[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:43:09.173299 10.1.60.203:57764 -> 7.204.241.161:25
TCP TTL:63 TOS:0x0 ID:51372 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x787AFC70  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:45:54.394828 7.204.241.161:25 -> 10.1.60.203:50176
TCP TTL:64 TOS:0x0 ID:1283 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE06DEE6F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:45:54.395078 7.204.241.161:25 -> 10.1.60.203:50176
TCP TTL:64 TOS:0x0 ID:1284 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE06DEE6F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:47:02.322926 154.241.88.201:80 -> 3.75.190.181:60708
TCP TTL:63 TOS:0x0 ID:21269 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xE20FC272  Ack: 0x567079D3  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66621799 74830877 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:47:02.323457 154.241.88.201:80 -> 3.75.190.181:60708
TCP TTL:63 TOS:0x0 ID:21270 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0xE20FC272  Ack: 0x567079D3  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66621799 74830877 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.783211 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54149 IpLen:20 DgmLen:60 DF
******S* Seq: 0x8580A703  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 47703591 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.783554 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x6B560026  Ack: 0x8580A704  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 67042354 47703591 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.784376 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54150 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8580A704  Ack: 0x6B560027  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703592 67042354 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.788034 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54151 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x8580A704  Ack: 0x6B560027  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703596 67042354 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.788178 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64528 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x6B560027  Ack: 0x8580A78C  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042359 47703596 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.798436 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64530 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x6B5605CF  Ack: 0x8580A78C  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042368 47703596 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.800310 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54152 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8580A78C  Ack: 0x6B560630  Win: 0x1FC5  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703608 67042368 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.817548 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54153 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x8580A78C  Ack: 0x6B560630  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703618 67042368 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.823906 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64531 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x6B560630  Ack: 0x8580A852  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042394 47703618 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.825372 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54154 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x8580A852  Ack: 0x6B56066B  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703633 67042394 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.828968 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64532 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x6B56066B  Ack: 0x8580A90C  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042400 47703633 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.829088 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64533 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x6B560B94  Ack: 0x8580A90C  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042400 47703633 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.829181 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64534 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x6B560BB9  Ack: 0x8580A90C  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042400 47703633 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.831950 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54155 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8580A90C  Ack: 0x6B560BB9  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703640 67042400 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.832055 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54156 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8580A90C  Ack: 0x6B560BBA  Win: 0x1FF2  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703640 67042400 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.832321 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54157 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x8580A90C  Ack: 0x6B560BBA  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703640 67042400 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.832519 10.1.60.203:58113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:54158 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x8580A931  Ack: 0x6B560BBA  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 47703641 67042400 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-09:54:00.832696 154.241.88.201:443 -> 10.1.60.203:58113
TCP TTL:64 TOS:0x0 ID:64535 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x6B560BBA  Ack: 0x8580A932  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67042404 47703640 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-09:58:56.275385 7.204.241.161:993 -> 31.154.241.2:1296
TCP TTL:63 TOS:0x0 ID:3064 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x8AB87CDD  Ack: 0x9AE31DB  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:00:04.236747 7.204.241.161:51451 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:3159 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB159B00F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:07.126084 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18249 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063197 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:11.265069 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18255 IpLen:20 DgmLen:116
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063238 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:15.182329 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18268 IpLen:20 DgmLen:116
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063278 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:19.221401 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18279 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063318 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:27.276080 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18295 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063399 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:00:43.176329 10.1.10.10:25 -> 7.204.241.161:51451
TCP TTL:125 TOS:0x0 ID:18355 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x2E79010  Ack: 0xB159B010  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11063559 73853 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:03:18.591461 7.204.241.161:993 -> 31.154.241.2:1340
TCP TTL:63 TOS:0x0 ID:3706 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x604F07C0  Ack: 0xC1151E08  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.812453 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56742 IpLen:20 DgmLen:60 DF
******S* Seq: 0x752E046  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 48302515 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.812669 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x9BDAA008  Ack: 0x752E047  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 67642371 48302515 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.813447 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56743 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x752E047  Ack: 0x9BDAA009  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302517 67642371 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.816829 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56744 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x752E047  Ack: 0x9BDAA009  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302520 67642371 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.817088 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33793 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9BDAA009  Ack: 0x752E0CF  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642376 48302520 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.825931 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33795 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x9BDAA5B1  Ack: 0x752E0CF  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642380 48302520 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.829811 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56745 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x752E0CF  Ack: 0x9BDAA612  Win: 0x2052  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302534 67642380 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.846064 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56746 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x752E0CF  Ack: 0x9BDAA612  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302542 67642380 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.852154 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33796 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x9BDAA612  Ack: 0x752E195  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642409 48302542 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.853510 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56747 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x752E195  Ack: 0x9BDAA64D  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302557 67642409 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.858304 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33797 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x9BDAA64D  Ack: 0x752E24F  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642416 48302557 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.858442 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33798 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x9BDAAB76  Ack: 0x752E24F  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642417 48302557 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.858542 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33799 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x9BDAAB9B  Ack: 0x752E24F  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642417 48302557 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.861435 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56748 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x752E24F  Ack: 0x9BDAAB9B  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302566 67642416 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.861437 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56749 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x752E24F  Ack: 0x9BDAAB9C  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302566 67642417 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.861653 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56750 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x752E24F  Ack: 0x9BDAAB9C  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302566 67642417 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.861655 10.1.60.203:64941 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:56751 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x752E274  Ack: 0x9BDAAB9C  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 48302566 67642417 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:03:57.861858 154.241.88.201:443 -> 10.1.60.203:64941
TCP TTL:64 TOS:0x0 ID:33800 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9BDAAB9C  Ack: 0x752E275  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67642421 48302566 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:09:56.143080 10.1.60.203:55652 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58247 IpLen:20 DgmLen:60 DF
******S* Seq: 0x6CA8B074  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 48661984 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:09:59.133198 10.1.60.203:55652 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58253 IpLen:20 DgmLen:60 DF
******S* Seq: 0x6CA8B074  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 48664984 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:10:02.322371 10.1.60.203:55652 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58282 IpLen:20 DgmLen:60 DF
******S* Seq: 0x6CA8B074  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 48668184 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:10:05.512453 10.1.60.203:55652 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58290 IpLen:20 DgmLen:48 DF
******S* Seq: 0x6CA8B074  Ack: 0x0  Win: 0xFFFF  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:15:03.742234 10.1.60.203:51742 -> 7.204.241.161:25
TCP TTL:63 TOS:0x0 ID:59577 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x61A885C3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:17:49.493157 7.204.241.161:993 -> 31.154.241.1:1309
TCP TTL:63 TOS:0x0 ID:1661 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x7BF6A41A  Ack: 0xA4471B1E  Win: 0xFFFF  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:18:48.857969 3.75.190.181:50523 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:96 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x6635AD9B  Ack: 0xB910AC61  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76223 67947594 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.507970 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60536 IpLen:20 DgmLen:60 DF
******S* Seq: 0x2467C5D3  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 49201055 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.508878 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xBD5FD78A  Ack: 0x2467C5D4  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 67952272 49201055 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.509730 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60537 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2467C5D4  Ack: 0xBD5FD78B  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201058 67952272 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.513038 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60538 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x2467C5D4  Ack: 0xBD5FD78B  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201060 67952272 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.513959 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2334 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xBD5FD78B  Ack: 0x2467C65C  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952277 49201060 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.523364 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2336 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0xBD5FDD33  Ack: 0x2467C65C  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952286 49201060 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.526743 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60539 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2467C65C  Ack: 0xBD5FDD94  Win: 0x2052  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201075 67952286 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.543295 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60540 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x2467C65C  Ack: 0xBD5FDD94  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201083 67952286 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.550292 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2337 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0xBD5FDD94  Ack: 0x2467C722  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952313 49201083 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.552031 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60541 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x2467C722  Ack: 0xBD5FDDCF  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201099 67952313 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.556442 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2338 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0xBD5FDDCF  Ack: 0x2467C7DC  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952319 49201099 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.556444 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2339 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xBD5FE2F8  Ack: 0x2467C7DC  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952320 49201099 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.556505 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2340 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xBD5FE31D  Ack: 0x2467C7DC  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952320 49201099 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.559571 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60542 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2467C7DC  Ack: 0xBD5FE31D  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201108 67952319 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.559661 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60543 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2467C7DC  Ack: 0xBD5FE31E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201108 67952320 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.559787 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60544 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x2467C7DC  Ack: 0xBD5FE31E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201108 67952320 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.559860 10.1.60.203:58077 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:60545 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x2467C801  Ack: 0xBD5FE31E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 49201108 67952320 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:18:53.560461 154.241.88.201:443 -> 10.1.60.203:58077
TCP TTL:64 TOS:0x0 ID:2341 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xBD5FE31E  Ack: 0x2467C802  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67952324 49201108 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:19:47.526839 154.241.88.201:80 -> 3.75.190.181:49920
TCP TTL:63 TOS:0x0 ID:59710 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0x16E25BA2  Ack: 0xD923AC15  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68006559 135137 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:19:47.611091 3.75.190.181:55795 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:219 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xC8625937  Ack: 0x16E715E9  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 135224 68006638 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:20:47.585829 154.241.88.201:80 -> 3.75.190.181:58667
TCP TTL:63 TOS:0x0 ID:51612 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0x4FD757FD  Ack: 0x7800AD08  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68066918 195356 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:21:46.984272 3.75.190.181:57017 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:452 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xC4A074AE  Ack: 0xB231536A  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 255099 1612998711 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:21:46.990027 154.241.88.201:80 -> 3.75.190.181:49207
TCP TTL:63 TOS:0x0 ID:30780 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0x8806FFA0  Ack: 0xA50140  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68126619 255103 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:22:46.018780 7.204.241.161:57669 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:2041 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x6DA5A660  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:22:46.662615 154.241.88.201:80 -> 3.75.190.181:51429
TCP TTL:63 TOS:0x0 ID:35602 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0xC025FACE  Ack: 0x43859B17  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68186591 315027 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:22:52.902780 10.1.10.10:25 -> 7.204.241.161:57669
TCP TTL:125 TOS:0x0 ID:24187 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xA0EF6779  Ack: 0x6DA5A661  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11076919 53700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:23:01.748308 10.1.10.10:25 -> 7.204.241.161:57669
TCP TTL:125 TOS:0x0 ID:24276 IpLen:20 DgmLen:116
***AP**F Seq: 0xA0EF6779  Ack: 0x6DA5A661  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11077007 53700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:23:10.444543 10.1.10.10:25 -> 7.204.241.161:57669
TCP TTL:125 TOS:0x0 ID:24301 IpLen:20 DgmLen:116
***AP**F Seq: 0xA0EF6779  Ack: 0x6DA5A661  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11077095 53700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:23:19.223159 10.1.10.10:25 -> 7.204.241.161:57669
TCP TTL:125 TOS:0x0 ID:24318 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xA0EF6779  Ack: 0x6DA5A661  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11077184 53700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:23:36.461665 10.1.10.10:25 -> 7.204.241.161:57669
TCP TTL:125 TOS:0x0 ID:24414 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xA0EF6779  Ack: 0x6DA5A661  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11077360 53700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:23:48.161817 3.75.190.181:51875 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:1794 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x2A34B839  Ack: 0xF9761AE1  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376787 68248395 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:24:46.981794 3.75.190.181:59050 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:1996 IpLen:20 DgmLen:69 DF
***AP*** Seq: 0x836C9A8F  Ack: 0x45419415  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 435854 3180832963 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:28:40.920265 154.241.88.201:80 -> 3.75.190.181:56000
TCP TTL:63 TOS:0x0 ID:43109 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0xC9E48F9  Ack: 0xAB076FB7  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68542621 670775 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:28:42.867602 154.241.88.201:443 -> 31.154.241.11:1604
TCP TTL:63 TOS:0x0 ID:40057 IpLen:20 DgmLen:63 DF
***AP*** Seq: 0xEA8791D  Ack: 0x70687D0D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:28:45.554177 154.241.88.201:443 -> 31.154.241.11:1606
TCP TTL:63 TOS:0x0 ID:8984 IpLen:20 DgmLen:63 DF
***AP*** Seq: 0x10B2D237  Ack: 0x97ACE1D  Win: 0x16D0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:29:55.524022 154.241.88.201:80 -> 3.75.190.181:55945
TCP TTL:63 TOS:0x0 ID:50296 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0x52A1C109  Ack: 0x4714E081  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68617598 745693 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:31:00.239223 154.241.88.201:80 -> 3.75.190.181:52329
TCP TTL:63 TOS:0x0 ID:46773 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0x8EE7B539  Ack: 0x2725D81D  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68682637 810681 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:31:00.267549 7.204.241.161:25 -> 3.75.190.181:58744
TCP TTL:63 TOS:0x0 ID:2554 IpLen:20 DgmLen:67 DF
***AP*** Seq: 0x51ABF212  Ack: 0xC47F48C2  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2845347383 810711 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:07.293811 7.204.241.161:993 -> 222.100.5.233:3312
TCP TTL:63 TOS:0x0 ID:2682 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x3DC23746  Ack: 0x9A55E039  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:07.505887 7.204.241.161:51135 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:2696 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2854EF44  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:10.944304 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27224 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083134 116170 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:15.405796 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27233 IpLen:20 DgmLen:116
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083178 116170 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:19.758989 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27244 IpLen:20 DgmLen:116
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083222 116170 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:24.112439 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27251 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083266 116170 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:32.930771 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27280 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083354 116170 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.818578 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64318 IpLen:20 DgmLen:60 DF
******S* Seq: 0x8040D6E6  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 50099209 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.818823 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x2E18EF57  Ack: 0x8040D6E7  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 68852062 50099209 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.819713 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64319 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8040D6E7  Ack: 0x2E18EF58  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099211 68852062 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.822991 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64320 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x8040D6E7  Ack: 0x2E18EF58  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099214 68852062 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.823149 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30266 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2E18EF58  Ack: 0x8040D76F  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852066 50099214 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.831853 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30268 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x2E18F500  Ack: 0x8040D76F  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852068 50099214 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.835188 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64321 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8040D76F  Ack: 0x2E18F561  Win: 0x2052  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099226 68852068 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.851993 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64322 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x8040D76F  Ack: 0x2E18F561  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099235 68852068 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.858047 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30269 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x2E18F561  Ack: 0x8040D835  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852098 50099235 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.859314 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64323 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x8040D835  Ack: 0x2E18F59C  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099250 68852098 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.862755 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30270 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x2E18F59C  Ack: 0x8040D8EF  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852104 50099250 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.862820 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30271 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x2E18FAC5  Ack: 0x8040D8EF  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852104 50099250 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.862938 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30272 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x2E18FAEA  Ack: 0x8040D8EF  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852104 50099250 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.865733 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64324 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8040D8EF  Ack: 0x2E18FAEA  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099257 68852104 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.865832 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64325 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8040D8EF  Ack: 0x2E18FAEB  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099257 68852104 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.866289 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64326 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x8040D8EF  Ack: 0x2E18FAEB  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099257 68852104 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.866511 10.1.60.203:51733 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:64327 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x8040D914  Ack: 0x2E18FAEB  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 50099258 68852104 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:33:48.866696 154.241.88.201:443 -> 10.1.60.203:51733
TCP TTL:64 TOS:0x0 ID:30273 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x2E18FAEB  Ack: 0x8040D915  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68852110 50099257 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:33:50.449567 10.1.10.10:25 -> 7.204.241.161:51135
TCP TTL:125 TOS:0x0 ID:27434 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x3D132B1B  Ack: 0x2854EF45  Win: 0xFEB1  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11083531 116170 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:37:12.474011 3.75.190.181:59012 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:52438 IpLen:20 DgmLen:69 DF
***AP*** Seq: 0xEDDAADF2  Ack: 0x35FFC09A  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72119029 2030760111 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:37:12.859632 154.241.88.201:80 -> 3.75.190.181:60384
TCP TTL:63 TOS:0x0 ID:8446 IpLen:20 DgmLen:455 DF
***AP*** Seq: 0xEE139A9F  Ack: 0x374ED21D  Win: 0x5B  TcpLen: 32
TCP Options (3) => NOP NOP TS: 69057122 72119272 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-10:39:55.135541 10.2.195.248:36231 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF62D0A22  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-10:51:35.684805 7.204.241.161:993 -> 31.154.241.1:1386
TCP TTL:63 TOS:0x0 ID:3318 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x22248788  Ack: 0xFC082670  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:03:19.430287 10.1.60.203:53267 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:6273 IpLen:20 DgmLen:48 DF
******S* Seq: 0xE6FA4A32  Ack: 0x0  Win: 0xFFFF  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:03:33.453371 10.1.60.203:56456 -> 154.241.88.201:80
TCP TTL:63 TOS:0x0 ID:6336 IpLen:20 DgmLen:48 DF
******S* Seq: 0xE706FE0B  Ack: 0x0  Win: 0xFFFF  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:03:43.496147 10.1.60.203:52355 -> 7.204.241.161:25
TCP TTL:63 TOS:0x0 ID:6392 IpLen:20 DgmLen:48 DF
******S* Seq: 0x5E715311  Ack: 0x0  Win: 0xFFFF  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:03:49.264406 10.1.60.203:54113 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:6428 IpLen:20 DgmLen:48 DF
******S* Seq: 0x5B7185CB  Ack: 0x0  Win: 0xFFFF  TcpLen: 28
TCP Options (3) => MSS: 1460 SackOK EOL 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:05.222547 10.2.195.248:49001 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA244C2D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:05.322248 10.2.195.248:49002 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA244C2E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:05.413865 10.2.195.248:49003 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA244C2F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:05.510809 10.2.195.248:49004 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA244C30  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:05.611997 10.2.195.248:49005 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA244C31  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:07.816391 10.2.195.248:49001 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1261  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:07.898230 10.2.195.248:49002 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1262  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:08.005323 10.2.195.248:49003 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1263  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:08.111653 10.2.195.248:49004 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1264  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:08.211800 10.2.195.248:49005 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1265  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:05:08.300652 10.2.195.248:49006 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45A1266  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:07:38.277508 10.1.60.253:56689 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:11558 IpLen:20 DgmLen:40
***A**** Seq: 0xF622BC94  Ack: 0xA01BD4BC  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:07:40.175928 10.2.195.248:33759 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x120DCFC6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:07:40.176431 10.2.195.248:33759 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x120DCFC6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1616:10] DNS named version attempt [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:07:42.866316 10.2.195.248:50917 -> 65.190.233.37:53
UDP TTL:61 TOS:0x0 ID:52888 IpLen:20 DgmLen:58 DF
Len: 30
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10028][Xref => http://www.whitehats.com/info/IDS278]

