 /24s) (# pkts S/M/O/I=158/0/6/0): 53u:21, 25:2, 143:4, 80:137 [**] {TCP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:47:50.107991  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1387/0/657/0): 53u:1362, 67u:84, 123u:504, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:48:08.841593  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=181/6/367/5): 110:21, 53u:66, 80:115, 1341:1, 5353u:62, 123u:283 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:48:41.203994  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (20 /24s) (# pkts S/M/O/I=168/0/7/0): 53u:21, 25:2, 143:5, 80:147 [**] {TCP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:48:43.858209  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1668/60/437/2): 1900u:3, 443:433, 80:1487, 53u:181, 37083:1 [**] {TCP} 195.251.234.24:0 -> 62.189.244.254:0
11/27/08-14:49:20.868733  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1392/0/664/0): 53u:1367, 67u:85, 123u:510, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:49:44.841700  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=181/6/374/5): 110:21, 53u:66, 80:115, 1341:1, 5353u:62, 123u:290 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:50:12.845302  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1881
11/27/08-14:50:14.496232  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1729/60/444/2): 1900u:3, 443:440, 80:1545, 53u:184, 37083:1 [**] {TCP} 195.251.234.24:0 -> 62.189.244.254:0
11/27/08-14:50:22.577580  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (22 /24s) (# pkts S/M/O/I=192/0/7/0): 53u:26, 25:2, 143:5, 80:166 [**] {TCP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:51:21.841777  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=181/6/382/5): 110:21, 53u:66, 80:115, 1341:1, 5353u:62, 123u:298 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:51:30.339972  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 22 IPs (22 /24s) (# pkts S/M/O/I=1400/0/664/0): 53u:1375, 67u:85, 123u:510, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:51:57.332961  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 28 IPs (24 /24s) (# pkts S/M/O/I=223/0/7/0): 53u:31, 25:2, 143:5, 80:192 [**] {UDP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:52:05.291236  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1809/61/483/2): 1900u:3, 443:479, 80:1613, 53u:196, 37083:1 [**] {UDP} 195.251.234.24:0 -> 74.125.39.164:0
11/27/08-14:52:55.840853  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=181/6/389/5): 110:21, 53u:66, 80:115, 1341:1, 5353u:62, 123u:305 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:53:03.877020  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1406/0/664/0): 53u:1380, 67u:85, 123u:510, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:53:30.056688  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 28 IPs (24 /24s) (# pkts S/M/O/I=240/0/7/0): 53u:33, 25:2, 143:5, 80:207 [**] {UDP} 195.251.234.12:0 -> 195.251.255.142:0
11/27/08-14:53:36.529012  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1863/61/521/2): 1900u:3, 443:517, 80:1661, 53u:202, 37083:1 [**] {UDP} 195.251.234.24:0 -> 74.125.39.164:0
11/27/08-14:54:32.839871  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=184/6/397/5): 110:21, 53u:67, 80:117, 1341:1, 5353u:62, 123u:313 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:55:05.563037  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=290/0/7/0): 53u:39, 25:2, 80:251, 143:5 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-14:55:13.387048  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1924/61/535/2): 1900u:3, 443:531, 80:1715, 53u:209, 37083:1 [**] {TCP} 195.251.234.24:0 -> 74.125.39.164:0
11/27/08-14:55:28.905957  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1962
11/27/08-14:55:29.059516  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1407/0/664/0): 53u:1380, 67u:85, 123u:510, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:55:29.059516  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1493
11/27/08-14:56:02.404820  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1722
11/27/08-14:56:02.559388  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1253
11/27/08-14:56:07.839044  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=184/6/404/5): 110:21, 53u:67, 80:117, 1341:1, 5353u:62, 123u:320 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:56:43.462748  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=1936/62/545/2): 1900u:3, 443:540, 80:1725, 53u:211, 37083:1, 45607u:1 [**] {UDP} 195.251.234.24:0 -> 74.125.39.164:0
11/27/08-14:56:58.610062  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=302/0/7/0): 53u:39, 25:2, 80:263, 143:5 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-14:56:58.979533  [**] [1:2600135:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.com) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.24:1098 -> 195.251.255.142:53
11/27/08-14:56:58.979827  [**] [1:2600135:9] E6[rb] SPYWARE-DNS  DNS lookup 3 chars (.com) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.24:1040 -> 195.251.255.142:53
11/27/08-14:57:43.838042  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=184/6/412/5): 110:21, 53u:67, 80:117, 1341:1, 5353u:62, 123u:328 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:57:45.904841  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1410/0/664/0): 53u:1382, 67u:85, 123u:510, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:58:15.340316  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2025/62/794/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-14:58:37.301164  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=311/0/8/0): 53u:41, 25:2, 80:270, 143:6 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-14:58:38.025729  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:2173 -> 199.7.54.72:80
11/27/08-14:59:16.171666  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1417/0/671/0): 53u:1389, 67u:86, 123u:516, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-14:59:22.838674  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=184/6/419/5): 110:21, 53u:67, 80:117, 1341:1, 5353u:62, 123u:335 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-14:59:51.565136  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2225/62/817/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:00:36.841026  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=320/0/8/0): 53u:42, 25:2, 80:278, 143:6 [**] {UDP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:00:54.560922  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=185/6/426/5): 110:21, 53u:68, 80:117, 1341:1, 5353u:62, 123u:342 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:01:01.869274  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1070
11/27/08-15:01:18.619104  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1566