[**] [1:256:9] DNS named authors attempt [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:07:43.346095 10.2.195.248:47243 -> 65.190.233.37:53
UDP TTL:61 TOS:0x0 ID:53005 IpLen:20 DgmLen:58 DF
Len: 30
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10728][Xref => http://www.whitehats.com/info/IDS480]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:08:01.584327 10.2.195.248:38405 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2409D009  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:08:08.944800 10.2.195.248:51242 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x12F36D97  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:08:32.588672 10.2.195.248:27460 -> 7.204.241.161:25
TCP TTL:1 TOS:0x0 ID:1461 IpLen:20 DgmLen:40
******S* Seq: 0x4  Ack: 0x0  Win: 0x800  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:08:32.588672 10.2.195.248:27460 -> 7.204.241.161:25
TCP TTL:1 TOS:0x0 ID:1461 IpLen:20 DgmLen:40
******S* Seq: 0x4  Ack: 0x0  Win: 0x800  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:08:32.593412 10.2.195.248:6164 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x53CF3665  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:08:40.868728 10.2.195.248:18953 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2FD63AC2  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:08:51.101590 31.154.241.11:1695 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:65060 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB28A3996  Ack: 0xE3FEE842  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:08:51.165970 31.154.241.11:1696 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:65104 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x4DFAA61  Ack: 0xE4D357E6  Win: 0xFC48  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:08:51.276316 31.154.241.11:1697 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:65209 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB8BD0E00  Ack: 0xE44D4121  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:08:51.285920 31.154.241.11:1698 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:65229 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xCAE8FC1F  Ack: 0xE45C5791  Win: 0xFB40  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:08:51.574372 31.154.241.11:1699 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:65280 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x4F100B79  Ack: 0xE4BF7299  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:09:19.672484 10.2.200.238:39082 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4C481D8D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:09:23.028725 10.2.200.238:39083 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4D272102  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:09:32.608034 10.2.200.238:39085 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4F91905B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:09:32.632844 10.2.200.238:39085 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4F919062  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.177813 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9690 IpLen:20 DgmLen:60 DF
******S* Seq: 0xDB51E6C0  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 52674722 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.178043 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x9A324699  Ack: 0xDB51E6C1  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 71432268 52674722 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.178831 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9691 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xDB51E6C1  Ack: 0x9A32469A  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674723 71432268 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.182684 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9692 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0xDB51E6C1  Ack: 0x9A32469A  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674726 71432268 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.182686 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48842 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9A32469A  Ack: 0xDB51E749  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432272 52674726 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.191089 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48844 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x9A324C42  Ack: 0xDB51E749  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432275 52674726 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.194226 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9693 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xDB51E749  Ack: 0x9A324CA3  Win: 0x1FC4  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674738 71432275 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.211542 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9694 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0xDB51E749  Ack: 0x9A324CA3  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674748 71432275 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.217619 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48845 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x9A324CA3  Ack: 0xDB51E80F  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432305 52674748 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.219120 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9695 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0xDB51E80F  Ack: 0x9A324CDE  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674764 71432305 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.222719 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48846 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x9A324CDE  Ack: 0xDB51E8C9  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432310 52674764 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.222774 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48847 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x9A325207  Ack: 0xDB51E8C9  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432310 52674764 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.222906 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48848 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x9A32522C  Ack: 0xDB51E8C9  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432311 52674764 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.225782 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9696 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xDB51E8C9  Ack: 0x9A32522C  Win: 0x207C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674771 71432310 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.225872 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9697 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xDB51E8C9  Ack: 0x9A32522D  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674771 71432311 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.225983 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9698 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xDB51E8C9  Ack: 0x9A32522D  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674771 71432311 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.226056 10.1.60.203:61250 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:9699 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xDB51E8EE  Ack: 0x9A32522D  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52674771 71432311 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:16:36.226171 154.241.88.201:443 -> 10.1.60.203:61250
TCP TTL:64 TOS:0x0 ID:48849 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9A32522D  Ack: 0xDB51E8EF  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71432313 52674771 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:07.491418 10.2.195.248:47967 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x83133F6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:07.505713 10.2.195.248:47968 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8E1A6BE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:12.250645 10.2.195.248:47969 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD35AB4F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:13.894448 10.2.195.248:47970 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE8612D8  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:35.485135 10.2.195.248:47976 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x22707556  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:21:57.074302 10.2.195.248:47982 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x36C1ABDE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:25:17.014053 7.204.241.161:57406 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:5125 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x53086773  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:25:20.825420 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15803 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11114588 430737 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:25:26.033318 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15868 IpLen:20 DgmLen:116
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11114640 430737 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:25:31.160679 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15882 IpLen:20 DgmLen:116
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11114692 430737 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:25:36.377330 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15906 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11114744 430737 

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:25:41.773271 10.2.199.239:61562 -> 180.242.137.181:5222
TCP TTL:38 TOS:0x0 ID:9963 IpLen:20 DgmLen:44
******S* Seq: 0xF7D028A7  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:25:41.773271 10.2.199.239:61562 -> 180.242.137.181:5222
TCP TTL:38 TOS:0x0 ID:9963 IpLen:20 DgmLen:44
******S* Seq: 0xF7D028A7  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:25:46.707192 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15921 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11114848 430737 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:26:07.371613 10.1.10.10:25 -> 7.204.241.161:57406
TCP TTL:125 TOS:0x0 ID:15969 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x97B86EF9  Ack: 0x53086774  Win: 0xFEBD  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11115056 430737 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.132908 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12226 IpLen:20 DgmLen:60 DF
******S* Seq: 0xC46C1EAF  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 53273572 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.133132 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xCAD0498E  Ack: 0xC46C1EB0  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 72032210 53273572 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.133997 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12227 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xC46C1EB0  Ack: 0xCAD0498F  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273573 72032210 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.137851 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12228 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0xC46C1EB0  Ack: 0xCAD0498F  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273578 72032210 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.138017 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22104 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCAD0498F  Ack: 0xC46C1F38  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032215 53273578 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.146675 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22106 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0xCAD04F37  Ack: 0xC46C1F38  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032217 53273578 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.149886 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12229 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xC46C1F38  Ack: 0xCAD04F98  Win: 0x1FC5  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273590 72032217 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.167308 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12230 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0xC46C1F38  Ack: 0xCAD04F98  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273601 72032217 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.173332 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22107 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0xCAD04F98  Ack: 0xC46C1FFE  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032247 53273601 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.174626 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12231 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0xC46C1FFE  Ack: 0xCAD04FD3  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273614 72032247 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.178445 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22108 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0xCAD04FD3  Ack: 0xC46C20B8  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032254 53273614 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.178447 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22109 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xCAD054FC  Ack: 0xC46C20B8  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032254 53273614 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.178449 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22110 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xCAD05521  Ack: 0xC46C20B8  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032254 53273614 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.182346 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12232 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xC46C20B8  Ack: 0xCAD05521  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273622 72032254 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.182348 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12233 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xC46C20B8  Ack: 0xCAD05521  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273622 72032254 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.182350 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12234 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xC46C20DD  Ack: 0xCAD05521  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273622 72032254 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.182352 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22111 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xCAD05522  Ack: 0xC46C20DE  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032257 53273622 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.383856 154.241.88.201:443 -> 10.1.60.203:50116
TCP TTL:64 TOS:0x0 ID:22112 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xCAD05521  Ack: 0xC46C20DE  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72032462 53273622 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:26:33.384673 10.1.60.203:50116 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12235 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xC46C20DE  Ack: 0xCAD05522  Win: 0x2085  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53273826 72032462 

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:27:55.527349 10.2.199.239:50164 -> 154.241.88.201:80
TCP TTL:38 TOS:0x0 ID:54499 IpLen:20 DgmLen:44
******S* Seq: 0x532B8EB6  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-11:27:55.527349 10.2.199.239:50164 -> 154.241.88.201:80
TCP TTL:38 TOS:0x0 ID:54499 IpLen:20 DgmLen:44
******S* Seq: 0x532B8EB6  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:13.846962 10.2.199.239:1174 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27324 IpLen:20 DgmLen:52 DF
***AP*** Seq: 0xDA209356  Ack: 0x28F0AAB0  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:24.003146 10.2.199.239:1178 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27354 IpLen:20 DgmLen:84 DF
***AP*** Seq: 0x5E2D1FCA  Ack: 0x320008A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:28:24.003146 10.2.199.239:1178 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27354 IpLen:20 DgmLen:84 DF
***AP*** Seq: 0x5E2D1FCA  Ack: 0x320008A5  Win: 0xFAF0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:29.049649 10.2.199.239:1182 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27391 IpLen:20 DgmLen:72 DF
***AP*** Seq: 0x97D60DD5  Ack: 0x3733937A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.626242 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12728 IpLen:20 DgmLen:60 DF
******S* Seq: 0x62388254  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 53393445 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.626935 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x3ACC7F93  Ack: 0x62388255  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 72152302 53393445 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.627772 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12729 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x62388255  Ack: 0x3ACC7F94  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393448 72152302 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.631109 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12730 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x62388255  Ack: 0x3ACC7F94  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393451 72152302 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.631891 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35687 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x3ACC7F94  Ack: 0x623882DD  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152307 53393451 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.640775 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35689 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x3ACC853C  Ack: 0x623882DD  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152316 53393451 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.643909 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12731 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x623882DD  Ack: 0x3ACC859D  Win: 0x1FC5  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393464 72152316 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.660796 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12732 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x623882DD  Ack: 0x3ACC859D  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393473 72152316 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.700450 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35690 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x3ACC859D  Ack: 0x623883A3  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152369 53393473 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.701849 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12733 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x623883A3  Ack: 0x3ACC85D8  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393522 72152369 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.705375 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35691 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x3ACC85D8  Ack: 0x6238845D  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152380 53393522 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.705481 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35692 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x3ACC8B01  Ack: 0x6238845D  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152381 53393522 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.705597 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35693 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x3ACC8B26  Ack: 0x6238845D  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152381 53393522 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.708316 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12734 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x6238845D  Ack: 0x3ACC8B26  Win: 0x1FF2  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393529 72152380 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.708528 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12735 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x6238845D  Ack: 0x3ACC8B26  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393529 72152380 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.708579 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12736 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x62388482  Ack: 0x3ACC8B26  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393529 72152380 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.708733 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35694 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x3ACC8B27  Ack: 0x62388483  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152384 53393529 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.912467 154.241.88.201:443 -> 10.1.60.203:53590
TCP TTL:64 TOS:0x0 ID:35695 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x3ACC8B26  Ack: 0x62388483  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 72152589 53393529 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:28:32.913331 10.1.60.203:53590 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:12737 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x62388483  Ack: 0x3ACC8B27  Win: 0x2085  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53393734 72152589 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:34.056903 10.2.199.239:1184 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27406 IpLen:20 DgmLen:54 DF
***AP*** Seq: 0x2BE1A8AB  Ack: 0x3B311ED0  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:39.193936 10.2.199.239:1187 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27425 IpLen:20 DgmLen:128 DF
***AP*** Seq: 0xCF4C54EA  Ack: 0x40B57356  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:44.425012 10.2.199.239:1193 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27467 IpLen:20 DgmLen:54 DF
***AP*** Seq: 0x13FFB26F  Ack: 0x44E2F635  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:28:44.425012 10.2.199.239:1193 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27467 IpLen:20 DgmLen:54 DF
***AP*** Seq: 0x13FFB26F  Ack: 0x44E2F635  Win: 0xFAF0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:49.501313 10.2.199.239:1196 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27486 IpLen:20 DgmLen:56 DF
***AP*** Seq: 0x619921CB  Ack: 0x4A90EDE9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:54.574714 10.2.199.239:1200 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27521 IpLen:20 DgmLen:51 DF
***AP*** Seq: 0xECA7B20  Ack: 0x4EF1EE14  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:28:54.574714 10.2.199.239:1200 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27521 IpLen:20 DgmLen:51 DF
***AP*** Seq: 0xECA7B20  Ack: 0x4EF1EE14  Win: 0xFAF0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:28:59.606025 10.2.199.239:1203 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27545 IpLen:20 DgmLen:63 DF
***AP*** Seq: 0x58339938  Ack: 0x538F7E2B  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:28:59.606025 10.2.199.239:1203 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27545 IpLen:20 DgmLen:63 DF
***AP*** Seq: 0x58339938  Ack: 0x538F7E2B  Win: 0xFAF0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:29:04.649385 10.2.199.239:1205 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27559 IpLen:20 DgmLen:100 DF
***AP*** Seq: 0x6B8FEF81  Ack: 0x57E3137A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:29:09.659498 10.2.199.239:1207 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27574 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0xEB24957F  Ack: 0x5CC44F73  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:29:09.659498 10.2.199.239:1207 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27574 IpLen:20 DgmLen:215 DF
***AP*** Seq: 0xEB24957F  Ack: 0x5CC44F73  Win: 0xFAF0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-11:29:14.674060 10.2.199.239:1209 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27589 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x17171AC1  Ack: 0x6188B00F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-11:29:14.674060 10.2.199.239:1209 -> 154.241.88.201:80
TCP TTL:125 TOS:0x0 ID:27589 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0x17171AC1  Ack: 0x6188B00F  Win: 0xFAF0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:31:33.188733 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36526 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:31:34.176014 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36527 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:31:36.146687 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36528 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:31:40.087951 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36529 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:31:47.970582 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36530 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:32:03.732045 154.241.88.201:443 -> 10.1.90.5:1413
TCP TTL:64 TOS:0x0 ID:36531 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD580FA9E  Ack: 0x8B0FDE53  Win: 0x1920  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:33:10.845062 10.1.60.253:52270 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:20488 IpLen:20 DgmLen:40
***A**** Seq: 0xD1F6B2CB  Ack: 0xA0AD6F16  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:35:21.935448 154.241.88.201:443 -> 31.154.241.11:1726
TCP TTL:63 TOS:0x0 ID:28849 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xBADA5746  Ack: 0xF4C3A034  Win: 0x2180  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-11:35:24.334867 31.154.241.11:1727 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:7625 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xBD2F0E84  Ack: 0xBC8ED52E  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:35:42.264012 10.2.192.252:44857 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3D28AE88  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:35:42.473845 10.2.192.252:44858 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3D49DFFD  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:35:42.479282 10.2.192.252:44859 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3DCD7810  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:35:42.519338 10.2.192.252:44859 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3DCD7836  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:35:42.617653 10.2.192.252:44860 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3E335FD4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:41:36.308295 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50099 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:41:37.291712 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50100 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:41:39.254585 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50101 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:41:43.180359 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50102 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:41:51.031930 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50103 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:42:06.729211 154.241.88.201:443 -> 10.1.90.5:1421
TCP TTL:64 TOS:0x0 ID:50104 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xC4A7D82  Ack: 0xFD0F7B44  Win: 0x1920  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:11.676111 10.2.192.252:50487 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE42280C6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:11.687164 10.2.192.252:50487 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE42280C6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:11.688275 10.2.192.252:50487 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE42280EB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:13.765316 10.2.192.252:50488 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE5E442E4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:14.764648 10.2.192.252:50489 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE719B8CA  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:21.541073 10.2.192.252:50490 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xECE021C4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:43:56.220736 10.2.192.252:50492 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD7CE569  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:44:12.076105 10.2.192.252:50494 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1C5B25D0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:46:35.907195 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38390 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:46:36.948842 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38391 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:46:39.045854 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38392 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:46:43.210646 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38393 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:46:51.540309 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38394 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:47:08.195679 154.241.88.201:443 -> 10.1.90.5:1424
TCP TTL:64 TOS:0x0 ID:38395 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x2555CB82  Ack: 0xCD583037  Win: 0x1920  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:47:45.849805 10.2.194.250:41134 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDE538D4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:47:49.124773 10.2.194.250:41135 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE45ADBE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:47:56.772659 10.2.194.250:41137 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x119CEE10  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:47:56.825098 10.2.194.250:41139 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x185A95F5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:47:59.964962 10.2.194.250:41140 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1AB13ABA  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:48:00.560255 10.2.194.250:41142 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1BA364CE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.369782 10.2.198.242:44317 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7CC349  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.370219 10.2.198.242:52470 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x73C1A515  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.371180 10.2.198.242:51045 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x58B65AE5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.372170 10.2.198.242:49196 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8B9C3B2E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.373670 10.2.198.242:37415 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3289D074  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.374428 10.2.198.242:49247 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE787AC1F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.375108 10.2.198.242:36769 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDD371802  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.376091 10.2.198.242:38740 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF578920F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.377994 10.2.198.242:45617 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3040E243  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:12.378750 10.2.198.242:34559 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x9C154F4E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:51:37.639438 7.204.241.161:52263 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:6002 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD5897FFE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:51:40.635189 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24505 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130465 589615 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:51:44.665083 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24510 IpLen:20 DgmLen:116
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130505 589615 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:51:48.699860 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24519 IpLen:20 DgmLen:116
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130546 589615 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:51:52.720855 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24524 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130586 589615 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:52:00.657167 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24539 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130666 589615 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-11:52:16.653339 10.1.10.10:25 -> 7.204.241.161:52263
TCP TTL:125 TOS:0x0 ID:24710 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x7BA212AC  Ack: 0xD5897FFF  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11130827 589615 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:02.341184 10.2.193.250:58533 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x24F2AECB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:16.563666 10.2.193.250:58535 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3278E9D9  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:38.725609 10.2.193.250:58542 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x441E1550  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:38.743557 10.2.193.250:58544 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x47E027A1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:41.994542 10.2.193.250:58545 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4A42D237  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:44.477081 10.2.193.250:58547 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4C49DC4D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:54:45.615633 10.2.193.250:58548 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4D19BED8  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:02.817842 10.2.196.244:51542 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5482411E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:05.446974 10.2.196.244:51543 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5545F03B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:06.099223 10.2.196.244:51545 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5855CF31  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:16.473703 10.2.196.244:51548 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x618FF378  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.154314 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29731 IpLen:20 DgmLen:60 DF
******S* Seq: 0xD24B7E3A  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 100579123 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.154502 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xD270D68  Ack: 0xD24B7E3B  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 74021134 100579123 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.155362 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29732 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD24B7E3B  Ack: 0xD270D69  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579123 74021134 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.172120 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29733 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0xD24B7E3B  Ack: 0xD270D69  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579124 74021134 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.172294 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29769 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD270D69  Ack: 0xD24B7EC3  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021152 100579124 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.181082 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29771 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0xD271311  Ack: 0xD24B7EC3  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021161 100579124 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.184497 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29734 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD24B7EC3  Ack: 0xD271372  Win: 0x1FC4  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579126 74021160 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.236016 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29735 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0xD24B7EC3  Ack: 0xD271372  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579131 74021160 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.242306 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29772 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0xD271372  Ack: 0xD24B7F89  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021222 100579131 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.244055 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29736 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0xD24B7F89  Ack: 0xD2713AD  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579132 74021222 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.247520 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29773 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0xD2713AD  Ack: 0xD24B8043  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021227 100579132 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.247573 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29774 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xD2718D6  Ack: 0xD24B8043  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021227 100579132 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.247680 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29775 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xD2718FB  Ack: 0xD24B8043  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021227 100579132 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.250759 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29737 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD24B8043  Ack: 0xD2718FB  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579132 74021227 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.250863 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29738 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD24B8043  Ack: 0xD2718FC  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579132 74021227 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.651575 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29754 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xD24B8043  Ack: 0xD2718FC  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579173 74021227 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.651850 10.1.60.253:63723 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:29755 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xD24B8068  Ack: 0xD2718FC  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 100579173 74021227 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:32.652005 154.241.88.201:443 -> 10.1.60.253:63723
TCP TTL:64 TOS:0x0 ID:29776 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xD2718FC  Ack: 0xD24B8069  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 74021634 100579173 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:51.949367 10.2.196.244:51556 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x82CB1B6D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:51.949530 10.2.196.244:51556 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x82CB1B92  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-11:59:52.276234 10.2.196.244:51557 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x837B0DAE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:00:49.631332 10.2.196.244:51560 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB86ADC4C  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:01:35.013413 10.2.194.250:45015 -> 154.241.88.201:443
TCP TTL:46 TOS:0x0 ID:20177 IpLen:20 DgmLen:44
******S* Seq: 0xA7663D2F  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:01:35.013413 10.2.194.250:45015 -> 154.241.88.201:443
TCP TTL:46 TOS:0x0 ID:20177 IpLen:20 DgmLen:44
******S* Seq: 0xA7663D2F  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [1:1852:4] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-12:01:38.271328 10.2.194.250:45330 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2954 IpLen:20 DgmLen:210 DF
***AP*** Seq: 0x1C07D73D  Ack: 0x83559C3C  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2546919 74147710 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:02:20.940883 10.2.196.244:33371 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF836E97  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:02:20.941690 10.2.196.244:33371 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF836E97  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:02:42.504870 7.204.241.161:62219 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:6553 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB981564A  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:02:46.095708 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31465 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137152 656445 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:02:50.850481 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31500 IpLen:20 DgmLen:116
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137200 656445 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:02:51.722006 10.2.196.244:33373 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2BC27D11  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:02:55.650368 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31517 IpLen:20 DgmLen:116
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137248 656445 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:03:00.431326 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31527 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137296 656445 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:03:10.007659 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31563 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137392 656445 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:03:29.060124 10.1.10.10:25 -> 7.204.241.161:62219
TCP TTL:125 TOS:0x0 ID:31768 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x9B984884  Ack: 0xB981564B  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11137584 656445 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:04:32.387310 7.204.241.161:993 -> 31.154.241.1:1513
TCP TTL:63 TOS:0x0 ID:6752 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x825EC9C3  Ack: 0xB1489AA1  Win: 0xFFFF  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:04:45.514726 7.204.241.161:993 -> 31.154.241.2:1669
TCP TTL:63 TOS:0x0 ID:6773 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xBDED245B  Ack: 0xA70A76C3  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:05:15.229832 10.2.192.252:34923 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xBE813280  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:05:16.887290 10.2.192.252:34924 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xBFB2B304  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:05:22.046217 10.2.192.252:34926 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC49A13B3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:05:56.887985 10.2.196.244:35093 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD9C0E40B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2000540:7] ET SCAN NMAP -sA (2) [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:06:12.619533 10.2.196.244:43109 -> 154.241.88.201:80
TCP TTL:51 TOS:0x0 ID:14512 IpLen:20 DgmLen:40
***A**** Seq: 0xA2F7A201  Ack: 0xC3E18F9F  Win: 0xC00  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000540]

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:06:12.738513 10.2.196.244:43109 -> 154.241.88.201:80
TCP TTL:42 TOS:0x0 ID:13151 IpLen:20 DgmLen:44
******S* Seq: 0x10585367  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:06:12.738513 10.2.196.244:43109 -> 154.241.88.201:80
TCP TTL:42 TOS:0x0 ID:13151 IpLen:20 DgmLen:44
******S* Seq: 0x10585367  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:06:57.734302 10.2.196.244:52024 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x130FBFF2  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:06:57.895031 10.2.196.244:52025 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x13DC0F88  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:06:57.896148 10.2.196.244:52025 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x13DC0F88  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:06:57.940097 10.2.196.244:52025 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x13DC0FAE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:06:58.074895 10.2.196.244:52027 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x13A5FC2E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:07:31.718671 10.1.50.2:3488 -> 154.241.88.201:443
TCP TTL:125 TOS:0x0 ID:37691 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xFC29F025  Ack: 0xCFF4BCEB  Win: 0xFB80  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:07:54.901829 10.1.50.2:3497 -> 154.241.88.201:443
TCP TTL:125 TOS:0x0 ID:37991 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xEEDCAB99  Ack: 0xE49F1730  Win: 0xFFFF  TcpLen: 20

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:08:04.601502 10.2.197.242:55433 -> 7.204.241.161:25
TCP TTL:42 TOS:0x0 ID:59539 IpLen:20 DgmLen:44
******S* Seq: 0xD7C38846  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-12:08:04.601502 10.2.197.242:55433 -> 7.204.241.161:25
TCP TTL:42 TOS:0x0 ID:59539 IpLen:20 DgmLen:44
******S* Seq: 0xD7C38846  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:16.131078 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21483 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:16.829670 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21484 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:18.222037 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21485 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:21.011990 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21486 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:26.585862 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21487 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:09:37.729538 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21488 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:10:00.020955 154.241.88.201:443 -> 10.1.90.5:1420
TCP TTL:64 TOS:0x0 ID:21489 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x30CA3D9B  Ack: 0x7B7E85B7  Win: 0x1920  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:50.122361 31.154.241.11:1736 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23541 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xA1633B79  Ack: 0xC2C8BF51  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:50.178087 31.154.241.11:1737 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23558 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x76429D9F  Ack: 0xC25C6E03  Win: 0xFE1B  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:50.235426 31.154.241.11:1738 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23584 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x59EF817F  Ack: 0xC32459FE  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:51.306285 31.154.241.11:1739 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23612 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x4F865482  Ack: 0xC4128F96  Win: 0xFD0E  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:52.342300 31.154.241.11:1740 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23642 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x94C049A4  Ack: 0xC44FA77E  Win: 0xFFDA  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:53.532315 31.154.241.11:1741 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23672 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB82B0453  Ack: 0xC628E66E  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:53.677420 31.154.241.11:1742 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23740 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x2256CE3C  Ack: 0xC565184E  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:54.362676 31.154.241.11:1743 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23769 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x81301833  Ack: 0xC6E5C9BF  Win: 0xFFFF  TcpLen: 20

[**] [129:8:1] Data sent on stream after TCP Reset [**]
[Priority: 3] 
11/08-12:11:55.229651 31.154.241.11:1744 -> 154.241.88.201:443
TCP TTL:127 TOS:0x0 ID:23801 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x7EF54A13  Ack: 0xC762BB8E  Win: 0xFFDA  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:20:36.141564 10.2.196.243:53275 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4900C1D1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:23:36.267657 7.204.241.161:59735 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:7492 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x9EA13D80  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:23:40.850343 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29235 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11149762 782469 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:23:46.839381 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29289 IpLen:20 DgmLen:116
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11149822 782469 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:23:52.826180 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29423 IpLen:20 DgmLen:116
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11149882 782469 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:23:58.805653 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29445 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11149942 782469 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:24:10.661189 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29512 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150062 782469 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:10.679262 3.75.190.181:58281 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:4321 IpLen:20 DgmLen:69 DF
***AP*** Seq: 0xA7C009B4  Ack: 0x569A69E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75716058 1092634685 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:24:34.609910 10.1.10.10:25 -> 7.204.241.161:59735
TCP TTL:125 TOS:0x0 ID:29580 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xC168981E  Ack: 0x9EA13D81  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150302 782469 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:54.221891 10.2.193.250:49491 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF08E393E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:54.764206 10.2.193.250:49493 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF1A601C9  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:54.886652 10.2.193.250:49493 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF1A601EF  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:55.287755 10.2.193.250:49492 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF147DC40  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:24:55.447963 10.2.193.250:49492 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF147DC66  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:25:18.957298 10.2.196.243:40338 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x52E25C59  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:25:19.429426 7.204.241.161:59684 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:7649 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5D1DD6C3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:25:23.677829 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:31053 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150795 792838 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:25:29.230862 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:31124 IpLen:20 DgmLen:116
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150851 792838 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:25:34.778196 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:31164 IpLen:20 DgmLen:116
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150907 792838 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:25:40.326791 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:31210 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11150963 792838 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:25:51.556287 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:31355 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151075 792838 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:25:56.482811 10.2.193.250:39047 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2CB7CFA2  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:13.841893 10.1.10.10:25 -> 7.204.241.161:59684
TCP TTL:125 TOS:0x0 ID:32369 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x1A3D1703  Ack: 0x5D1DD6C4  Win: 0xFEFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151300 792838 

[**] [129:5:1] Bad segment, adjusted size <= 0 [**]
[Priority: 3] 
11/08-12:26:17.401246 7.204.241.161:61800 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:7729 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x625A6450  Ack: 0x8D035AB1  Win: 0x2083  TcpLen: 32
TCP Options (3) => NOP NOP TS: 798665 11151335 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:17.740892 7.204.241.161:61800 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:7732 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x625A6A6E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:22.800058 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:32421 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151389 798700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:29.098028 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:32615 IpLen:20 DgmLen:116
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151453 798700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:35.534113 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:32713 IpLen:20 DgmLen:116
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151517 798700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:41.843176 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:32727 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151581 798700 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:50.468962 10.2.193.250:39048 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5E29E3C0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:50.836460 10.2.193.250:39049 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F78414D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:50.837267 10.2.193.250:39049 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F78414D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:50.930406 10.2.193.250:39049 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F784173  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:51.158692 10.2.193.250:39051 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FAB7765  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:51.159803 10.2.193.250:39051 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FAB7765  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:26:51.282687 10.2.193.250:39051 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FAB778B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:26:54.563180 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:126 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151709 798700 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:27:20.167690 10.1.10.10:25 -> 7.204.241.161:61800
TCP TTL:125 TOS:0x0 ID:313 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x8D035AF6  Ack: 0x625A6A6F  Win: 0xFE5D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11151966 798700 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:28:50.328815 10.2.193.250:39052 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCF16D970  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:28:50.737759 10.2.193.250:39053 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCF082AFD  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:26.888829 10.2.190.254:41429 -> 180.242.137.181:5222
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3F608BFE  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.411671 10.2.193.250:47495 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3886B84E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.806959 10.2.193.250:47496 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x38C02022  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.818781 10.2.193.250:47497 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x393DE88B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.818886 10.2.193.250:47497 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x393DE88B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.917042 10.2.193.250:47496 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x38C02048  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:42.928618 10.2.193.250:47497 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x393DE8B1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:43.169731 10.2.193.250:47498 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x39BCA303  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:30:43.283634 10.2.193.250:47498 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x39BCA329  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:07.691980 10.2.190.254:45781 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x6475D042  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-12:31:18.247029 10.2.193.250:43993 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7079 IpLen:20 DgmLen:142 DF
***AP*** Seq: 0x5A5C494E  Ack: 0xB13B5CE  Win: 0x5C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 3691338 75936367 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-12:31:18.247029 10.2.193.250:43993 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7079 IpLen:20 DgmLen:142 DF
***AP*** Seq: 0x5A5C494E  Ack: 0xB13B5CE  Win: 0x5C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 3691338 75936367 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-12:31:18.461009 10.2.193.250:43993 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7081 IpLen:20 DgmLen:59 DF
***AP*** Seq: 0x5A5C49A8  Ack: 0xB13B6A0  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 3691392 75936765 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:24.182132 10.2.193.250:39265 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5E00FE93  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:24.394384 10.2.193.250:39265 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5E00FEAF  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:32.945924 10.2.193.250:48618 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x66BA37A4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:32.946969 10.2.193.250:48618 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x66BA37BF  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:32.947075 10.2.193.250:48618 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x66BA37C0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:38.855830 10.2.193.250:60132 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x6D195DDB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:31:38.963550 10.2.193.250:60132 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x6D195DF7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:33:43.223538 10.1.60.253:58030 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:43083 IpLen:20 DgmLen:40
***A**** Seq: 0x836A7BC0  Ack: 0x9271CF99  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:34:50.311458 10.2.193.250:47499 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x219438B6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:34:50.537572 10.2.193.250:47501 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x21B86678  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:34:50.637199 10.2.193.250:47501 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x21B8669E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:34:50.838162 10.2.193.250:47502 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x221969D1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:34:50.916225 10.2.193.250:47502 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x221969F7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:35:06.370825 10.2.196.243:58076 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7A64B168  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:35:06.723813 10.2.196.243:58078 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7ADCCC77  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:36:07.597834 10.2.196.243:58080 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB3F24CED  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:37:50.443208 10.2.193.250:56404 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCA4CD2F8  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:37:50.792695 10.2.193.250:56406 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCAF00B2D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:37:51.000047 10.2.193.250:56406 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCAF00B53  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:37:51.258128 10.2.193.250:56407 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCB96CFD2  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.601958 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30448 IpLen:20 DgmLen:60 DF
******S* Seq: 0x44C835CB  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 57585693 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.602143 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x8F6CCA6D  Ack: 0x44C835CC  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 76352188 57585693 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.602975 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30449 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x44C835CC  Ack: 0x8F6CCA6E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585695 76352188 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.606502 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30450 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x44C835CC  Ack: 0x8F6CCA6E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585698 76352188 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.606666 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49327 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8F6CCA6E  Ack: 0x44C83654  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352193 57585698 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.615663 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49329 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x8F6CD016  Ack: 0x44C83654  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352202 57585698 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.619153 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30451 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x44C83654  Ack: 0x8F6CD077  Win: 0x2052  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585712 76352201 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.635274 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30452 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x44C83654  Ack: 0x8F6CD077  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585723 76352201 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.642676 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49330 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x8F6CD077  Ack: 0x44C8371A  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352228 57585723 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.644010 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30453 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x44C8371A  Ack: 0x8F6CD0B2  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585736 76352228 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.647855 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49331 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x8F6CD0B2  Ack: 0x44C837D4  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352234 57585736 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.647957 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49332 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x8F6CD5DB  Ack: 0x44C837D4  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352234 57585736 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.648058 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49333 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x8F6CD600  Ack: 0x44C837D4  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352234 57585736 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.650927 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30454 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x44C837D4  Ack: 0x8F6CD600  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585743 76352234 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.651034 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30455 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x44C837D4  Ack: 0x8F6CD601  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585743 76352234 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.651155 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30456 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x44C837D4  Ack: 0x8F6CD601  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585743 76352234 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.651229 10.1.60.203:63388 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:30457 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x44C837F9  Ack: 0x8F6CD601  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57585744 76352234 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:11.651405 154.241.88.201:443 -> 10.1.60.203:63388
TCP TTL:64 TOS:0x0 ID:49334 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x8F6CD601  Ack: 0x44C837FA  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76352238 57585743 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:24.482258 10.2.190.254:60768 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFFF43BFA  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:38:27.306906 7.204.241.161:63064 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:8164 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x805A0C22  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:38:31.903026 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:9989 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11158716 872033 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:38:37.916408 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:10013 IpLen:20 DgmLen:116
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11158778 872033 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:38:43.986729 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:10102 IpLen:20 DgmLen:116
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11158838 872033 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:38:50.088604 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:10119 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11158899 872033 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:39:02.053831 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:10154 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11159019 872033 