11/27/08-15:01:29.072241  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2299/62/844/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:01:29.636218  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1421/0/671/0): 53u:1393, 67u:86, 123u:516, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:01:52.119283  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1326
11/27/08-15:02:10.149591  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=352/0/8/0): 53u:45, 25:2, 80:307, 143:6 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:02:34.837576  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=187/6/434/5): 110:21, 53u:68, 80:119, 1341:1, 5353u:62, 123u:350 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:03:03.280838  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2430/62/857/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:03:10.830211  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1422/0/671/0): 53u:1394, 67u:86, 123u:516, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:03:47.199161  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=394/0/8/0): 53u:47, 25:2, 80:347, 143:6 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:04:11.835105  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=188/6/442/5): 110:21, 53u:68, 80:120, 1341:1, 5353u:62, 123u:358 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:04:33.353567  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2534/62/908/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:04:38.367463  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1152
11/27/08-15:05:11.867355  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1912
11/27/08-15:05:18.120815  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (23 /24s) (# pkts S/M/O/I=1423/0/671/0): 53u:1395, 67u:86, 123u:516, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:05:34.457722  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=422/0/8/0): 53u:50, 25:2, 80:372, 143:6 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:05:50.834649  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=188/6/449/5): 110:21, 53u:68, 80:120, 1341:1, 5353u:62, 123u:365 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:06:03.429166  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2616/62/943/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:07:08.374447  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=463/0/8/0): 53u:53, 25:2, 80:410, 143:6 [**] {UDP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:07:22.833355  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=189/6/457/5): 110:21, 53u:68, 80:121, 1341:1, 5353u:62, 123u:373 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:07:29.997641  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1425/0/672/0): 53u:1397, 67u:86, 123u:516, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:07:48.589894  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2679/63/997/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:08:52.265402  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=482/0/11/0): 53u:54, 25:2, 80:428, 143:9 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:09:04.833111  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=189/6/464/5): 110:21, 53u:68, 80:121, 1341:1, 5353u:62, 123u:380 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:09:16.479757  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1428/0/679/0): 53u:1400, 67u:87, 123u:522, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:09:18.014850  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2723/64/1040/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:09:39.555073  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1298
11/27/08-15:10:13.054110  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.25:1058
11/27/08-15:10:28.866864  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 127.0.0.1 (# pkts S/M/O/I=0/0/18/0) of 10 IPs: 195.251.234.6.{1356,1116,1612} 195.251.234.8.1917 195.251.234.21.1295 195.251.234.29.1881 195.251.234.30.{1962,1722} 195.251.234.3.{1493,1253} 195.251.234.4.{1070,1566,1326} 195.251.234.12.{1152,1912} 195.251.234.25.{1298,1058} 195.251.234.19.1274 [**] {TCP} 127.0.0.1:0 -> 195.251.234.6:0
11/27/08-15:10:28.866864  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.19:1274
11/27/08-15:10:36.832501  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=189/6/472/5): 110:21, 53u:68, 80:121, 1341:1, 5353u:62, 123u:388 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:10:43.863656  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=524/0/13/0): 53u:57, 25:2, 80:467, 143:11 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:10:49.285203  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2803/64/1061/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:11:29.944297  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1434/0/679/0): 53u:1406, 67u:87, 123u:522, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:12:13.102321  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=552/0/13/0): 53u:59, 25:2, 80:493, 143:11 [**] {UDP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:12:19.504414  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2860/64/1072/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:12:19.830921  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=192/6/479/5): 110:21, 53u:69, 80:123, 1341:1, 5353u:62, 123u:395 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:13:49.828498  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=192/6/488/5): 110:21, 53u:69, 80:123, 1341:1, 5353u:63, 123u:403 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:13:53.633937  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2870/64/1083/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:13:54.041739  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=573/0/13/0): 53u:61, 25:2, 80:512, 143:11 [**] {UDP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:14:15.209523  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1436/0/679/0): 53u:1408, 67u:87, 123u:522, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:15:26.673476  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=597/0/13/0): 53u:66, 25:2, 80:531, 143:11 [**] {TCP} 195.251.234.12:0 -> 131.84.1.175:0
11/27/08-15:15:29.827435  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=193/6/495/5): 110:21, 53u:69, 80:124, 1341:1, 5353u:63, 123u:410 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:15:29.873521  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2885/64/1115/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:16:25.550611  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1438/0/679/0): 53u:1410, 67u:87, 123u:522, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:17:00.826553  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=194/6/503/5): 110:21, 53u:69, 80:125, 1341:1, 5353u:63, 123u:418 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:17:03.653685  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=714/0/13/0): 53u:78, 25:2, 80:636, 143:11 [**] {TCP} 195.251.234.12:0 -> 216.73.87.52:0
11/27/08-15:17:04.950987  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2901/64/1134/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:18:23.916709  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1440/0/679/0): 53u:1412, 67u:87, 123u:522, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:18:37.278904  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=822/0/14/0): 53u:83, 25:2, 80:739, 143:12 [**] {TCP} 195.251.234.12:0 -> 216.73.87.52:0
11/27/08-15:18:42.825693  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=194/6/510/5): 110:21, 53u:69, 80:125, 1341:1, 5353u:63, 123u:425 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:18:53.632615  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2905/64/1146/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:20:11.809932  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=828/0/14/0): 53u:84, 25:2, 80:744, 143:12 [**] {TCP} 195.251.234.12:0 -> 216.73.87.52:0
11/27/08-15:20:16.825814  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=194/6/518/5): 110:21, 53u:69, 80:125, 1341:1, 5353u:63, 123u:433 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:20:16.973887  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1447/0/686/0): 53u:1419, 67u:88, 123u:528, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:20:29.518720  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1000
11/27/08-15:20:30.453729  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.12:1049
11/27/08-15:20:38.625089  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2905/65/1158/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:21:19.768165  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1024
11/27/08-15:21:41.808246  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=855/0/14/0): 53u:84, 25:2, 80:771, 143:12 [**] {TCP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:21:54.824791  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=194/6/525/5): 110:21, 53u:69, 80:125, 1341:1, 5353u:63, 123u:440 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:22:22.274788  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=2911/66/1174/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:23:06.752161  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1451/0/686/0): 53u:1423, 67u:88, 123u:528, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:23:11.808579  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=867/0/14/0): 53u:84, 25:2, 80:783, 143:12 [**] {TCP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:23:27.823805  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=197/6/533/5): 110:21, 53u:70, 80:127, 1341:1, 5353u:63, 123u:448 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:23:53.638387  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2916/66/1225/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:25:03.894475  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1453/0/686/0): 53u:1425, 67u:88, 123u:528, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:25:06.821735  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=197/6/540/5): 110:21, 53u:70, 80:127, 1341:1, 5353u:63, 123u:455 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:25:53.649092  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2916/66/1246/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:26:04.009975  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=869/0/14/0): 53u:85, 25:2, 80:784, 143:12 [**] {UDP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:26:43.820878  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=200/6/548/5): 110:21, 53u:71, 80:129, 1341:1, 5353u:63, 123u:463 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:27:15.684318  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1458/0/686/0): 53u:1430, 67u:88, 123u:528, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:27:26.385035  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2916/66/1264/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:28:09.353842  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=873/0/22/0): 53u:87, 25:2, 80:786, 143:12, 443:8 [**] {UDP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:28:21.820901  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=200/6/555/5): 110:21, 53u:71, 80:129, 1341:1, 5353u:63, 123u:470 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:29:16.067100  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1465/0/693/0): 53u:1437, 67u:89, 123u:534, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:29:18.304825  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2918/66/1317/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:29:42.507725  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=899/0/23/0): 53u:92, 25:2, 80:807, 143:13, 443:8 [**] {TCP} 195.251.234.12:0 -> 63.118.7.207:0
11/27/08-15:29:54.817970  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=200/6/563/5): 110:21, 53u:71, 80:129, 1341:1, 5353u:63, 123u:478 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:30:50.228169  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2918/66/1336/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:31:27.000387  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=919/0/29/0): 53u:93, 25:2, 80:826, 143:14, 443:13 [**] {TCP} 195.251.234.12:0 -> 63.118.7.207:0
11/27/08-15:31:29.522651  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1469/0/693/0): 53u:1441, 67u:89, 123u:534, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:31:32.817687  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=201/6/570/5): 110:21, 53u:71, 80:130, 1341:1, 5353u:63, 123u:485 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:32:22.992413  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2918/66/1351/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:33:03.579684  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=217/6/584/5): 110:28, 53u:86, 80:131, 1341:1, 5353u:63, 123u:492 [**] {TCP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:33:56.313390  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2921/67/1365/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:34:42.012117  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=921/0/32/0): 53u:93, 25:2, 80:828, 143:14, 443:16 [**] {TCP} 195.251.234.12:0 -> 63.118.7.207:0
11/27/08-15:34:44.815288  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=217/6/596/5): 110:32, 53u:86, 80:131, 1341:1, 5353u:63, 123u:500 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:36:07.146994  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1471/0/693/0): 53u:1443, 67u:89, 123u:534, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:36:12.376472  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=927/0/32/0): 53u:94, 25:2, 80:833, 143:14, 443:16 [**] {UDP} 195.251.234.12:0 -> 63.118.7.207:0