[**] [1:12592:3] SMTP ClamAV recipient command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-12:39:18.352973 10.1.70.131:58530 -> 7.204.241.161:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:162
***AP*** Seq: 0x13A0B57F  Ack: 0x36DB9B03  Win: 0x200  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4560][Xref => http://www.securityfocus.com/bid/25439]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:25.416251 10.2.193.250:56408 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x23944F45  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:39:25.981037 10.1.10.10:25 -> 7.204.241.161:63064
TCP TTL:125 TOS:0x0 ID:10580 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0xE8431687  Ack: 0x805A0C23  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11159260 872033 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:26.024279 10.2.193.250:56411 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x23D8A718  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:26.133991 10.2.193.250:56411 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x23D8A73E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:30.975304 10.2.196.243:49345 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x73B5F180  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:31.583969 10.2.196.243:49348 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7466C550  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:39:45.700446 10.2.196.243:49350 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x80FF8638  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:39:55.938693 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59900 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:39:56.580059 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59901 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:39:57.858833 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59902 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:40:00.416443 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59903 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:40:05.526299 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59904 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:40:15.747879 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59905 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:40:36.189782 154.241.88.201:443 -> 10.1.90.5:1426
TCP TTL:64 TOS:0x0 ID:59906 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xE3618E7C  Ack: 0x39F8856E  Win: 0x16D0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:38.115895 10.2.196.243:49361 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB1D8BD4E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:45.753616 10.2.196.243:49363 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB9D52AD5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:50.522822 10.2.197.241:56770 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3CC48B20  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:52.627841 10.2.193.250:44426 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76A47292  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:52.824970 10.2.193.250:44428 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76C5FF96  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:52.825559 10.2.193.250:44428 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76C5FF96  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:52.911276 10.2.193.250:44428 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76C5FFBC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:53.080201 10.2.193.250:44429 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76DCFD76  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:53.080389 10.2.193.250:44429 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76DCFD76  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:40:53.152064 10.2.193.250:44429 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x76DCFD9C  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:42:05.708726 10.2.196.243:49238 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x556625C  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:42:17.225003 10.2.196.243:49239 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1002AC24  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:42:28.022300 10.2.193.250:44430 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xCFA15597  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:42:50.592873 10.2.190.254:39850 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF98E41F7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:11.956160 10.2.193.250:44434 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF8257FDC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:12.400512 10.2.193.250:44435 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF96DA039  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:12.407809 10.2.193.250:44436 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF96FA1A1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:12.408977 10.2.193.250:44436 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF96FA1A1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:12.543512 10.2.193.250:44436 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF96FA1C7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:56.861700 10.2.193.250:44438 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2256AECC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:57.157482 10.2.193.250:44439 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x233D5AE7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:43:57.672979 10.2.193.250:44441 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2358E322  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:44:15.264930 10.2.190.254:39858 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4949C257  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:18.745572 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9833 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:19.384012 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9834 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:20.661772 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9835 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:44:20.734593 10.2.190.254:39864 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x4EDCA4AB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:23.217458 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9836 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:28.329254 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9837 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:44:38.379986 10.2.196.243:49247 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x94552522  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:38.551772 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9838 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:44:58.993527 154.241.88.201:443 -> 10.1.90.5:1427
TCP TTL:64 TOS:0x0 ID:9839 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0xD9774A3D  Ack: 0x4C9D70F3  Win: 0x16D0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.464838 10.2.193.250:44442 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F01B28A  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.700189 10.2.193.250:44443 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FD175A0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.700802 10.2.193.250:44443 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FD175A0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.708285 10.2.193.250:44444 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F8131E6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.708860 10.2.193.250:44444 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F8131E6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.805893 10.2.193.250:44443 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5FD175C6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:01.814047 10.2.193.250:44444 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x5F81320C  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:45:51.266066 10.2.190.254:39868 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xA2EEA5B2  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:09.411744 7.204.241.161:993 -> 31.154.241.3:61810
TCP TTL:63 TOS:0x0 ID:8928 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0x8879FC53  Ack: 0x17F013CE  Win: 0x2014  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:22.369774 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53222 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:23.053896 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53223 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:24.418210 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53224 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:27.142928 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53225 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:32.588511 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53226 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:49:43.479596 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53227 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:50:05.258836 154.241.88.201:443 -> 10.1.90.5:1487
TCP TTL:64 TOS:0x0 ID:53228 IpLen:20 DgmLen:63 DF
***AP**F Seq: 0x577A2F6  Ack: 0xEB55606D  Win: 0x1920  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:50:05.617500 10.2.193.250:53637 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7CFFBC3E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:50:30.115861 10.2.197.241:8536 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x13DA7DD8  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:03.252227 10.2.197.241:42640 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x24F9C97F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:15.840908 10.2.197.241:43177 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x892AE05F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:21.118615 10.2.197.241:43179 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8DDA8EB5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:22.659790 10.2.197.241:43181 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8EFE95DC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:23.569315 10.2.197.241:43183 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8F2EBC56  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:51:52.694822 10.2.190.254:37287 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF775CF4E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:52:26.651863 10.2.197.241:58681 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x3E9CAA6A  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:52:38.616290 10.2.197.241:5727 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x78A27C48  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:55:46.343104 7.204.241.161:993 -> 31.154.241.2:1850
TCP TTL:63 TOS:0x0 ID:9420 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB7D3162E  Ack: 0x58E80775  Win: 0xFFFF  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:55:46.347052 7.204.241.161:993 -> 31.154.241.2:1847
TCP TTL:63 TOS:0x0 ID:9423 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xBAA92BD9  Ack: 0x2D2A7669  Win: 0xFFFF  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-12:55:46.348366 7.204.241.161:993 -> 31.154.241.2:1831
TCP TTL:63 TOS:0x0 ID:9426 IpLen:20 DgmLen:77 DF
***AP*** Seq: 0xB3F6F54B  Ack: 0xA4CDEBE6  Win: 0xFFFF  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:56:10.251076 10.2.197.241:45791 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x773F01B4  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.570965 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35517 IpLen:20 DgmLen:60 DF
******S* Seq: 0x4E94320F  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 58783455 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.571208 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xF1BE2280  Ack: 0x4E943210  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 77552132 58783455 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.572020 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35518 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x4E943210  Ack: 0xF1BE2281  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783457 77552132 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.575390 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35519 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x4E943210  Ack: 0xF1BE2281  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783459 77552132 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.575639 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30857 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF1BE2281  Ack: 0x4E943298  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552136 58783459 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.584570 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30859 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0xF1BE2829  Ack: 0x4E943298  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552145 58783459 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.587747 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35520 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x4E943298  Ack: 0xF1BE288A  Win: 0x1FC5  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783472 77552145 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.604690 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35521 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x4E943298  Ack: 0xF1BE288A  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783481 77552145 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.610982 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30860 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0xF1BE288A  Ack: 0x4E94335E  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552172 58783481 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.612911 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35522 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x4E94335E  Ack: 0xF1BE28C5  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783497 77552172 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.616355 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30861 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0xF1BE28C5  Ack: 0x4E943418  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552177 58783497 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.616424 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30862 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xF1BE2DEE  Ack: 0x4E943418  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552177 58783497 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.616518 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30863 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xF1BE2E13  Ack: 0x4E943418  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552177 58783497 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.619412 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35523 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x4E943418  Ack: 0xF1BE2E13  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783504 77552177 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.619514 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35524 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x4E943418  Ack: 0xF1BE2E14  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783504 77552177 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.619625 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35525 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x4E943418  Ack: 0xF1BE2E14  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783504 77552177 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.619699 10.1.60.203:64180 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:35526 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x4E94343D  Ack: 0xF1BE2E14  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58783504 77552177 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:58:05.620020 154.241.88.201:443 -> 10.1.60.203:64180
TCP TTL:64 TOS:0x0 ID:30864 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF1BE2E14  Ack: 0x4E94343E  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77552181 58783504 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-12:59:59.762548 3.75.190.181:50121 -> 180.242.137.181:5222
TCP TTL:63 TOS:0x0 ID:12579 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9DE74802  Ack: 0x855BB6E8  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77874186 3777341528 

[**] [1:2000540:7] ET SCAN NMAP -sA (2) [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:01:09.323148 10.2.190.254:48801 -> 154.241.88.201:80
TCP TTL:47 TOS:0x0 ID:48645 IpLen:20 DgmLen:40
***A**** Seq: 0x47402348  Ack: 0xA3A69435  Win: 0xC00  TcpLen: 20
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000540]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:01:15.210071 10.1.60.253:55958 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:53948 IpLen:20 DgmLen:40
***A**** Seq: 0x5C64E967  Ack: 0xA1A475FA  Win: 0x0  TcpLen: 20

[**] [1:2000545:6] ET SCAN NMAP -f -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:01:27.938144 10.2.190.254:48801 -> 154.241.88.201:80
TCP TTL:38 TOS:0x0 ID:64225 IpLen:20 DgmLen:44
******S* Seq: 0x9BE07415  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000545]

[**] [1:2000537:6] ET SCAN NMAP -sS [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:01:27.938144 10.2.190.254:48801 -> 154.241.88.201:80
TCP TTL:38 TOS:0x0 ID:64225 IpLen:20 DgmLen:44
******S* Seq: 0x9BE07415  Ack: 0x0  Win: 0x800  TcpLen: 24
TCP Options (1) => MSS: 1160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_NMAP][Xref => http://doc.emergingthreats.net/2000537]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:50.364589 10.2.190.254:49193 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:51824 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x29B801D5  Ack: 0xC4E150AF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 904143 77777959 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:50.589097 10.2.190.254:45885 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1462 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x29B3CE43  Ack: 0xC4AD5D14  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 904200 77778199 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:58.665642 10.2.190.254:34412 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:60545 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x2EE93CD1  Ack: 0xC914CCD9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906232 77786215 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2129:13] WEB-IIS nsiislog.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:01:58.880651 10.2.190.254:50559 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7506 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x31A7C947  Ack: 0xCC6611BC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906284 77786512 
[Xref => http://www.microsoft.com/technet/security/bulletin/ms03-018.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11664][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0349][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0227][Xref => http://www.securityfocus.com/bid/8035]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:58.895402 10.2.190.254:36626 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:61671 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x317124FD  Ack: 0xCCEF60A0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906287 77786521 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:01:58.972141 10.2.190.254:50559 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7514 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x31A7ED27  Ack: 0xCC6611BC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906300 77786624 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:59.165085 10.2.190.254:36887 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:29351 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x3253A6C3  Ack: 0xCD4BCE90  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906358 77786839 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2152:2] WEB-PHP test.php access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:01:59.372095 10.2.190.254:44986 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:29525 IpLen:20 DgmLen:461 DF
***AP*** Seq: 0x324EA727  Ack: 0xCD066632  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906408 77786890 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11617]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:59.528836 10.2.190.254:45646 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11811 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x3247FAE6  Ack: 0xCD176CCD  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906450 77787210 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:01:59.705919 10.2.190.254:59697 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:33714 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x32375741  Ack: 0xCDA38932  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 906494 77787382 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:21.262448 10.2.190.254:43080 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:14326 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x44B8D09C  Ack: 0xDF8C9F39  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 911913 77806310 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:22.318897 10.2.190.254:49250 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:42365 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x47B64FB3  Ack: 0xE23A7253  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912177 77809741 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2129:13] WEB-IIS nsiislog.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:02:22.477276 10.2.190.254:55772 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:64939 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x47D916A7  Ack: 0xE2852097  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912215 77810025 
[Xref => http://www.microsoft.com/technet/security/bulletin/ms03-018.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11664][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0349][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0227][Xref => http://www.securityfocus.com/bid/8035]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:02:22.653806 10.2.190.254:55772 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:64951 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x47D94C77  Ack: 0xE2852097  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912256 77810414 

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
[Priority: 3] 
11/08-13:02:22.794526 10.2.190.254:52039 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35613 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x48A26099  Ack: 0xE2ECCE15  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912298 77810510 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:02:22.794530 10.2.190.254:52039 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35614 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x48A26515  Ack: 0xE2ECCE15  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912298 77810510 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:22.932173 10.2.190.254:52122 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59141 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x48820CAA  Ack: 0xE396840E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912334 77810660 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:24.023389 10.2.190.254:42451 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11399 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x494DC0FD  Ack: 0xE3FEE17B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 912607 77811483 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:30.658068 10.2.190.254:45865 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11016 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5000D837  Ack: 0xEA8F85C7  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914275 77818343 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2129:13] WEB-IIS nsiislog.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:02:31.209115 10.2.190.254:48741 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:51911 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x4FDB39A7  Ack: 0xEA8FF619  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914409 77818544 
[Xref => http://www.microsoft.com/technet/security/bulletin/ms03-018.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11664][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0349][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0227][Xref => http://www.securityfocus.com/bid/8035]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:02:31.286693 10.2.190.254:48741 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:51919 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x4FDB5D87  Ack: 0xEA8FF619  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914424 77819112 

[**] [1:13161:1] EXPLOIT HP OpenView CGI parameter buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:02:31.952234 10.2.190.254:41570 -> 154.241.88.201:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2336
***AP*** Seq: 0x509BA503  Ack: 0xEBC2BF26  Win: 0x28C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6204][Xref => http://www.securityfocus.com/bid/26741]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:02:31.999655 10.2.190.254:41570 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:20809 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x509BB6F3  Ack: 0xEBC2BF26  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914609 77819846 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:32.077503 10.2.190.254:55007 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15863 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x50FBC998  Ack: 0xEBE2AA19  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914633 77819563 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:33.074539 10.2.190.254:53401 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57905 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x51AB1754  Ack: 0xEC9D0D1A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 914881 77820686 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:36.199413 10.2.190.254:55369 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28266 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x551F96ED  Ack: 0xEFC3B1C3  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 915666 77823796 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
[Priority: 3] 
11/08-13:02:36.807486 10.2.190.254:55481 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18183 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x54D5BF83  Ack: 0xEF217990  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 915816 77823812 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:02:36.845740 10.2.190.254:55481 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18186 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x54D5CCF7  Ack: 0xEF217990  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 915827 77824724 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:37.390259 10.2.190.254:51782 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:55353 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x55C8218F  Ack: 0xF0F81E2B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 915966 77825029 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:38.406035 10.2.190.254:39061 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25709 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x56B59EE6  Ack: 0xF112396F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 916221 77825883 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:39.393774 10.2.190.254:40515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:42990 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x57A55C21  Ack: 0xF21AB14D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 916470 77827154 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2002362:3] ET WEB Barracuda Spam Firewall img.pl Remote Command Execution Attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:39.427223 10.2.190.254:55741 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37170 IpLen:20 DgmLen:825 DF
***AP*** Seq: 0x576E6B00  Ack: 0xF22A8084  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 916476 77827168 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Barracuda_Spam_Firewall][Xref => http://doc.emergingthreats.net/2002362][Xref => http://www.securityfocus.com/bid/14712]

[**] [1:2002685:3] ET WEB Barracuda Spam Firewall img.pl Remote Directory Traversal Attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:39.427223 10.2.190.254:55741 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37170 IpLen:20 DgmLen:825 DF
***AP*** Seq: 0x576E6B00  Ack: 0xF22A8084  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 916476 77827168 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Barracuda_Spam_Firewall][Xref => http://doc.emergingthreats.net/2002685][Xref => http://www.securityfocus.com/bid/14710]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:41.252572 10.2.190.254:44267 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32748 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x58F782FF  Ack: 0xF39387AE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 916939 77828473 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2002158:7] ET EXPLOIT XML-RPC for PHP Remote Code Injection [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:42.105108 10.2.190.254:51273 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47330 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x59CF46AF  Ack: 0xF50ED3B0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917151 77829724 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_PHP][Xref => http://doc.emergingthreats.net/bin/view/Main/2002158][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1921][Xref => http://www.securityfocus.com/bid/14088/exploit]

[**] [1:3827:2] WEB-PHP xmlrpc.php post attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:42.105108 10.2.190.254:51273 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47330 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x59CF46AF  Ack: 0xF50ED3B0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917151 77829724 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1921][Xref => http://www.securityfocus.com/bid/14088]

[**] [1:13816:1] SPECIFIC THREAT Metasploit Framework xmlrpc.php command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:02:42.105108 10.2.190.254:51273 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47330 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x59CF46AF  Ack: 0xF50ED3B0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917151 77829724 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1921]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:42.445722 10.2.190.254:60618 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:50461 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5AD03B81  Ack: 0xF54797CE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917237 77830031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:43.530571 10.2.190.254:51407 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:23823 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5C01A2B3  Ack: 0xF6A94A55  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917511 77831190 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:44.238533 10.2.190.254:45113 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:3046 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5C830B9D  Ack: 0xF75C5175  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917690 77831928 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:45.199392 10.2.190.254:59804 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13123 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5D783220  Ack: 0xF786A06B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 917930 77832859 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:11664:2] WEB-PHP sphpblog password.txt access attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:02:45.684674 10.2.190.254:48608 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47986 IpLen:20 DgmLen:117 DF
***AP*** Seq: 0x5DB8BAAD  Ack: 0xF89CCA03  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 918052 77833368 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:45.973487 10.2.190.254:38331 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:36808 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5E158DEF  Ack: 0xF8D71C44  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 918125 77833660 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:11667:2] WEB-PHP sphpblog arbitrary file delete attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:02:46.718875 10.2.190.254:47088 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52336 IpLen:20 DgmLen:160 DF
***AP*** Seq: 0x5EF6CE8D  Ack: 0xF901ADB6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 918312 77834399 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:11664:2] WEB-PHP sphpblog password.txt access attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:02:46.718875 10.2.190.254:47088 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52336 IpLen:20 DgmLen:160 DF
***AP*** Seq: 0x5EF6CE8D  Ack: 0xF901ADB6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 918312 77834399 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:46.851409 10.2.190.254:54920 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39247 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x5F119A45  Ack: 0xF9C9C7F8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 918346 77834559 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:11665:2] WEB-PHP sphpblog install03_cgi access attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:02:56.536604 10.2.190.254:42855 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9855 IpLen:20 DgmLen:210 DF
***AP*** Seq: 0x67302A26  Ack: 0x227065D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 920781 77844085 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:02:56.702681 10.2.190.254:45079 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:44369 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x6837A1F0  Ack: 0x2673C80  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 920823 77844376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:02:58.823097 7.204.241.161:49506 -> 10.1.10.10:25
TCP TTL:64 TOS:0x0 ID:9815 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8A5B3ADD  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:01.817839 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:29942 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173490 1019944 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.210777 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36789 IpLen:20 DgmLen:60 DF
******S* Seq: 0x14EAA5B5  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 59083043 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.211020 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x9F75ECA  Ack: 0x14EAA5B6  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 77852266 59083043 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.211806 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36790 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x14EAA5B6  Ack: 0x9F75ECB  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083045 77852266 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.215559 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36791 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0x14EAA5B6  Ack: 0x9F75ECB  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083048 77852266 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.215706 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45220 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9F75ECB  Ack: 0x14EAA63E  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852271 59083048 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.224469 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45222 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x9F76473  Ack: 0x14EAA63E  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852274 59083048 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.227741 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36792 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x14EAA63E  Ack: 0x9F764D4  Win: 0x1FC5  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083061 77852274 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.244672 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36793 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0x14EAA63E  Ack: 0x9F764D4  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083070 77852274 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.250776 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45223 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x9F764D4  Ack: 0x14EAA704  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852304 59083070 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.252029 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36794 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0x14EAA704  Ack: 0x9F7650F  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083085 77852304 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.255539 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45224 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x9F7650F  Ack: 0x14EAA7BE  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852309 59083085 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.255629 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45225 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x9F76A38  Ack: 0x14EAA7BE  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852309 59083085 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.255735 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45226 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x9F76A5D  Ack: 0x14EAA7BE  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852309 59083085 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.258462 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36795 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x14EAA7BE  Ack: 0x9F76A5D  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083091 77852309 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.258613 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36796 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x14EAA7BE  Ack: 0x9F76A5E  Win: 0x2081  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083092 77852309 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.258739 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36797 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x14EAA7BE  Ack: 0x9F76A5E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083092 77852309 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.258812 10.1.60.203:54263 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:36798 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x14EAA7E3  Ack: 0x9F76A5E  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59083092 77852309 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:04.258942 154.241.88.201:443 -> 10.1.60.203:54263
TCP TTL:64 TOS:0x0 ID:45227 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9F76A5E  Ack: 0x14EAA7E4  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77852313 59083092 

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:05.923798 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:30005 IpLen:20 DgmLen:116
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173531 1019944 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:06.337893 10.2.190.254:56144 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:10545 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x70B73F3A  Ack: 0xB70F7E4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923245 77854065 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:11817:2] WEB-CGI WhatsUpGold configuration access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:07.322675 10.2.190.254:42810 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5681 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x7234013C  Ack: 0xC340929  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923490 77855071 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0798][Xref => http://www.securityfocus.com/bid/11043]

[**] [1:2663:5] WEB-CGI WhatsUpGold instancename overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:07.322675 10.2.190.254:42810 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5681 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x7234013C  Ack: 0xC340929  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923490 77855071 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0798][Xref => http://www.securityfocus.com/bid/11043]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:03:07.323738 10.2.190.254:42810 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5682 IpLen:20 DgmLen:527 DF
***AP*** Seq: 0x723405B8  Ack: 0xC340929  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923490 77855071 

[**] [1:11666:2] WEB-PHP sphpblog upload_img_cgi access attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:03:07.328705 10.2.190.254:44737 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28299 IpLen:20 DgmLen:531 DF
***AP*** Seq: 0x715A799F  Ack: 0xC8F05C2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923493 77855084 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:07.731837 10.2.190.254:34662 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24224 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x725649FD  Ack: 0xD253B14  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923595 77855375 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:11666:2] WEB-PHP sphpblog upload_img_cgi access attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:03:08.892840 10.2.190.254:47764 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26941 IpLen:20 DgmLen:661 DF
***AP*** Seq: 0x730371BF  Ack: 0xD82FFA0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923886 77856547 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2733][Xref => http://www.securityfocus.com/bid/14667]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:09.317610 10.2.190.254:44440 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13587 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x73952C20  Ack: 0xEC651F9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 923991 77857101 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:971:12] WEB-IIS ISAPI .printer access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:09.460156 10.2.190.254:55938 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28169 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x67E762CA  Ack: 0x31A88F9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 924024 77853972 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-023.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10661][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0241][Xref => http://www.securityfocus.com/bid/2674][Xref => http://www.whitehats.com/info/IDS533]

[**] [1:2001669:6] ET WEB Proxy GET Request [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
11/08-13:03:09.460156 10.2.190.254:55938 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28169 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x67E762CA  Ack: 0x31A88F9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 924024 77853972 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Apache_Open_Proxy][Xref => http://doc.emergingthreats.net/2001669]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:03:09.460156 10.2.190.254:55938 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28169 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x67E762CA  Ack: 0x31A88F9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 924024 77853972 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:09.498559 10.2.190.254:55938 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x67E76798  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:09.503586 10.2.190.254:55938 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x67E76798  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:09.990736 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:30093 IpLen:20 DgmLen:116
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173572 1019944 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:10.056143 10.2.190.254:36589 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24986 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x73FE787C  Ack: 0xF4C1179  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 924176 77857953 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:11.325359 10.2.190.254:56365 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38106 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x75CE8E3B  Ack: 0xFF57F64  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 924498 77858976 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:14.007020 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:30312 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173612 1019944 

[**] [1:2229:5] WEB-PHP viewtopic.php access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:15.770737 10.2.190.254:35032 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:53086 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x790FD1A6  Ack: 0x13992281  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 925616 77863155 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11767][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0486][Xref => http://www.securityfocus.com/bid/7979]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:16.010192 10.2.190.254:56204 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x7934B059  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:11668:2] WEB-PHP vbulletin php code injection [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:03:20.407098 10.2.190.254:59101 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:42542 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x7B32868D  Ack: 0x15EB57BA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 926778 77864843 
[Xref => http://marc.info/?l=bugtraq&m=110910899415763&w=2][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0511]

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:22.059864 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:30425 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173693 1019944 

[**] [1:8708:2] WEB-PHP Wordpress cache_lastpostdate code injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:03:23.841529 10.2.190.254:34698 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26914 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x80C14E12  Ack: 0x1BE67DA0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 927652 77871565 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2612][Xref => http://www.securityfocus.com/bid/14533]

[**] [129:3:1] Data sent on stream not accepting data [**]
[Priority: 3] 
11/08-13:03:37.966762 10.1.10.10:25 -> 7.204.241.161:49506
TCP TTL:125 TOS:0x0 ID:31015 IpLen:20 DgmLen:116 DF
***AP**F Seq: 0x14CBA40F  Ack: 0x8A5B3ADE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11173853 1019944 

[**] [1:13161:1] EXPLOIT HP OpenView CGI parameter buffer overflow attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:03:38.743029 10.2.190.254:38784 -> 154.241.88.201:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2336
***AP*** Seq: 0x8F1E715C  Ack: 0x29C7264D  Win: 0x28C0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6204][Xref => http://www.securityfocus.com/bid/26741]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:03:38.785884 10.2.190.254:38784 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17454 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x8F1E834C  Ack: 0x29C7264D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 931396 77886971 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:38.822193 10.2.190.254:38784 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8F1E881F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:38.828341 10.2.190.254:38784 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8F1E881F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:38.834649 10.2.190.254:38784 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8F1E881F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:12592:3] SMTP ClamAV recipient command injection attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:03:38.552291 10.2.190.254:48304 -> 7.204.241.161:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:620
***AP*** Seq: 0x8DD1E191  Ack: 0x63D990ED  Win: 0x418  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4560][Xref => http://www.securityfocus.com/bid/25439]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:52.659147 7.204.241.161:25 -> 10.2.190.254:48304
TCP TTL:64 TOS:0x0 ID:9928 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x63D990ED  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:52.677323 10.2.190.254:48304 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8DD1E3D5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:52.677325 10.2.190.254:48304 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x8DD1E3D5  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
[Priority: 3] 
11/08-13:03:55.058369 10.2.190.254:41120 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38873 IpLen:20 DgmLen:702 DF
***AP*** Seq: 0x9F1ED1FC  Ack: 0x395B9B9C  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935488 77903284 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:55.093754 10.2.190.254:41120 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x9F1ED487  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:03:55.094699 10.2.190.254:41120 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x9F1ED487  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:3466:9] WEB-MISC Authorization Basic overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:55.301823 10.2.190.254:52662 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28813 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9E8A36E8  Ack: 0x39987DBC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935547 77903544 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0727][Xref => http://www.securityfocus.com/bid/8375]

[**] [1:1260:13] WEB-MISC long basic authorization string [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
11/08-13:03:55.301823 10.2.190.254:52662 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28813 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9E8A36E8  Ack: 0x39987DBC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935547 77903544 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-1067][Xref => http://www.securityfocus.com/bid/3230]

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:55.577182 10.2.190.254:53068 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28965 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x9F9C379A  Ack: 0x397BE8F2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935618 77903852 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:55.577182 10.2.190.254:53068 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28965 IpLen:20 DgmLen:118 DF
***AP*** Seq: 0x9F9C379A  Ack: 0x397BE8F2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935618 77903852 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:55.671636 10.2.190.254:34962 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19947 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9F300B27  Ack: 0x39C45206  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935640 77903937 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:03:55.671636 10.2.190.254:34962 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19947 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9F300B27  Ack: 0x39C45206  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935640 77903937 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:03:55.671636 10.2.190.254:34962 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19947 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9F300B27  Ack: 0x39C45206  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935640 77903937 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:03:55.679468 10.2.190.254:34962 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19948 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x9F300FA3  Ack: 0x39C45206  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 935640 77903937 

[**] [1:1245:12] WEB-IIS ISAPI .idq access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:04:09.123088 10.2.190.254:51864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32744 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xAB992BE4  Ack: 0x46D9C7B3  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 939023 77917454 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS553]

[**] [1:1244:17] WEB-IIS ISAPI .idq attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:09.123088 10.2.190.254:51864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32744 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xAB992BE4  Ack: 0x46D9C7B3  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 939023 77917454 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10115][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0500][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0126][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0071][Xref => http://www.securityfocus.com/bid/968][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS553]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:09.123090 10.2.190.254:51864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32745 IpLen:20 DgmLen:98 DF
***AP*** Seq: 0xAB993060  Ack: 0x46D9C7B3  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 939023 77917454 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:09.150753 10.2.190.254:51864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xAB99308F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:09.159401 10.2.190.254:51864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xAB99308F  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1140:12] WEB-MISC guestbook.pl access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:04:12.543539 10.2.190.254:47141 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38362 IpLen:20 DgmLen:920 DF
***AP*** Seq: 0xAEC0C2BB  Ack: 0x49B2718D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 939883 77920894 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10099][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-1053][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0237][Xref => http://www.securityfocus.com/bid/776][Xref => http://www.whitehats.com/info/IDS228]

[**] [1:8088:5] WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:12.621891 10.2.190.254:33758 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:60652 IpLen:20 DgmLen:817 DF
***AP*** Seq: 0xAF21BB93  Ack: 0x4A018937  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 939904 77920985 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2773][Xref => http://www.securityfocus.com/bid/14662]

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
[Priority: 3] 
11/08-13:04:23.264233 10.2.190.254:34120 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:50358 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xB91EA55F  Ack: 0x53E9A459  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942576 77931676 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:23.266112 10.2.190.254:34120 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:50359 IpLen:20 DgmLen:329 DF
***AP*** Seq: 0xB91EA9DB  Ack: 0x53E9A459  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942576 77931676 

[**] [1:3463:3] WEB-CGI awstats access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:04:24.684517 10.2.190.254:47113 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16988 IpLen:20 DgmLen:795 DF
***AP*** Seq: 0xBA3C2115  Ack: 0x551ABA65  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942934 77933107 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=16456][Xref => http://www.securityfocus.com/bid/12572]

[**] [1:2001686:13] ET EXPLOIT Awstats Remote Code Execution Attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:24.684517 10.2.190.254:47113 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16988 IpLen:20 DgmLen:795 DF
***AP*** Seq: 0xBA3C2115  Ack: 0x551ABA65  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942934 77933107 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_awstats_remote_exec][Xref => http://doc.emergingthreats.net/bin/view/Main/2001686][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0116][Xref => http://www.securityfocus.com/bid/12298][Xref => http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false][Xref => http://awstats.sourceforge.net][Xref => http://www.k-otik.com/exploits/20050302.awstats_shell.c.php][Xref => http://www.k-otik.com/exploits/20050124.awexpl.c.php]

[**] [1:3813:3] WEB-CGI awstats.pl configdir command execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
11/08-13:04:24.684517 10.2.190.254:47113 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16988 IpLen:20 DgmLen:795 DF
***AP*** Seq: 0xBA3C2115  Ack: 0x551ABA65  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942934 77933107 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=16189][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0116][Xref => http://www.securityfocus.com/bid/12298]

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:24.876430 10.2.190.254:53254 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57741 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xBB23820C  Ack: 0x54DBB95D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942982 77933299 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:24.879843 10.2.190.254:53254 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57742 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xBB238688  Ack: 0x54DBB95D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 942982 77933299 

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:04:36.636083 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:48026 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xBB93DF65  Ack: 0x56AE0620  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945937 77944861 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:04:36.636083 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:48026 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xBB93DF65  Ack: 0x56AE0620  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945937 77944861 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:36.636083 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:48026 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xBB93DF65  Ack: 0x56AE0620  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945937 77944861 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:36.642722 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:48027 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xBB93E3E1  Ack: 0x56AE0620  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945937 77944861 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:36.699457 10.2.190.254:39428 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:31613 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xC5B5146B  Ack: 0x609DFF46  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945950 77945146 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:36.700521 10.2.190.254:39428 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:31614 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xC5B518E7  Ack: 0x609DFF46  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 945950 77945146 

[**] [1:11687:8] WEB-MISC Apache SSI error page cross-site scripting [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:45.544380 10.2.190.254:52195 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63681 IpLen:20 DgmLen:437 DF
***AP*** Seq: 0xCE568F01  Ack: 0x68F3B0E1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948174 77954030 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0840][Xref => http://www.securityfocus.com/bid/5847]

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:45.804824 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56732 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BA597  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948243 77954332 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:04:45.804824 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56732 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BA597  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948243 77954332 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.804824 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56732 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BA597  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948243 77954332 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.812984 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56733 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BAA13  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948243 77954332 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.820775 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56734 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BAE8F  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948243 77954332 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.840784 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56735 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BB30B  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948252 77954368 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.848490 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56736 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BB787  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948252 77954368 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.854914 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56737 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BBC03  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948253 77954376 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.863014 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56738 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BC07F  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948253 77954376 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.870868 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56739 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BC4FB  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948255 77954382 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.882964 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56740 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BC977  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948255 77954382 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.888786 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56741 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BCDF3  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948261 77954405 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899979 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56742 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BD26F  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948261 77954405 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899981 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56743 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BD6EB  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948263 77954412 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899985 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56744 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BDB67  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948263 77954412 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899987 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56745 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BDFE3  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948264 77954419 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899991 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56746 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BE45F  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948264 77954419 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899993 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56747 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BE8DB  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948266 77954427 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.899997 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56748 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BED57  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948266 77954427 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.943000 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56749 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6BF1D3  Ack: 0x68EEEB36  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948268 77954435 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.949229 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56752 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BF64F  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948275 77954450 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.955714 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56753 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BFACB  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948275 77954450 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.966566 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56754 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6BFF47  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948275 77954450 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.972357 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56755 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C03C3  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948275 77954450 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.976230 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56756 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C083F  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948276 77954464 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.984011 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56757 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C0CBB  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948276 77954464 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.993830 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56758 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C1137  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948276 77954464 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:45.997613 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56759 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C15B3  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948279 77954478 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.002965 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56760 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C1A2F  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948279 77954478 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.009871 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56761 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C1EAB  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948279 77954478 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.018256 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56762 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C2327  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948282 77954492 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.024240 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56763 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C27A3  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948282 77954492 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.030317 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56764 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6C2C1F  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948282 77954492 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.037044 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56765 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6C309B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948286 77954507 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.043871 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56766 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C3517  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948288 77954507 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.052001 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56767 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C3993  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948288 77954507 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.059765 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56768 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C3E0F  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948289 77954520 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.068977 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56769 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C428B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948289 77954520 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.075198 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56770 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C4707  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948290 77954520 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.081097 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56771 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C4B83  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948293 77954533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.088411 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56772 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C4FFF  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948293 77954533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.096852 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56773 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C547B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948293 77954533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.102421 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56774 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C58F7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948296 77954548 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.110311 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56775 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C5D73  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948296 77954548 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.118156 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56776 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C61EF  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948296 77954548 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134324 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56777 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C666B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948300 77954561 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134328 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56778 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C6AE7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948300 77954561 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134330 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56779 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C6F63  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948300 77954561 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134334 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56780 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C73DF  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948303 77954575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134336 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56781 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C785B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948303 77954575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134340 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56782 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xCE6C7CD7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948303 77954575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134352 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56783 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C8153  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948307 77954589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134356 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56784 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C85CF  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948307 77954589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134358 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56785 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C8A4B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948307 77954589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134364 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56786 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C8EC7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948310 77954602 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134366 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56787 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C9343  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948310 77954602 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134370 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56788 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C97BF  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948310 77954602 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134372 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56789 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6C9C3B  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948314 77954617 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:04:46.134376 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56790 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6CA0B7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948314 77954617 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:04:46.134376 10.2.190.254:40258 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56790 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCE6CA0B7  Ack: 0x68EEECDE  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 948314 77954617 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:55.708893 10.2.190.254:56236 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:53835 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xD7C1538C  Ack: 0x71F50331  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 950731 77964278 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:55.710812 10.2.190.254:56236 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:53836 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xD7C15808  Ack: 0x71F50331  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 950731 77964278 

[**] [1:3816:6] WEB-MISC BadBlue ext.dll buffer overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:04:55.717115 10.2.190.254:57960 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2729 IpLen:20 DgmLen:935 DF
***AP*** Seq: 0xD7F48B67  Ack: 0x727CDBE4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 950731 77964273 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0595][Xref => http://www.securityfocus.com/bid/12673]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:55.758421 10.2.190.254:57960 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD7F48EDB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:55.758423 10.2.190.254:57960 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD7F48EDB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:55.763505 10.2.190.254:57960 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xD7F48EDB  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:04:57.024883 10.2.190.254:50362 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16550 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xD8DFC3AA  Ack: 0x73733026  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 951060 77965600 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:57.026458 10.2.190.254:50362 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16551 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xD8DFC826  Ack: 0x73733026  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 951060 77965600 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:04:59.924007 10.2.190.254:54015 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28555 IpLen:20 DgmLen:178 DF
***AP**F Seq: 0xDBAF00C6  Ack: 0x760AEEA9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 951789 77968516 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:59.950849 10.2.190.254:54015 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDBAF0145  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:04:59.954050 10.2.190.254:54015 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDBAF0145  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:02.451833 10.2.190.254:55916 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5198 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDD919C2E  Ack: 0x78ADDEA4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952426 77971055 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:02.453427 10.2.190.254:55916 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5199 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xDD91A0AA  Ack: 0x78ADDEA4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952426 77971055 