11/27/08-15:36:24.051435  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2925/68/1383/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:36:24.814254  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=217/6/604/5): 110:32, 53u:86, 80:131, 1341:1, 5353u:63, 123u:508 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:37:58.812994  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=217/6/613/5): 110:34, 53u:86, 80:131, 1341:1, 5353u:63, 123u:515 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:38:05.312338  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2926/68/1403/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:38:15.725737  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1473/0/693/0): 53u:1444, 67u:89, 123u:534, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:38:15.725737  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1137
11/27/08-15:38:16.663647  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1186
11/27/08-15:38:49.225495  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1897
11/27/08-15:38:49.480753  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=937/0/35/0): 53u:96, 25:2, 80:841, 143:16, 443:17 [**] {TCP} 195.251.234.12:0 -> 63.118.7.207:0
11/27/08-15:39:40.812102  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=217/6/621/5): 110:34, 53u:86, 80:131, 1341:1, 5353u:63, 123u:523 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:40:05.255445  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2929/68/1421/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:40:16.565233  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1481/0/700/0): 53u:1451, 67u:90, 123u:540, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:40:20.311663  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=954/0/44/0): 53u:99, 25:2, 80:855, 143:18, 443:24 [**] {UDP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:41:11.811737  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=220/6/628/5): 110:34, 53u:87, 80:133, 1341:1, 5353u:63, 123u:530 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:42:04.571498  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=970/0/51/0): 53u:100, 25:2, 80:870, 143:19, 443:30 [**] {TCP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:42:23.458605  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2933/68/1425/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:42:50.310223  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1483/0/700/0): 53u:1453, 67u:90, 123u:540, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:42:53.810538  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=220/6/638/5): 110:36, 53u:87, 80:133, 1341:1, 5353u:63, 123u:538 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:43:46.594656  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=988/0/55/0): 53u:103, 25:2, 80:885, 143:23, 443:30 [**] {TCP} 195.251.234.12:0 -> 209.85.129.104:0
11/27/08-15:43:58.066519  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2933/68/1447/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:44:24.810456  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=220/6/645/5): 110:36, 53u:87, 80:133, 1341:1, 5353u:63, 123u:545 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:45:20.084647  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=1001/0/58/0): 53u:106, 25:2, 80:895, 143:26, 443:30 [**] {UDP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-15:45:38.074028  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2934/69/1462/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:46:08.808465  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=221/6/653/5): 110:36, 53u:87, 80:134, 1341:1, 5353u:63, 123u:553 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:47:12.705118  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1484/0/700/0): 53u:1454, 67u:90, 123u:540, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:47:18.072015  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2934/69/1487/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:47:38.807303  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=222/6/662/5): 110:38, 53u:87, 80:135, 1341:1, 5353u:63, 123u:560 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:48:42.517990  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1486/0/705/0): 53u:1456, 67u:91, 123u:544, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:48:58.076466  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2934/69/1522/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:49:17.805448  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=222/6/670/5): 110:38, 53u:87, 80:135, 1341:1, 5353u:63, 123u:568 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:49:24.687942  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.8:1368 -> 4.71.209.8:80
11/27/08-15:49:57.969121  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1009/0/58/0): 53u:107, 25:2, 80:902, 143:26, 443:30 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-15:49:58.481525  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:2966 -> 195.251.234.41:80
11/27/08-15:50:00.494713  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.12:2966 -> 195.251.234.41:80
11/27/08-15:50:12.725958  [**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:2966 -> 195.251.234.41:80
11/27/08-15:50:16.864308  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1492/0/707/0): 53u:1462, 67u:91, 123u:546, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:50:28.492026  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2935/69/1541/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:50:54.804406  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=222/6/677/5): 110:38, 53u:87, 80:135, 1341:1, 5353u:63, 123u:575 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:51:42.055267  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1015/0/58/0): 53u:107, 25:2, 80:908, 143:26, 443:30 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-15:52:04.053937  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1493/0/708/0): 53u:1463, 67u:91, 123u:546, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:52:14.484197  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2935/70/1550/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:52:26.218686  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.24:1942
11/27/08-15:52:27.158436  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1223
11/27/08-15:52:32.802805  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=222/6/685/5): 110:38, 53u:87, 80:135, 1341:1, 5353u:63, 123u:583 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:53:27.053771  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1018/0/68/0): 53u:107, 25:2, 80:911, 143:28, 443:38 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-15:54:01.731614  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2937/70/1572/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:54:07.655360  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1503