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:02.716263 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41540 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE722AE7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952492 77971324 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:02.716263 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41540 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE722AE7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952492 77971324 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.716263 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41540 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE722AE7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952492 77971324 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.723056 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41541 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE722F63  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952492 77971324 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.729993 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41542 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE7233DF  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952492 77971324 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.751787 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41543 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72385B  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952502 77971365 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.759374 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41544 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE723CD7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952502 77971365 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.767233 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41545 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE724153  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952503 77971371 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.774466 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41546 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE7245CF  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952503 77971371 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.781087 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41547 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE724A4B  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952505 77971378 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.787156 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41548 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE724EC7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952505 77971378 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.794968 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41549 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE725343  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952510 77971400 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.801812 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41550 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE7257BF  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952510 77971400 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.808736 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41551 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE725C3B  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952512 77971408 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.816792 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41552 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE7260B7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952512 77971408 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.821820 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41553 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE726533  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952514 77971416 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.828254 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41554 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE7269AF  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952514 77971416 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.834960 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41555 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE726E2B  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952516 77971423 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.842223 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41556 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE7272A7  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952516 77971423 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.850095 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41557 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE727723  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952518 77971430 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.856120 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41558 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE727B9F  Ack: 0x78ED8B9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952518 77971430 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.866888 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41561 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72801B  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952522 77971444 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.874465 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41562 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE728497  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952522 77971444 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.881146 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41563 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE728913  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952522 77971444 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.888343 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41564 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE728D8F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952525 77971458 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.895438 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41565 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72920B  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952525 77971458 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.902335 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41566 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE729687  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952525 77971458 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.910954 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41567 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE729B03  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952528 77971471 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.917667 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41568 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE729F7F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952528 77971471 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.925343 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41569 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72A3FB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952528 77971471 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.932877 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41570 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE72A877  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952531 77971484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.939839 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41571 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE72ACF3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952531 77971484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.949337 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41572 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72B16F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952532 77971484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.956223 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41573 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72B5EB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952535 77971499 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.964639 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41574 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72BA67  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952535 77971499 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.972090 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41575 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72BEE3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952535 77971499 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.978322 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41576 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72C35F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952539 77971516 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.984842 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41577 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72C7DB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952539 77971516 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.992055 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41578 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72CC57  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952539 77971516 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:02.998427 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41579 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72D0D3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952543 77971530 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.005350 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41580 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72D54F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952543 77971530 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.013143 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41581 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72D9CB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952543 77971530 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.018832 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41582 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72DE47  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952547 77971545 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.025516 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41583 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72E2C3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952547 77971545 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.032044 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41584 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72E73F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952547 77971545 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.039791 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41585 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72EBBB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952550 77971560 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.048285 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41586 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72F037  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952550 77971560 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.054519 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41587 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xDE72F4B3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952550 77971560 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.059756 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41588 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72F92F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952554 77971575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.066385 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41589 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE72FDAB  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952554 77971575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.076042 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41590 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE730227  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952554 77971575 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.082940 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41591 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE7306A3  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952558 77971589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.091219 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41592 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE730B1F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952558 77971589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.097565 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41593 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE730F9B  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952558 77971589 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.105359 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41594 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE731417  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952562 77971606 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.113737 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41595 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE731893  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952562 77971606 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.119085 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41596 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE731D0F  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952562 77971606 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.126577 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41597 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE73218B  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952566 77971622 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:03.134553 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41598 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE732607  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952566 77971622 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:03.134553 10.2.190.254:46348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41598 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDE732607  Ack: 0x78ED8D45  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952566 77971622 

[**] [1:3824:4] SMTP AUTH user overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:05:02.730671 10.2.190.254:48289 -> 7.204.241.161:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1775
***AP*** Seq: 0xDE2195DB  Ack: 0xCDD04240  Win: 0x1E0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2223][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1781][Xref => http://www.securityfocus.com/bid/13772]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:03.263968 10.2.190.254:48289 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDE219CA3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:03.264267 10.2.190.254:48289 -> 7.204.241.161:25
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDE219CA3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:03.975255 10.2.190.254:35949 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:34687 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xDEEE0EA0  Ack: 0x7982B49D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952809 77972592 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:03.975625 10.2.190.254:35949 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:34688 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xDEEE131C  Ack: 0x7982B49D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 952809 77972592 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:07.432633 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xBB94BE7D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:07.432635 10.2.190.254:36488 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xBB94BE7D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:07.567325 10.2.190.254:35745 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15994 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE291B325  Ack: 0x7CF7B5F1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953712 77976152 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:07.567325 10.2.190.254:35745 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15994 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE291B325  Ack: 0x7CF7B5F1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953712 77976152 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:07.567325 10.2.190.254:35745 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15994 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE291B325  Ack: 0x7CF7B5F1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953712 77976152 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:07.575087 10.2.190.254:35745 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15995 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE291B7A1  Ack: 0x7CF7B5F1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953712 77976152 

[**] [119:18:1] (http_inspect) WEBROOT DIRECTORY TRAVERSAL [**]
[Priority: 3] 
11/08-13:05:07.678919 10.2.190.254:33208 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46182 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE257391E  Ack: 0x7D615C25  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953733 77976283 

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
[Priority: 3] 
11/08-13:05:07.688642 10.2.190.254:33208 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46183 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE2573D9A  Ack: 0x7D615C25  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953733 77976283 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:07.694810 10.2.190.254:33208 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46184 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE2574216  Ack: 0x7D615C25  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953733 77976283 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:08.019479 10.2.190.254:35493 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15315 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE27AB611  Ack: 0x7E1E9706  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953826 77976657 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:08.021785 10.2.190.254:35493 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15316 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xE27ABA8D  Ack: 0x7E1E9706  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 953826 77976657 

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:09.016309 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37839 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F1D19  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954076 77977659 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:09.016309 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37839 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F1D19  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954076 77977659 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.016309 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37839 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F1D19  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954076 77977659 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.024194 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37840 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F2195  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954076 77977659 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.030658 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37841 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F2611  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954076 77977659 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.051199 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37842 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F2A8D  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954085 77977696 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.058009 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37843 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F2F09  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954085 77977696 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.065129 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37844 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F3385  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954087 77977704 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.072412 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37845 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F3801  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954087 77977704 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.079339 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37846 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F3C7D  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954089 77977711 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.087984 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37847 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F40F9  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954089 77977711 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099767 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37848 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F4575  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954094 77977731 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099771 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37849 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F49F1  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954094 77977731 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099773 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37850 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F4E6D  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954096 77977738 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099777 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37851 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F52E9  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954096 77977738 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099779 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37852 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F5765  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954097 77977745 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099783 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37853 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F5BE1  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954097 77977745 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.099785 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37854 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F605D  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954099 77977753 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.108619 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37855 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F64D9  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954099 77977753 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.153021 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37856 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F6955  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954101 77977760 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.159703 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37857 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F6DD1  Ack: 0x7E58561E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954101 77977760 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.179337 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37860 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F724D  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954105 77977776 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.179341 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37861 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F76C9  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954105 77977776 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.184746 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37862 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F7B45  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954105 77977776 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.192297 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37863 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F7FC1  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954109 77977790 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.199824 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37864 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F843D  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954109 77977790 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.206512 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37865 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F88B9  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954109 77977790 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.213560 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37866 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F8D35  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954112 77977806 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.220244 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37867 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F91B1  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954112 77977806 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.228280 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37868 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46F962D  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954112 77977806 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.235736 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37869 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F9AA9  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954116 77977820 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.242192 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37870 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46F9F25  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954116 77977820 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.248747 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37871 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FA3A1  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954116 77977820 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.255644 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37872 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FA81D  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954119 77977834 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.262952 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37873 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FAC99  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954119 77977834 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.269315 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37874 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FB115  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954119 77977834 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.277212 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37875 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FB591  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954124 77977852 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.284233 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37876 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FBA0D  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954124 77977852 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.291325 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37877 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FBE89  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954124 77977852 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.298153 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37878 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FC305  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954128 77977867 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.305044 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37879 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FC781  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954128 77977867 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.313422 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37880 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FCBFD  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954128 77977867 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.319245 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37881 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FD079  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954131 77977881 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.325829 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37882 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FD4F5  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954131 77977881 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.334696 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37883 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FD971  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954131 77977881 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.334698 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37884 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FDDED  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954135 77977895 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.334702 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37885 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FE269  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954135 77977895 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.334704 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37886 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xE46FE6E5  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954135 77977895 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.363826 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37887 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FEB61  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954138 77977909 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367188 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37888 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FEFDD  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954138 77977909 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367192 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37889 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FF459  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954138 77977909 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367194 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37890 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FF8D5  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954142 77977923 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367198 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37891 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE46FFD51  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954142 77977923 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367200 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37892 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE47001CD  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954142 77977923 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367204 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37893 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE4700649  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954145 77977937 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.367206 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37894 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE4700AC5  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954145 77977937 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.369467 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37895 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE4700F41  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954145 77977937 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.369469 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37896 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE47013BD  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954149 77977951 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:09.369472 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37897 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE4701839  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954149 77977951 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:09.369472 10.2.190.254:45838 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37897 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE4701839  Ack: 0x7E5857C6  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954149 77977951 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:09.477275 10.2.190.254:51648 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:58469 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE42E6B57  Ack: 0x7F8A2FF5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954192 77978121 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:09.480834 10.2.190.254:51648 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:58470 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xE42E6FD3  Ack: 0x7F8A2FF5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 954192 77978121 

[**] [1:11687:8] WEB-MISC Apache SSI error page cross-site scripting [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:12.967921 10.2.190.254:57062 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16242 IpLen:20 DgmLen:886 DF
***AP*** Seq: 0xE73EADC6  Ack: 0x82A641BD  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 955070 77981625 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0840][Xref => http://www.securityfocus.com/bid/5847]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:12.994466 10.2.190.254:57062 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE73EB109  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:12.997240 10.2.190.254:57062 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xE73EB109  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:13.239341 10.2.190.254:44410 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:62863 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xE797677B  Ack: 0x8253BA70  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 955137 77981893 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:13.240867 10.2.190.254:44410 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:62864 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xE7976BF7  Ack: 0x8253BA70  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 955138 77981893 

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:20.906804 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52590 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xEF3C57EF  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957065 77989609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:20.906804 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52590 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xEF3C57EF  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957065 77989609 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:20.941466 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52593 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xEF3C6563  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957074 77989646 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:20.948243 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52594 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xEF3C69DF  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957074 77989646 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:20.955576 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52595 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xEF3C6E5B  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957076 77989654 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:20.955691 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52596 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xEF3C72D7  Ack: 0x89CC223D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957076 77989654 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:21.894969 10.2.190.254:38068 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:49770 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xEF965913  Ack: 0x8A735410  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957313 77990602 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:21.897348 10.2.190.254:38068 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:49771 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xEF965D8F  Ack: 0x8A735410  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957313 77990602 

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:21.978471 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24897 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04DFAAE  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957337 77990698 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:21.978471 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24897 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04DFAAE  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957337 77990698 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:21.978471 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24897 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04DFAAE  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957337 77990698 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:21.992474 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24898 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04DFF2A  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957337 77990698 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.003906 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24899 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E03A6  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957337 77990698 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.027606 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24900 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E0822  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957346 77990735 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.032791 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24901 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E0C9E  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957346 77990735 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.039216 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24902 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E111A  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957348 77990741 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.047930 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24903 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E1596  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957348 77990741 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.053914 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24904 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E1A12  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957350 77990749 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.060994 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24905 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E1E8E  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957350 77990749 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.068124 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24906 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E230A  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957355 77990773 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.075543 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24907 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E2786  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957356 77990773 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.082463 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24908 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E2C02  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957357 77990778 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.089444 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24909 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E307E  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957357 77990778 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.095887 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24910 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E34FA  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957358 77990784 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.104635 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24911 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E3976  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957358 77990784 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.111378 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24912 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E3DF2  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957361 77990793 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.117818 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24913 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E426E  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957361 77990793 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.125505 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24914 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E46EA  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957362 77990799 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.131827 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24915 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E4B66  Ack: 0x8ADECE4B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957362 77990799 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.140979 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24918 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E4FE2  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957366 77990813 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.149639 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24919 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E545E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957366 77990813 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.157548 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24920 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E58DA  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957366 77990813 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.164752 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24921 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E5D56  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957369 77990828 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.171903 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24922 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E61D2  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957369 77990828 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.177865 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24923 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E664E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957369 77990828 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.185256 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24924 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E6ACA  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957373 77990843 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.191624 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24925 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E6F46  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957373 77990843 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.199425 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24926 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E73C2  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957373 77990843 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.208868 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24927 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E783E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957376 77990857 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.215660 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24928 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04E7CBA  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957376 77990857 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.222921 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24929 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E8136  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957376 77990857 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.230206 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24930 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E85B2  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957380 77990871 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.236544 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24931 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E8A2E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957380 77990871 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.242716 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24932 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E8EAA  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957380 77990871 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.249824 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24933 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E9326  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957384 77990887 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.257907 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24934 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E97A2  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957384 77990887 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.265227 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24935 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04E9C1E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957384 77990887 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.274027 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24936 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EA09A  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957388 77990903 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.281728 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24937 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EA516  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957388 77990903 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.287028 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24938 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EA992  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957388 77990903 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.293844 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24939 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EAE0E  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957392 77990918 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.300631 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24940 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EB28A  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957392 77990918 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.308234 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24941 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EB706  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957392 77990918 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.315839 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24942 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EBB82  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957395 77990931 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.322553 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24943 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EBFFE  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957395 77990931 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.329213 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24944 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF04EC47A  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957395 77990931 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.337050 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24945 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EC8F6  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957399 77990945 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.342933 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24946 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04ECD72  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957399 77990945 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.350435 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24947 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04ED1EE  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957399 77990945 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.357629 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24948 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04ED66A  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957403 77990962 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.364907 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24949 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EDAE6  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957403 77990962 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.370833 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24950 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EDF62  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957403 77990962 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.377679 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24951 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EE3DE  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957406 77990976 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.384939 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24952 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EE85A  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957406 77990976 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.390604 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24953 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EECD6  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957406 77990976 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:22.398957 10.2.190.254:60515 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24954 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF04EF152  Ack: 0x8ADECFF3  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957410 77990989 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:23.550138 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xEF3C7382  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:23.550958 10.2.190.254:33155 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xEF3C7382  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:23.559882 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19232 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF180D60B  Ack: 0x8C4F09E0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957729 77992255 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:23.605213 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19235 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF180E37F  Ack: 0x8C4F09E0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957740 77992313 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:23.614366 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19236 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF180E7FB  Ack: 0x8C4F09E0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957740 77992313 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:23.621963 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19237 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF180EC77  Ack: 0x8C4F09E0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957742 77992319 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:23.622082 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19238 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xF180F0F3  Ack: 0x8C4F09E0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957742 77992319 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:23.630130 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63091 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF1CE6B5A  Ack: 0x8BDBF51F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957747 77992338 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:23.630130 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63091 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF1CE6B5A  Ack: 0x8BDBF51F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957747 77992338 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:23.630130 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63091 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF1CE6B5A  Ack: 0x8BDBF51F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957747 77992338 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:23.636048 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63092 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF1CE6FD6  Ack: 0x8BDBF51F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 957747 77992338 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:24.842039 10.2.190.254:46831 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32867 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF3381E05  Ack: 0x8D8FE7AA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958061 77993590 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:24.851250 10.2.190.254:46831 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32868 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xF3382281  Ack: 0x8D8FE7AA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958061 77993590 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:28.273875 10.2.190.254:57319 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46890 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B9168F  Ack: 0x90E0615E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958916 77996921 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:28.275822 10.2.190.254:57319 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46891 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xF5B91B0B  Ack: 0x90E0615E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958916 77996921 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:28.285035 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF180F19E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:28.285037 10.2.190.254:56771 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF180F19E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:28.306932 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59491 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF60149D1  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958925 77996962 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:28.306932 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59491 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF60149D1  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958925 77996962 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:28.336077 10.2.190.254:50134 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52103 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF6066EAD  Ack: 0x90CCBE0E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958929 77996975 

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:28.355259 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17338 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFE207  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958937 77997011 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:28.355259 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17338 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFE207  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958937 77997011 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.355259 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17338 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFE207  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958937 77997011 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.363293 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17339 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFE683  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958937 77997011 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.369876 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17340 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5AFEAFF  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958937 77997011 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:28.445402 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59494 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF6015745  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958960 77997083 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:28.451797 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59495 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF6015BC1  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958960 77997083 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:28.461644 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59496 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF601603D  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958964 77997090 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:28.461808 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59497 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xF60164B9  Ack: 0x9037EAF4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958964 77997090 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.496761 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17341 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFEF7B  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997132 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.503494 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17342 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFF3F7  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997132 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.510316 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17343 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5AFF873  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997140 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.519281 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17344 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5AFFCEF  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997140 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.526611 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17345 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0016B  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997147 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.532899 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17346 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5B005E7  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958973 77997147 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.555939 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17347 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5B00A63  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958987 77997274 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.565419 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17348 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B00EDF  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.573015 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17349 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0135B  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.579758 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17350 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B017D7  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.586409 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17351 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B01C53  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.593474 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17352 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B020CF  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.602331 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17353 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0254B  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958988 77997297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.612009 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17354 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B029C7  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958989 77997304 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.618838 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17355 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B02E43  Ack: 0x911A42F0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 958989 77997304 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.631723 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17358 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B032BF  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997333 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.637902 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17359 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5B0373B  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997333 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.648483 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17360 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5B03BB7  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997333 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.655096 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17361 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B04033  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997351 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.660863 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17362 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B044AF  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997351 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.667306 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17363 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0492B  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959003 77997351 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.674879 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17364 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B04DA7  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959004 77997364 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.681219 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17365 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B05223  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959004 77997364 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.693552 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17366 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0569F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959004 77997364 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.701581 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17367 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B05B1B  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959008 77997380 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.707678 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17368 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B05F97  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959008 77997380 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.715598 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17369 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B06413  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959008 77997380 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.721902 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17370 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0688F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959012 77997397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.729297 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17371 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B06D0B  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959012 77997397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.736461 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17372 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B07187  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959012 77997397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.754024 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17373 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B07603  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959031 77997416 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.760618 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17374 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B07A7F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959031 77997416 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.768775 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17375 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF5B07EFB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959031 77997416 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.775337 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17376 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B08377  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.786101 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17377 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B087F3  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.786105 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17378 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B08C6F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.786107 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17379 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B090EB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.786111 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17380 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B09567  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.786113 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17381 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B099E3  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.793279 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17382 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B09E5F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.803365 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17383 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0A2DB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.803369 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17384 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0A757  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.803371 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17385 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0ABD3  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959034 77997480 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.803375 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17386 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0B04F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959037 77997494 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.803376 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17387 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0B4CB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959037 77997494 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.819091 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17388 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0B947  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959037 77997494 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.835421 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17389 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0BDC3  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959040 77997508 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.851590 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17390 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0C23F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959040 77997508 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.863542 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17391 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0C6BB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959040 77997508 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.883823 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17392 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0CB37  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959046 77997533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.895627 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17393 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0CFB3  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959046 77997533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.915291 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17394 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0D42F  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959046 77997533 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.918389 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17395 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0D8AB  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959050 77997548 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:28.918392 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17396 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0DD27  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959050 77997548 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:28.918392 10.2.190.254:51003 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17396 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF5B0DD27  Ack: 0x911A4498  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959050 77997548 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:29.805038 10.2.190.254:47786 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:27599 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF727C8F7  Ack: 0x924FC17E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959301 77998546 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:29.806489 10.2.190.254:47786 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:27600 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xF727CD73  Ack: 0x924FC17E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959301 77998546 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:30.912923 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF6016564  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:30.915211 10.2.190.254:57517 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF6016564  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:30.932735 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39430 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF8E93E5D  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959585 77999678 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:30.932735 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39430 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF8E93E5D  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959585 77999678 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:30.967777 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39433 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF8E94BD1  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959594 77999722 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:30.974363 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39434 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF8E9504D  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959594 77999722 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:30.981140 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39435 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF8E954C9  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959596 77999729 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:30.981274 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39436 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xF8E95945  Ack: 0x930C3ADF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959596 77999729 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:31.176305 10.2.190.254:40343 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26815 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF8BCCC2B  Ack: 0x9376E3BE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959646 77999929 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:31.177518 10.2.190.254:40343 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26816 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xF8BCD0A7  Ack: 0x9376E3BE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959646 77999929 

[**] [1:3463:3] WEB-CGI awstats access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:31.823158 10.2.190.254:57708 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:12866 IpLen:20 DgmLen:833 DF
***AP*** Seq: 0xF926977A  Ack: 0x94111F72  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959809 78000579 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=16456][Xref => http://www.securityfocus.com/bid/12572]

[**] [1:2002900:3] ET WEB CGI AWstats Migrate Command Attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:31.823158 10.2.190.254:57708 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:12866 IpLen:20 DgmLen:833 DF
***AP*** Seq: 0xF926977A  Ack: 0x94111F72  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959809 78000579 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Awstats][Xref => http://doc.emergingthreats.net/2002900][Xref => http://www.securityfocus.com/bid/17844]

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:32.344151 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47447 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D81CE4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959939 78001077 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:32.344151 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47447 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D81CE4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959939 78001077 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.344151 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47447 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D81CE4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959939 78001077 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.351241 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47448 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D82160  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959939 78001077 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.357599 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47449 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D825DC  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959939 78001077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:32.357601 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF1CF4A72  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:32.357603 10.2.190.254:54462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF1CF4A72  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:32.368440 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16223 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFA459A9F  Ack: 0x94F91011  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959946 78001128 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:32.368440 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16223 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFA459A9F  Ack: 0x94F91011  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959946 78001128 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:32.368440 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16223 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFA459A9F  Ack: 0x94F91011  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959946 78001128 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:32.376927 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16224 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFA459F1B  Ack: 0x94F91011  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959946 78001128 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.391086 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47450 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D82A58  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959949 78001141 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.398966 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47451 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D82ED4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959949 78001141 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.406044 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47452 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D83350  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959950 78001148 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.413125 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47453 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D837CC  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959950 78001148 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.419760 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47454 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D83C48  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959952 78001154 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.426736 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47455 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D840C4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959952 78001154 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.476652 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47456 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D84540  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959960 78001188 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.484507 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47457 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D849BC  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959961 78001188 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.492259 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47458 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D84E38  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959962 78001196 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.498508 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47459 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D852B4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959963 78001196 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.505748 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47460 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D85730  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959964 78001203 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.512958 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47461 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D85BAC  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959964 78001203 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.522690 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47462 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D86028  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959966 78001209 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.529814 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47463 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D864A4  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959966 78001209 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.536572 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47464 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D86920  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959968 78001217 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.544461 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47465 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D86D9C  Ack: 0x949E15B4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959968 78001217 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.558517 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47468 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D87218  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959979 78001264 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.558520 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47469 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D87694  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959979 78001264 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.655160 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47470 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D87B10  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959983 78001277 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.661774 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47471 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D87F8C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959983 78001277 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.668993 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47472 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D88408  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959984 78001282 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.676300 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47473 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D88884  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959984 78001282 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.683363 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47474 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D88D00  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959987 78001291 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.690709 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47475 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8917C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959987 78001291 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.696692 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47476 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D895F8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959988 78001297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.704437 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47477 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D89A74  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959988 78001297 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.712368 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47478 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D89EF0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959990 78001304 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.718646 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47479 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8A36C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959990 78001304 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.726464 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47480 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8A7E8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959992 78001313 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.733218 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47481 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8AC64  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959992 78001313 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.740413 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47482 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8B0E0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959994 78001321 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.747460 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47483 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8B55C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959994 78001321 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.754307 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47484 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8B9D8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959996 78001329 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.761544 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47485 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8BE54  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959996 78001329 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.768860 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47486 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8C2D0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959997 78001334 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.778514 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47487 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8C74C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959997 78001334 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.786735 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47488 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8CBC8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959999 78001343 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.792838 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47489 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8D044  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 959999 78001343 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:32.884967 10.2.190.254:35621 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38112 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFA4B3138  Ack: 0x952F5665  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960011 78001387 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:32.886849 10.2.190.254:35621 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38113 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xFA4B35B4  Ack: 0x952F5665  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960011 78001387 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.952125 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47490 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8D4C0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960020 78001424 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.959219 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47491 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8D93C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960020 78001424 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.962609 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47492 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8DDB8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960021 78001431 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.962611 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47493 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8E234  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960021 78001431 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.963965 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47494 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8E6B0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960027 78001453 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.964745 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47495 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xF9D8EB2C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960027 78001453 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.964749 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47496 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8EFA8  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960029 78001460 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.964751 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47497 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8F424  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960029 78001460 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.964755 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47498 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8F8A0  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960031 78001467 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.964757 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47499 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D8FD1C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960031 78001467 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:32.970997 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47500 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D90198  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960032 78001474 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:33.061451 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47501 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D90614  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960032 78001474 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:33.069069 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47502 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D90A90  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960034 78001481 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:33.076063 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47503 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D90F0C  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960034 78001481 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:33.082474 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47504 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D91388  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960038 78001496 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:33.089785 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47505 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D91804  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960038 78001496 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:33.089785 10.2.190.254:42271 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47505 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xF9D91804  Ack: 0x949E175C  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960038 78001496 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:33.457763 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF8E959F0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:33.460302 10.2.190.254:60875 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xF8E959F0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:33.473443 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25062 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFB31C734  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960223 78002234 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:33.473443 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25062 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFB31C734  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960223 78002234 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:33.509682 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25065 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFB31D4A8  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960233 78002276 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:33.518738 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25066 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFB31D924  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960233 78002276 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:33.526473 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25067 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFB31DDA0  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960235 78002284 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:33.526625 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:25068 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xFB31E21C  Ack: 0x95C9E343  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960235 78002284 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:34.409748 10.2.190.254:39497 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1863 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFBA7A0EA  Ack: 0x9600F464  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960459 78003084 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:34.411681 10.2.190.254:39497 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1864 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xFBA7A566  Ack: 0x9600F464  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 960459 78003084 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:38.342422 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFB31E2C7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:38.344976 10.2.190.254:46558 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFB31E2C7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:38.359430 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7207 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFBDB782  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961452 78007145 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:38.359430 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7207 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFBDB782  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961452 78007145 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:38.382425 10.2.190.254:60089 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47842 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFF9D1147  Ack: 0x9AEB5140  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961453 78007145 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:38.384071 10.2.190.254:60089 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47843 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xFF9D15C3  Ack: 0x9AEB5140  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961453 78007145 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:38.395290 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7210 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFBDC4F6  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961461 78007185 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:38.403399 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7211 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFBDC972  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961461 78007185 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:38.411357 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7212 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFBDCDEE  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961462 78007192 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:38.411482 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7213 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0xFFBDD26A  Ack: 0x9B72ED8E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961462 78007192 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:38.506017 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6824 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9B170  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961488 78007295 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:38.506017 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6824 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9B170  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961488 78007295 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.506017 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6824 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9B170  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961488 78007295 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.512210 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6825 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9B5EC  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961488 78007295 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.521217 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6826 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9BA68  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961488 78007295 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.543013 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6827 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9BEE4  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961498 78007333 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.551205 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6828 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9C360  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961498 78007333 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.556664 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6829 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9C7DC  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961499 78007340 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.562636 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6830 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9CC58  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961499 78007340 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.569126 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6831 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9D0D4  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961501 78007349 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.576468 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6832 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9D550  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961501 78007349 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.583488 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6833 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9D9CC  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961507 78007371 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.590257 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6834 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9DE48  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961507 78007371 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.596967 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6835 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9E2C4  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961509 78007379 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.604023 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6836 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9E740  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961509 78007379 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.610642 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6837 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9EBBC  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961510 78007384 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.618810 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6838 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9F038  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961510 78007384 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.626681 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6839 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFD9F4B4  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961512 78007390 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.632332 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6840 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9F930  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961512 78007390 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.638837 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6841 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFD9FDAC  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961513 78007397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.648132 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6842 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA0228  Ack: 0x9B0FFCF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961513 78007397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.655792 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6844 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA06A4  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961517 78007397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.663523 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6845 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA0B20  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961517 78007397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.671608 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6846 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA0F9C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961517 78007397 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.677165 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6847 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA1418  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961520 78007425 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.684050 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6848 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA1894  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961520 78007425 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.691171 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6849 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA1D10  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961520 78007425 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.697730 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6850 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA218C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961524 78007439 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704022 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6851 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA2608  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961524 78007439 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704024 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6852 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA2A84  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961524 78007439 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704028 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6853 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFDA2F00  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961528 78007455 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704030 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6854 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFDA337C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961528 78007455 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704035 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6855 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA37F8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961528 78007455 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704036 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6856 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA3C74  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961531 78007467 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.704040 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6857 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA40F0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961531 78007467 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.755528 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6858 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA456C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961531 78007467 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.764741 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6859 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA49E8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961535 78007484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.771217 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6860 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA4E64  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961535 78007484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.777970 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6861 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA52E0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961535 78007484 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.787324 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6862 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA575C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961539 78007500 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.795694 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6863 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA5BD8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961539 78007500 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.803324 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6864 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA6054  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961539 78007500 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.809045 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6865 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA64D0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961542 78007512 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.814460 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6866 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA694C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961542 78007512 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.821002 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6867 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA6DC8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961542 78007512 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.824051 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6868 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA7244  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961546 78007526 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.824056 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6869 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA76C0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961546 78007526 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.824058 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6870 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0xFFDA7B3C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961546 78007526 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.824061 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6871 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA7FB8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961550 78007542 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.824063 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6872 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA8434  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961550 78007542 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.868916 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6873 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA88B0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961550 78007542 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.868918 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6874 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA8D2C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961553 78007556 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.868922 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6875 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA91A8  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961553 78007556 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.868924 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6876 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA9624  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961553 78007556 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.868928 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6877 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA9AA0  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961556 78007569 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.897875 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6878 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDA9F1C  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961556 78007569 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.912312 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6879 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDAA398  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961556 78007569 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.920114 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6880 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDAA814  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961560 78007585 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:38.924696 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6881 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDAAC90  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961560 78007585 

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
[Priority: 3] 
11/08-13:05:38.924696 10.2.190.254:52767 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6881 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xFFDAAC90  Ack: 0x9B0FFE98  Win: 0xD8  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961560 78007585 

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:39.703272 10.2.190.254:36547 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39751 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0xCA37B1  Ack: 0x9C28CDB0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961789 78008498 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:39.705575 10.2.190.254:36547 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39752 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0xCA3C2D  Ack: 0x9C28CDB0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 961789 78008498 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:40.877954 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFFBDD315  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:40.879469 10.2.190.254:33042 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFFBDD315  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:40.893741 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18287 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x1B8E94E  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962088 78009690 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Priority: 3] 
11/08-13:05:40.893741 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18287 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x1B8E94E  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962088 78009690 

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:40.929435 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18290 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x1B8F6C2  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962098 78009733 

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:40.935733 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18291 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x1B8FB3E  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962098 78009733 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:40.944494 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18292 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x1B8FFBA  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962099 78009740 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:2003099:4] ET WEB-MISC Poison Null Byte [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:40.944951 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18293 IpLen:20 DgmLen:222 DF
***AP*** Seq: 0x1B90436  Ack: 0x9D4845A5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962099 78009740 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_URI][Xref => http://doc.emergingthreats.net/2003099][Xref => http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3602][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4458][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4542]

[**] [1:3638:7] WEB-CGI SoftCart.exe CGI buffer overflow attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:41.086061 10.2.190.254:46645 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:55187 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x1DD79C4  Ack: 0x9D801F71  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962137 78009888 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-2221][Xref => http://www.securityfocus.com/bid/10926]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:41.088542 10.2.190.254:46645 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:55188 IpLen:20 DgmLen:498 DF
***AP*** Seq: 0x1DD7E40  Ack: 0x9D801F71  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962137 78009888 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:41.463082 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFA4679B7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:41.467317 10.2.190.254:50217 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xFA4679B7  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:1248:18] WEB-FRONTPAGE rad fp30reg.dll access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:41.522335 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13155 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x2919DDE  Ack: 0x9E1CDDE9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962244 78010314 
[Xref => http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10699][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0822][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0341][Xref => http://www.securityfocus.com/bid/2906][Xref => http://www.whitehats.com/info/IDS555]

[**] [1:1288:10] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:41.522335 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13155 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x2919DDE  Ack: 0x9E1CDDE9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962244 78010314 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11032]

[**] [1:1807:12] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:41.522335 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13155 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x2919DDE  Ack: 0x9E1CDDE9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962244 78010314 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10932][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Priority: 3] 
11/08-13:05:41.531327 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13156 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x291A25A  Ack: 0x9E1CDDE9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962244 78010314 

[**] [1:2002844:4] ET WEB WebDAV search overflow [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:05:42.077907 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9686 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E8AB3  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962412 78010990 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Webdav][Xref => http://doc.emergingthreats.net/2002844][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:05:42.077907 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9686 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E8AB3  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962412 78010990 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.077907 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9686 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E8AB3  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962412 78010990 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.077911 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9687 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E8F2F  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962412 78010990 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.104569 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9688 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x32E93AB  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962412 78010990 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.186427 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9689 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E9827  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962421 78011027 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.193963 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9690 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32E9CA3  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962421 78011027 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.206415 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9691 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x32EA11F  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962423 78011034 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.217191 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9692 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32EA59B  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962423 78011034 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.244409 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9693 IpLen:20 DgmLen:1200 DF
***A**** Seq: 0x32EAA17  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962425 78011042 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.251583 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9694 IpLen:20 DgmLen:1200 DF
***AP*** Seq: 0x32EAE93  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962425 78011042 

[**] [1:1394:10] SHELLCODE x86 inc ecx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
11/08-13:05:42.260863 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9695 IpLen:20 DgmLen:1200 DF
***AP**F Seq: 0x32EB30F  Ack: 0x9E4F99E9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 962431 78011042 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.274637 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x32EAE93  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.279438 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x32EAE93  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.279440 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1B904E1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.282373 10.2.190.254:51964 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x1B904E1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.294059 10.2.190.254:54596 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x32EB78C  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.294061 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2927CF6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:42.294063 10.2.190.254:55585 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2927CF6  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:52.338749 10.2.197.241:35081 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC108C294  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:52.486770 10.2.197.241:35082 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC1AD4343  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:05:52.600863 10.2.197.241:35084 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC1E771F9  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:06:18.607777 10.2.190.254:61000 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x25441E31  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:06:18.780460 10.2.190.254:32768 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x2535B642  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:06:19.196624 10.2.190.254:32769 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x24BAD4E9  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:08:08.962622 10.2.197.241:35097 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x417AFE5B  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:51.814319 10.2.197.241:51903 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDADD7660  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:51.979097 10.2.197.241:51914 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB0E3538  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:51.980091 10.2.197.241:51914 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB0E3538  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:52.012774 10.2.197.241:51914 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB0E355E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:52.083318 10.2.197.241:51916 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB38818D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:52.084022 10.2.197.241:51916 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB38818D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:10:52.108910 10.2.197.241:51916 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xDB3881B3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:27.502337 10.2.197.241:48694 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:62099 IpLen:20 DgmLen:163 DF
***AP*** Seq: 0xA5869307  Ack: 0x8BB9A995  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923229 78538948 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:27.902517 10.2.197.241:48696 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39204 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA556F8DA  Ack: 0x8BB0FC0E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923329 78539352 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:28.164906 10.2.197.241:48698 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:60141 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA59C88D7  Ack: 0x8BD57479  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923396 78539617 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:28.383683 10.2.197.241:48700 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:126 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA5CC6209  Ack: 0x8C346E70  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923451 78539835 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:28.620739 10.2.197.241:48712 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35057 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA62EEA60  Ack: 0x8C905EAC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923510 78540074 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:28.841631 10.2.197.241:48714 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2365 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA6536BDD  Ack: 0x8C283DC1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923565 78540295 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:29.058864 10.2.197.241:48716 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2998 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA6AA68A9  Ack: 0x8CBB3E5B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923618 78540514 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:29.458824 10.2.197.241:48729 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41754 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA71CC095  Ack: 0x8CEA27CE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923731 78540896 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:29.676379 10.2.197.241:48731 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26179 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA6F10583  Ack: 0x8D917D00  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923785 78541032 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:29.899724 10.2.197.241:48733 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:22924 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA7D73A72  Ack: 0x8D1D94F5  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923841 78541206 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:30.140780 10.2.197.241:48735 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38669 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA800F334  Ack: 0x8DF54954  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923902 78541509 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:30.365132 10.2.197.241:48737 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26865 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA79C0C85  Ack: 0x8DA87A27  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5923953 78541773 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:30.603102 10.2.197.241:48749 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:37748 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA7CAF7D5  Ack: 0x8E097A78  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924012 78542043 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:30.993173 10.2.197.241:48752 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2900 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA8B36E55  Ack: 0x8EC6DB87  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924109 78542459 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:31.199718 10.2.197.241:54136 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xA885A5E3  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:31.229029 10.2.197.241:48754 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28454 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA93A0A67  Ack: 0x8EBAE119  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924168 78542695 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:31.451307 10.2.197.241:48766 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59553 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA94F8DE8  Ack: 0x8F310091  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924223 78542917 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:31.680531 10.2.197.241:48768 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16710 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA9AC24F6  Ack: 0x8F65414E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924280 78543150 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:31.909604 10.2.197.241:48770 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26988 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xA9CA0C83  Ack: 0x8F7A35BE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924335 78543378 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:32.128052 10.2.197.241:48772 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:60545 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xAA038A60  Ack: 0x9025FE0E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5924391 78543598 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.572143 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58782 IpLen:20 DgmLen:60 DF
******S* Seq: 0xF0368B5F  Ack: 0x0  Win: 0xFFFF  TcpLen: 40
TCP Options (5) => MSS: 1460 NOP WS: 3 SackOK TS: 101032051 0 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.572377 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0x96D8BF18  Ack: 0xF0368B60  Win: 0x16A0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 78551107 101032051 NOP WS: 6 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.573362 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58783 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF0368B60  Ack: 0x96D8BF19  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032051 78551107 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.667598 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58784 IpLen:20 DgmLen:188 DF
***AP*** Seq: 0xF0368B60  Ack: 0x96D8BF19  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032060 78551107 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.667776 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10170 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x96D8BF19  Ack: 0xF0368BE8  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551203 101032060 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.676755 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10172 IpLen:20 DgmLen:149 DF
***AP*** Seq: 0x96D8C4C1  Ack: 0xF0368BE8  Win: 0x6C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551212 101032060 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.680319 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58786 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF0368BE8  Ack: 0x96D8C522  Win: 0x1FC4  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032062 78551212 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.827659 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58798 IpLen:20 DgmLen:250 DF
***AP*** Seq: 0xF0368BE8  Ack: 0x96D8C522  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032077 78551212 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.834019 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10173 IpLen:20 DgmLen:111 DF
***AP*** Seq: 0x96D8C522  Ack: 0xF0368CAE  Win: 0x7C  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551370 101032077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.835781 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58799 IpLen:20 DgmLen:238 DF
***AP*** Seq: 0xF0368CAE  Ack: 0x96D8C55D  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032077 78551370 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.875750 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10174 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x96D8C55D  Ack: 0xF0368D68  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551412 101032077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.881322 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10175 IpLen:20 DgmLen:1373 DF
***AP*** Seq: 0x96D8C55D  Ack: 0xF0368D68  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551417 101032077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.881390 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10176 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0x96D8CA86  Ack: 0xF0368D68  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551417 101032077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.881544 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:10177 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x96D8CAAB  Ack: 0xF0368D68  Win: 0x8D  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78551418 101032077 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.884483 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58800 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF0368D68  Ack: 0x96D8CAAB  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032082 78551417 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:39.884587 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:58801 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xF0368D68  Ack: 0x96D8CAAC  Win: 0x1FDC  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032082 78551418 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:42.343479 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:59121 IpLen:20 DgmLen:89 DF
***AP*** Seq: 0xF0368D68  Ack: 0x96D8CAAC  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032329 78551418 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:42.343646 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x96D8CAAC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:42.343821 10.1.60.253:62712 -> 154.241.88.201:443
TCP TTL:63 TOS:0x0 ID:59122 IpLen:20 DgmLen:52 DF
***A***F Seq: 0xF0368D8D  Ack: 0x96D8CAAC  Win: 0x2086  TcpLen: 32
TCP Options (3) => NOP NOP TS: 101032329 78551418 