11/27/08-15:54:08.801482  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=225/6/694/5): 110:40, 53u:88, 80:137, 1341:1, 5353u:63, 123u:590 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:54:10.513397  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (14 /24s) (# pkts S/M/O/I=100/0/7/0): 80:77, 53u:23, 443:7 [**] {TCP} 195.251.234.8:0 -> 127.0.0.1:0
11/27/08-15:55:37.113544  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2937/70/1579/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:55:46.800415  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=225/6/702/5): 110:40, 53u:88, 80:137, 1341:1, 5353u:63, 123u:598 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:56:08.501013  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1494/0/708/0): 53u:1464, 67u:91, 123u:546, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:57:08.363076  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2937/71/1599/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:57:21.800268  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=228/6/709/5): 110:40, 53u:89, 80:139, 1341:1, 5353u:63, 123u:605 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:57:45.853648  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1496/0/708/0): 53u:1466, 67u:91, 123u:546, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-15:58:16.872117  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.4:1595
11/27/08-15:58:28.739693  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1018/0/73/0): 53u:107, 25:2, 80:911, 143:30, 443:41 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-15:59:02.798362  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=229/6/719/5): 110:42, 53u:90, 80:139, 1341:1, 5353u:63, 123u:613 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-15:59:03.239329  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2938/71/1608/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-15:59:15.943515  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1503/0/715/0): 53u:1473, 67u:92, 123u:552, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:00:02.114423  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1083/0/83/0): 53u:115, 25:2, 80:968, 143:32, 443:49 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:00:28.233875  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 21 IPs (14 /24s) (# pkts S/M/O/I=139/0/10/0): 80:115, 53u:24, 443:10 [**] {UDP} 195.251.234.8:0 -> 127.0.0.1:0
11/27/08-16:00:33.870868  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2938/71/1652/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {ICMP} 195.251.234.24 -> 88.87.8.144
11/27/08-16:00:38.797286  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=229/6/726/5): 110:42, 53u:90, 80:139, 1341:1, 5353u:63, 123u:620 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:01:23.593020  [**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3132 -> 74.125.242.24:80
11/27/08-16:01:30.419878  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1508/0/715/0): 53u:1478, 67u:92, 123u:552, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:01:32.360518  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=1291/0/86/0): 53u:120, 25:2, 80:1171, 143:32, 443:52 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:01:32.782802  [**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3140 -> 74.125.242.24:80
11/27/08-16:01:44.007124  [**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3163 -> 74.125.242.24:80
11/27/08-16:02:03.690625  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2938/71/1674/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {ICMP} 195.251.234.24 -> 88.87.8.144
11/27/08-16:02:14.796317  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=230/6/734/5): 110:42, 53u:90, 80:140, 1341:1, 5353u:63, 123u:628 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:03:03.350217  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1503/0/98/2): 53u:128, 25:2, 80:1375, 143:32, 443:64 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:03:51.361182  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2938/71/1685/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:03:55.795326  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=231/6/743/5): 110:44, 53u:90, 80:141, 1341:1, 5353u:63, 123u:635 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:04:33.179437  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (22 /24s) (# pkts S/M/O/I=1549/0/107/2): 53u:128, 25:2, 80:1421, 143:33, 443:72 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:05:20.459204  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1511/0/715/0): 53u:1481, 67u:92, 123u:552, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:05:37.195773  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=2939/71/1690/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:05:41.415711  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 23 IPs (15 /24s) (# pkts S/M/O/I=154/0/14/0): 80:128, 53u:26, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 127.0.0.1:0
11/27/08-16:05:41.794410  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=239/6/752/5): 110:44, 53u:92, 80:147, 1341:1, 5353u:63, 123u:644 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:06:03.117427  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1746/0/116/2): 53u:131, 25:2, 80:1615, 143:33, 443:81 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:06:53.619156  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.19:1774
11/27/08-16:07:11.816741  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=239/6/759/5): 110:44, 53u:92, 80:147, 1341:1, 5353u:63, 123u:651 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:07:18.151291  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=3001/72/1692/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:07:26.566008  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1513/0/715/0): 53u:1483, 67u:92, 123u:552, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:07:38.263999  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1837/0/122/2): 53u:132, 25:2, 80:1705, 143:33, 443:87 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:08:18.304296  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.24:1839
11/27/08-16:08:51.520963  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=3034/73/1701/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:08:55.792305  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=242/6/769/5): 110:46, 53u:93, 80:149, 1341:1, 5353u:63, 123u:659 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:09:12.223092  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1902/0/131/2): 53u:134, 25:2, 80:1768, 143:33, 443:96 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:09:16.293576  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1520/0/722/0): 53u:1490, 67u:93, 123u:558, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:09:32.659821  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.24:3142 -> 199.7.53.72:80
11/27/08-16:09:39.670778  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.24:3261 -> 74.125.242.24:80
11/27/08-16:09:39.671503  [**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**] [Priority: 3] {TCP} 195.251.234.24:3261 -> 74.125.242.24:80
11/27/08-16:09:40.989740  [**] [1:2600114:9] E6[rb] SPYWARE-DNS  DNS lookup 13 chars (.com) [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 195.251.234.24:1040 -> 195.251.255.142:53
11/27/08-16:10:25.791170  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=245/6/776/5): 110:46, 53u:94, 80:151, 1341:1, 5353u:63, 123u:666 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:10:41.322574  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (26 /24s) (# pkts S/M/O/I=3813/73/1736/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:10:51.746515  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1910/0/135/2): 53u:134, 25:2, 80:1776, 143:33, 443:100 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:11:10.532857  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 24 IPs (16 /24s) (# pkts S/M/O/I=156/0/14/0): 80:130, 53u:26, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 127.0.0.1:0
11/27/08-16:11:29.759112  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1525/0/722/0): 53u:1495, 67u:93, 123u:558, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:11:33.787392  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.8:1453 -> 4.71.209.8:80
11/27/08-16:11:37.388237  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.8:1463 -> 4.71.209.8:80
11/27/08-16:12:10.790220  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=253/6/784/5): 110:46, 53u:96, 80:157, 1341:1, 5353u:63, 123u:674 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:12:25.417968  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=3831/73/1755/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {TCP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:12:41.919250  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1921/0/137/2): 53u:134, 25:2, 80:1787, 143:33, 443:102 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:13:18.554326  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1937
11/27/08-16:13:40.789124  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=253/6/794/5): 110:48, 53u:96, 80:157, 1341:1, 5353u:64, 123u:681 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:13:58.611026  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=3831/73/1772/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:14:08.803962  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1193
11/27/08-16:14:18.665702  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1527/0/722/0): 53u:1497, 67u:93, 123u:558, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:14:40.596422  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1989/0/143/2): 53u:138, 25:2, 80:1851, 143:36, 443:105 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:15:19.027014  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=255/6/803/5): 110:48, 53u:97, 80:158, 443:2, 1341:1, 5353u:64, 123u:688 [**] {TCP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:15:45.648816  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 27 IPs (18 /24s) (# pkts S/M/O/I=194/0/14/0): 80:161, 53u:33, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 127.0.0.1:0
11/27/08-16:15:53.769279  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.234.8:1477 -> 4.71.209.8:80
11/27/08-16:15:55.319383  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (27 /24s) (# pkts S/M/O/I=3857/73/1803/2): 53360u:1, 19986u:1, 1900u:3, 443:56, 80:19, 55186u:1, 21226u:1, 53427u:1, 11038u:1, 12301u:1, 63550u:1, 55672u:2 [**] {UDP} 195.251.234.24:0 -> 88.87.8.144:0
11/27/08-16:16:21.321078  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 25 IPs (25 /24s) (# pkts S/M/O/I=1528/0/722/0): 53u:1498, 67u:93, 123u:558, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:16:54.271286  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1269
11/27/08-16:16:54.786860  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=255/6/811/5): 110:48, 53u:97, 80:158, 443:2, 1341:1, 5353u:64, 123u:696 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:17:27.770019  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1029
11/27/08-16:17:41.868899  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=1996/0/148/2): 53u:139, 25:2, 80:1857, 143:41, 443:105 [**] {UDP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:17:44.520707  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1525
11/27/08-16:17:57.065272  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.33:5632 -> 195.251.234.3:80
11/27/08-16:18:08.801025  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1528/0/726/0): 53u:1498, 67u:93, 123u:558, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:18:40.786002  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=256/6/821/5): 110:50, 53u:97, 80:159, 443:2, 1341:1, 5353u:64, 123u:704 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:19:28.998867  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=247/0/14/0): 80:207, 53u:40, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 72.14.221.190:0
11/27/08-16:19:52.124789  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=2014/0/153/2): 53u:141, 25:2, 80:1873, 143:43, 443:108 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:20:16.791090  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1536/0/734/0): 53u:1506, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:20:25.785004  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=256/6/830/5): 110:50, 53u:97, 80:159, 443:2, 1341:1, 5353u:64, 123u:713 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:20:58.168073  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=248/0/14/0): 80:208, 53u:40, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 72.14.221.190:0
11/27/08-16:21:03.328965  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1830
11/27/08-16:21:23.276299  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=2025/0/161/2): 53u:142, 25:2, 80:1883, 143:51, 443:108 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:22:10.784262  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=256/6/837/5): 110:50, 53u:97, 80:159, 443:2, 1341:1, 5353u:64, 123u:720 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:22:25.858740  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1538/0/735/0): 53u:1508, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:22:28.018523  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1126
11/27/08-16:22:44.766122  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.13:1391
11/27/08-16:22:56.936084  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=2028/0/162/2): 53u:142, 25:2, 80:1886, 143:52, 443:108 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:24:02.782289  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=259/6/848/5): 110:52, 53u:98, 80:161, 443:2, 1341:1, 5353u:64, 123u:729 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:24:45.749075  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (21 /24s) (# pkts S/M/O/I=264/0/14/0): 80:224, 53u:40, 443:10, 8081:4 [**] {TCP} 195.251.234.8:0 -> 72.14.221.190:0
11/27/08-16:25:02.939364  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=2031/0/163/2): 53u:142, 25:2, 80:1889, 143:53, 443:108 [**] {TCP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:25:44.781327  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=259/6/857/5): 110:52, 53u:98, 80:161, 443:2, 1341:1, 5353u:64, 123u:738 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:26:33.287450  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2046/0/172/2): 53u:147, 25:2, 80:1899, 143:56, 443:114 [**] {UDP} 195.251.234.12:0 -> 195.251.234.41:0
11/27/08-16:27:32.781449  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=262/6/864/5): 110:52, 53u:99, 80:163, 443:2, 1341:1, 5353u:64, 123u:745 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:27:42.287537  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1540/0/750/0): 53u:1510, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:27:45.015838  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.19:1488
11/27/08-16:28:41.516928  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2122/0/179/2): 53u:160, 25:2, 80:1962, 143:56, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:29:21.779144  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=262/6/875/5): 110:54, 53u:99, 80:163, 443:2, 1341:1, 5353u:64, 123u:754 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:29:55.158206  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1545/0/750/0): 53u:1515, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:30:12.278878  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2170/0/179/2): 53u:163, 25:2, 80:2007, 143:56, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:30:52.778531  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=263/6/882/5): 110:54, 53u:99, 80:164, 443:2, 1341:1, 5353u:64, 123u:761 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:31:04.761713  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.27:1074
11/27/08-16:31:42.922624  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=2211/0/179/2): 53u:164, 25:2, 80:2047, 143:56, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:31:54.073663  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1049
11/27/08-16:31:55.011082  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.27:1330
11/27/08-16:32:03.026699  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1546/0/750/0): 53u:1516, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:32:27.536102  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/889/5): 110:54, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:768 [**] {TCP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:33:14.682208  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2303/0/179/2): 53u:165, 25:2, 80:2138, 143:56, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:33:58.776585  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/898/5): 110:56, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:775 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:35:02.534276  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2317/0/180/2): 53u:165, 25:2, 80:2152, 143:57, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:35:13.821944  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1635
11/27/08-16:35:47.775872  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/907/5): 110:56, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:784 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:36:37.750516  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1548/0/750/0): 53u:1518, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:36:41.885462  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2320/0/180/2): 53u:165, 25:2, 80:2155, 143:57, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:36:45.617422  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:3897 -> 195.251.234.3:80
11/27/08-16:36:45.636488  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:3899 -> 195.251.234.3:80
11/27/08-16:36:45.636598  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3899 -> 195.251.234.3:80
11/27/08-16:36:52.526228  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:3918 -> 195.251.234.4:80
11/27/08-16:36:52.545146  [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**] [Priority: 3] {TCP} 195.251.232.23:3920 -> 195.251.234.4:80
11/27/08-16:36:52.545347  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3920 -> 195.251.234.4:80
11/27/08-16:36:56.629571  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3934 -> 195.251.234.3:80
11/27/08-16:37:02.533560  [**] [122:3:0] (portscan) TCP Portsweep [**] [Priority: 3] {PROTO:255} 195.251.232.23 -> 195.251.234.8
11/27/08-16:37:03.538856  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.232.23:3953 -> 195.251.234.4:80
11/27/08-16:37:18.774818  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/914/5): 110:56, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:791 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:37:23.563021  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=204/0/23/0) of 10 IPs: 195.251.234.3.{80,31337,443} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.13.80 195.251.234.12.80 195.251.234.19.80 195.251.234.21.80 195.251.234.24.80 195.251.234.25.80 [**] {TCP} 195.251.232.23:0 -> 195.251.234.3:0
11/27/08-16:38:26.543648  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2356/0/180/2): 53u:165, 25:2, 80:2191, 143:57, 443:121 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:38:35.914430  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.6:1239
11/27/08-16:38:49.119426  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1550/0/756/0): 53u:1520, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:39:00.774065  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/924/5): 110:58, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:799 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:39:57.887007  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2371/0/191/2): 53u:168, 25:2, 80:2203, 143:58, 443:131 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:40:30.773187  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=265/6/930/5): 110:58, 53u:99, 80:166, 443:2, 1341:1, 5353u:64, 123u:805 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:41:02.576423  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3653 -> 199.7.53.72:80
11/27/08-16:41:08.026652  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3662 -> 199.7.58.72:80
11/27/08-16:41:19.276166  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1551/0/757/0): 53u:1521, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:41:27.921299  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2418/0/213/2): 53u:175, 25:2, 80:2243, 143:60, 443:151 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:42:11.474911  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1040
11/27/08-16:42:16.771299  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=271/6/939/5): 110:58, 53u:101, 80:170, 443:2, 1341:1, 5353u:64, 123u:814 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:42:44.974558  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.8:1800
11/27/08-16:43:46.341694  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2424/0/221/2): 53u:175, 25:2, 80:2249, 143:61, 443:158 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:43:55.770110  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=274/6/950/5): 110:60, 53u:102, 80:172, 443:2, 1341:1, 5353u:64, 123u:823 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:45:30.769716  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=277/6/956/5): 110:60, 53u:102, 80:175, 443:2, 1341:1, 5353u:64, 123u:829 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:45:35.930011  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1553/0/757/0): 53u:1523, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:46:12.874074  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2426/0/226/2): 53u:176, 25:2, 80:2250, 143:63, 443:161 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:39:18.248671  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 195.251.232.23 (# pkts S/M/O/I=223/0/59/0) of 13 IPs: 195.251.234.3.{80,31337,443} 195.251.234.4.{80,31337,443} 195.251.234.6.{80,443} 195.251.234.8.{80,443} 195.251.234.13.{80,443} 195.251.234.12.{80,443} 195.251.234.19.{80,443} 195.251.234.21.{80,443} 195.251.234.24.{80,443} 195.251.234.25.{80,443} 195.251.234.27.{80,443} 195.251.234.29.{80,443} 195.251.234.30.{80,443} [**] {TCP} 195.251.232.23:0 -> 195.251.234.3:0
11/27/08-16:47:02.768871  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=281/6/964/5): 110:60, 53u:103, 80:178, 443:2, 1341:1, 5353u:64, 123u:837 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:47:12.659660  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1418
11/27/08-16:47:46.159245  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.21:1178
11/27/08-16:47:46.220803  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2431/0/226/2): 53u:177, 25:2, 80:2254, 143:63, 443:161 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:47:52.314077  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1554/0/757/0): 53u:1524, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:48:41.767880  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=283/6/973/5): 110:62, 53u:103, 80:180, 443:2, 1341:1, 5353u:64, 123u:844 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:50:11.767985  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=283/6/980/5): 110:62, 53u:103, 80:180, 443:2, 1341:1, 5353u:64, 123u:851 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:50:14.646152  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1556/0/757/0): 53u:1526, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:50:23.330865  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2435/0/226/2): 53u:178, 25:2, 80:2257, 143:63, 443:161 [**] {UDP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:50:32.408021  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1004
11/27/08-16:51:05.907608  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.29:1764
11/27/08-16:51:56.765338  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=283/6/988/5): 110:62, 53u:103, 80:180, 443:2, 1341:1, 5353u:64, 123u:859 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:52:21.358835  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 26 IPs (25 /24s) (# pkts S/M/O/I=1561/0/757/0): 53u:1531, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {UDP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:53:00.481252  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2440/0/227/2): 53u:179, 25:2, 80:2261, 143:64, 443:161 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:53:26.043399  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=286/6/996/5): 110:63, 53u:104, 80:182, 443:2, 1341:1, 5353u:64, 123u:866 [**] {TCP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:54:32.142967  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (25 /24s) (# pkts S/M/O/I=2449/0/238/2): 53u:182, 25:2, 80:2267, 143:64, 443:172 [**] {TCP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:54:34.380457  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 27 IPs (26 /24s) (# pkts S/M/O/I=1561/0/758/0): 53u:1531, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:55:09.763413  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=286/6/1005/5): 110:64, 53u:104, 80:182, 443:2, 1341:1, 5353u:64, 123u:874 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:56:02.019487  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (24 /24s) (# pkts S/M/O/I=2461/0/245/2): 53u:184, 25:2, 80:2277, 143:66, 443:177 [**] {UDP} 195.251.234.12:0 -> 62.212.66.197:0
11/27/08-16:56:02.896168  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3688 -> 199.7.54.72:80
11/27/08-16:56:03.852982  [**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**] [Priority: 3] {TCP} 195.251.234.12:3691 -> 199.7.54.72:80
11/27/08-16:56:05.220159  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1581
11/27/08-16:56:05.374129  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 27 IPs (26 /24s) (# pkts S/M/O/I=1562/0/758/0): 53u:1531, 67u:94, 123u:564, 45934:1, 38465:1, 2423:3, 2359:3, 2940:3, 2044:3, 2203:3, 2445:3, 2988:3 [**] {TCP} 195.251.234.3:0 -> 195.251.232.23:0
11/27/08-16:56:05.374129  [**] [777:7777001:1] E1[bh] Detected intense non-malware scan by 127.0.0.1 (# pkts S/M/O/I=0/0/24/0) of 10 IPs: 195.251.234.19.{1774,1488} 195.251.234.24.1839 195.251.234.30.{1937,1193,1581} 195.251.234.6.{1269,1029,1525,1239} 195.251.234.8.{1830,1040,1800} 195.251.234.13.{1126,1391} 195.251.234.27.{1074,1330} 195.251.234.21.{1049,1418,1178} 195.251.234.29.{1635,1004,1764} 195.251.234.3.1112 [**] {TCP} 127.0.0.1:0 -> 195.251.234.6:0
11/27/08-16:56:05.374129  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1112
11/27/08-16:56:22.123670  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1376
11/27/08-16:56:42.762653  [**] [777:7777005:1] E5[bh] Detected intense non-malware port scanning of 30 IPs (23 /24s) (# pkts S/M/O/I=289/6/1013/5): 110:64, 53u:105, 80:184, 443:2, 1341:1, 5353u:64, 123u:882 [**] {UDP} 195.251.234.21:0 -> 91.189.88.31:0
11/27/08-16:56:55.469728  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.30:1605
11/27/08-16:56:55.623355  [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] {TCP} 127.0.0.1:80 -> 195.251.234.3:1368