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:42.343955 154.241.88.201:443 -> 10.1.60.253:62712
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0x96D8CAAC  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:42.443190 10.2.197.241:53327 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39424 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB417E9B8  Ack: 0x9963CD0C  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5926991 78553965 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:42.662896 10.2.197.241:53329 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:4396 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB42A61AB  Ack: 0x99F964CB  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927047 78554186 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:42.885605 10.2.197.241:53331 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13988 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB4E54615  Ack: 0x99A7F56A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927100 78554409 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:43.075718 10.2.197.241:54013 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB4CC494D  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:43.100501 10.2.197.241:54013 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xB4CC494E  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:43.117352 10.2.197.241:53333 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13186 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB4FB436E  Ack: 0x99FCFD70  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927155 78554642 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:43.365332 10.2.197.241:53335 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11727 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB5645CFF  Ack: 0x9AA8516F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927226 78554887 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:43.648749 10.2.197.241:53348 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:49526 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB5A8B010  Ack: 0x9A51292F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927298 78555173 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:43.867423 10.2.197.241:53350 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38629 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB5A1E751  Ack: 0x9A377D95  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927354 78555395 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:44.085804 10.2.197.241:53352 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:34692 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB651F669  Ack: 0x9B00353B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927408 78555616 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:44.309089 10.2.197.241:53354 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19577 IpLen:20 DgmLen:171 DF
***AP*** Seq: 0xB5AE3E56  Ack: 0x9B9D79BC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927464 78555840 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:969:8] WEB-IIS WebDAV file lock attempt [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:14:45.131744 10.2.197.241:53369 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:31603 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0xB7280984  Ack: 0x9B860FF7  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927672 78556668 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10732][Xref => http://www.securityfocus.com/bid/2736]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:45.391924 10.2.197.241:53383 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28912 IpLen:20 DgmLen:163 DF
***AP*** Seq: 0xB75D03DE  Ack: 0x9C111155  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927737 78556928 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:45.836638 10.2.197.241:53387 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:61793 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0xB7BE82FD  Ack: 0x9C8760EC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927847 78557375 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2056:5] WEB-MISC TRACE attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:14:45.997363 10.2.197.241:53389 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24106 IpLen:20 DgmLen:131 DF
***AP*** Seq: 0xB7682DF1  Ack: 0x9D412BF6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5927903 78557598 
[Xref => http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11213][Xref => http://www.securityfocus.com/bid/9561]

[**] [1:2001546:7] ET WEB-MISC LINK Method [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:14:46.906314 10.2.197.241:53412 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2708 IpLen:20 DgmLen:130 DF
***AP*** Seq: 0xB88A7E40  Ack: 0x9D1E741E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928116 78558451 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_LINK_Method][Xref => http://doc.emergingthreats.net/2001546][Xref => http://www.w3.org/Protocols/HTTP/Methods/Link.html]

[**] [1:2091:12] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:14:47.101510 10.2.197.241:53415 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:30540 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB8DA0395  Ack: 0x9D55A87C  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928165 78558648 
[Xref => http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11413][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109][Xref => http://www.securityfocus.com/bid/7116]

[**] [1:1070:10] WEB-MISC WebDAV search access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:14:47.231642 10.2.197.241:53417 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1760 IpLen:20 DgmLen:132 DF
***AP*** Seq: 0xB92D7224  Ack: 0x9D839DBA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928195 78558778 
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0951][Xref => http://www.securityfocus.com/bid/1756][Xref => http://www.whitehats.com/info/IDS474]

[**] [1:2091:12] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
11/08-13:14:47.231642 10.2.197.241:53417 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1760 IpLen:20 DgmLen:132 DF
***AP*** Seq: 0xB92D7224  Ack: 0x9D839DBA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928195 78558778 
[Xref => http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11413][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0109][Xref => http://www.securityfocus.com/bid/7116]

[**] [1:2001675:6] ET WEB Proxy CONNECT Request [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
11/08-13:14:47.365441 10.2.197.241:53419 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57209 IpLen:20 DgmLen:133 DF
***AP*** Seq: 0xB8FAAA69  Ack: 0x9E1ECB85  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928229 78558913 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Apache_Open_Proxy][Xref => http://doc.emergingthreats.net/2001675]

[**] [1:1603:8] WEB-MISC DELETE attempt [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
11/08-13:14:47.703709 10.2.197.241:53434 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:52150 IpLen:20 DgmLen:132 DF
***AP*** Seq: 0xB9CDBEC8  Ack: 0x9E71F5A6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928314 78559251 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10498]

[**] [1:1048:11] WEB-MISC Netscape Enterprise directory listing attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:14:47.774257 10.2.197.241:53435 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:10969 IpLen:20 DgmLen:131 DF
***AP*** Seq: 0xB9925F52  Ack: 0x9EAF7D3F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928332 78559324 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10691][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0250][Xref => http://www.securityfocus.com/bid/2285]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:48.495158 10.2.197.241:53456 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1008 IpLen:20 DgmLen:174 DF
***AP*** Seq: 0xBA0C75D6  Ack: 0x9F5710F2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928513 78560048 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2056:5] WEB-MISC TRACE attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:14:48.903460 10.2.197.241:53459 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:17147 IpLen:20 DgmLen:131 DF
***AP*** Seq: 0xBA483467  Ack: 0x9EF9CB33  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928614 78560457 
[Xref => http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf][Xref => http://cgi.nessus.org/plugins/dump.php3?id=11213][Xref => http://www.securityfocus.com/bid/9561]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:49.214918 10.2.197.241:53462 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56629 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xBA42ABE0  Ack: 0x9F4B91EF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928691 78560771 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:49.447308 10.2.197.241:53474 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:34907 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xBAE4FF7D  Ack: 0x9FFC2DBF  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928748 78561005 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:49.675212 10.2.197.241:53476 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:45458 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xBAE9C6D0  Ack: 0xA09AC033  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928806 78561234 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:49.860775 10.2.197.241:53478 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28250 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xBB0519C3  Ack: 0xA0C8AE38  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928864 78561467 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:50.226688 10.2.197.241:53480 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:64033 IpLen:20 DgmLen:204 DF
***AP*** Seq: 0xBBEF8DF7  Ack: 0xA0569698  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5928944 78561788 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:50.455420 10.2.197.241:53492 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:42683 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xBC05DE9B  Ack: 0xA12293B9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929001 78562018 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:50.679591 10.2.197.241:53494 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59807 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xBC0D91C7  Ack: 0xA17365DB  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929058 78562243 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:50.911392 10.2.197.241:53496 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:12322 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xBBE948B8  Ack: 0xA12D95C9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929125 78562473 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:51.146480 10.2.197.241:53498 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:51711 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xBCE1B126  Ack: 0xA1120831  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929183 78562712 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:51.378636 10.2.197.241:53510 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56512 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xBCDDA5AD  Ack: 0xA15E05E1  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929241 78562943 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:1489:8] WEB-MISC /~nobody access [**]
[Classification: Web Application Attack] [Priority: 1] 
11/08-13:14:51.571748 10.2.197.241:53512 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:43471 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xBD02D082  Ack: 0xA1E5AD64  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929298 78563177 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10484]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:51.571748 10.2.197.241:53512 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:43471 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xBD02D082  Ack: 0xA1E5AD64  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929298 78563177 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:51.837757 10.2.197.241:53514 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24197 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xBCEE2707  Ack: 0xA2A7BD61  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929356 78563405 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:1145:8] WEB-MISC /~root access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:52.064740 10.2.197.241:53516 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16704 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xBDC23882  Ack: 0xA2DC3B96  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929413 78563635 

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:52.064740 10.2.197.241:53516 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:16704 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xBDC23882  Ack: 0xA2DC3B96  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929413 78563635 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:52.288265 10.2.197.241:53518 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:29356 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xBD3C0B5E  Ack: 0xA299C9C2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929470 78563860 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:52.547750 10.2.197.241:53530 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57173 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xBE53A56C  Ack: 0xA31DF6EB  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929535 78564121 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:52.775178 10.2.197.241:53532 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:23018 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xBE0B239B  Ack: 0xA3820C97  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929592 78564349 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.006839 10.2.197.241:53534 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19662 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xBE813664  Ack: 0xA36DF5BE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929654 78564582 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.216429 10.2.197.241:53536 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:61664 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xBE108A3A  Ack: 0xA3647E66  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929711 78564813 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:1662:6] WEB-MISC /~ftp access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.475533 10.2.197.241:53548 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:49959 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xBF05B807  Ack: 0xA35FEE1F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929770 78565050 

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.475533 10.2.197.241:53548 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:49959 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xBF05B807  Ack: 0xA35FEE1F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929770 78565050 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:1213:6] WEB-MISC backup access [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.721798 10.2.197.241:53550 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24672 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xBF1F1B3D  Ack: 0xA37C56E8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929833 78565301 

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.721798 10.2.197.241:53550 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24672 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xBF1F1B3D  Ack: 0xA37C56E8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929833 78565301 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:53.944521 10.2.197.241:53552 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:36947 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xBF0DEBCC  Ack: 0xA3D93757  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929888 78565524 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:54.169846 10.2.197.241:53554 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:23963 IpLen:20 DgmLen:205 DF
***AP*** Seq: 0xBFB92649  Ack: 0xA3FAAF7D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5929944 78565751 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:54.397241 10.2.197.241:53566 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:45926 IpLen:20 DgmLen:206 DF
***AP*** Seq: 0xBF45CF6F  Ack: 0xA4A43262  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930001 78565979 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:54.578676 10.2.197.241:53568 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:23608 IpLen:20 DgmLen:204 DF
***AP*** Seq: 0xC04B2076  Ack: 0xA4B11BCE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930057 78566227 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:54.868885 10.2.197.241:53570 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28273 IpLen:20 DgmLen:205 DF
***AP*** Seq: 0xBFBC1215  Ack: 0xA50DCFE6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930114 78566454 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:55.094153 10.2.197.241:53572 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5541 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xC0996911  Ack: 0xA5A861CE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930169 78566680 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:55.315978 10.2.197.241:53574 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5399 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC0F069FF  Ack: 0xA55A9E8A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930226 78566906 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:55.813454 10.2.197.241:53588 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35989 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xC120F1EC  Ack: 0xA61B55DB  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930374 78567482 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:56.125149 10.2.197.241:53590 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:47857 IpLen:20 DgmLen:204 DF
***AP*** Seq: 0xC112C751  Ack: 0xA5FD9181  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930438 78567716 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:56.314930 10.2.197.241:54272 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC16376A0  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [129:4:1] TCP Timestamp is outside of PAWS window [**]
[Priority: 3] 
11/08-13:14:56.339000 10.2.197.241:54272 -> 154.241.88.201:443
TCP TTL:61 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*****R** Seq: 0xC16376A1  Ack: 0x0  Win: 0x0  TcpLen: 20

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:56.350336 10.2.197.241:53602 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:21774 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC18628FA  Ack: 0xA6E0BAFD  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930492 78567943 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:56.574044 10.2.197.241:53604 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:41778 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC135DD1E  Ack: 0xA65EAE82  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930548 78568167 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:56.802991 10.2.197.241:53606 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6761 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xC2016401  Ack: 0xA6F588E8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930605 78568397 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:57.026672 10.2.197.241:53608 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:12085 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xC1FC51AC  Ack: 0xA73DE80B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930654 78568622 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:57.258595 10.2.197.241:53610 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:30765 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC26406FA  Ack: 0xA6FC6B39  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930712 78568855 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:57.543759 10.2.197.241:53622 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6608 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC2D466D8  Ack: 0xA7F89123  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930784 78569141 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:58.103366 10.2.197.241:53626 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32441 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xC2E60108  Ack: 0xA7E02C9D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930934 78569703 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:58.332345 10.2.197.241:53638 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:48189 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xC2EEC3D3  Ack: 0xA8647122  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5930992 78569934 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:58.558215 10.2.197.241:53640 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:60639 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xC3A86CFE  Ack: 0xA7FAD6E2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931046 78570159 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:58.785716 10.2.197.241:53642 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:774 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xC3CF835E  Ack: 0xA91C1923  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931104 78570390 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:59.074354 10.2.197.241:53644 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6930 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC4489B8D  Ack: 0xA8A4C2E2  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931171 78570677 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:59.299669 10.2.197.241:53646 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39455 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xC41C1AC9  Ack: 0xA9628EEE  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931228 78570905 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:59.550899 10.2.197.241:53658 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:14721 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xC4CFB86C  Ack: 0xA9B5BA7F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931291 78571158 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:14:59.798736 10.2.197.241:53660 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56646 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xC4CF5C18  Ack: 0xA96272F9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931353 78571407 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:00.048302 10.2.197.241:53662 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:28171 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC4F1EF99  Ack: 0xAA3AE9B6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931415 78571657 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:00.312837 10.2.197.241:53664 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:36515 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xC4B70F73  Ack: 0xA9DABF45  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931482 78571925 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:00.548375 10.2.197.241:53676 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:58409 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xC597662A  Ack: 0xAA69A5D3  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931541 78572160 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:00.779632 10.2.197.241:53678 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:14581 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC546BABB  Ack: 0xAA164AA0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931599 78572393 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:01.013098 10.2.197.241:53680 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:55042 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC5725582  Ack: 0xAA565A5A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931655 78572625 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:01.282038 10.2.197.241:53682 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:1929 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xC59E8546  Ack: 0xAB70B996  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931729 78572887 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:01.511918 10.2.197.241:53694 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:13462 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xC67AB799  Ack: 0xAB94F830  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931794 78573130 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:01.741120 10.2.197.241:53696 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:51347 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xC6B74BD6  Ack: 0xAB6B8249  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931850 78573360 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:02.004575 10.2.197.241:53698 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7349 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC6DA9F31  Ack: 0xAB6D0785  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931914 78573625 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:02.288399 10.2.197.241:53700 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:27889 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC73CEF2C  Ack: 0xAC15503A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5931984 78573888 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:02.521034 10.2.197.241:53712 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39176 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xC7981D03  Ack: 0xACA207B9  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932042 78574143 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:02.746882 10.2.197.241:53714 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35444 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xC7560E4F  Ack: 0xAC17F4DD  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932099 78574371 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:03.152900 10.2.197.241:53716 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:56004 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xC7955E4C  Ack: 0xACD0C4A4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932200 78574683 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:03.844370 10.2.197.241:53728 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7025 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xC8549E57  Ack: 0xACE4D78E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932374 78575386 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:04.354457 10.2.197.241:53740 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57299 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xC9305A1E  Ack: 0xAD86EEF7  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932500 78575978 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:04.729206 10.2.197.241:53742 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:21628 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xC918D253  Ack: 0xADF7260A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932614 78576344 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:05.339305 10.2.197.241:53744 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:61348 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xC99E6911  Ack: 0xAE680172  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932748 78576899 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:05.786723 10.2.197.241:53756 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11053 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xCA3EAC1B  Ack: 0xAF520408  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932857 78577415 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:06.038720 10.2.197.241:53758 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:7569 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xCA919AFD  Ack: 0xAF84CB49  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932922 78577679 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:06.276141 10.2.197.241:53760 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:59472 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xCB2B6FE1  Ack: 0xAF95953E  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5932981 78577918 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:06.547518 10.2.197.241:53772 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:39596 IpLen:20 DgmLen:197 DF
***AP*** Seq: 0xCAE31D59  Ack: 0xB061721D  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933048 78578189 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:06.794068 10.2.197.241:53774 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:32224 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xCAD9F5E6  Ack: 0xB04239D4  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933122 78578435 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:07.367379 10.2.197.241:53788 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:40843 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xCC3E1744  Ack: 0xB077F297  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933265 78579014 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:07.590827 10.2.197.241:53790 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:46565 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xCBF93CE2  Ack: 0xB0FE420F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933321 78579239 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:07.820799 10.2.197.241:53792 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:22111 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xCC4FDF67  Ack: 0xB122B29F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933378 78579470 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:08.047029 10.2.197.241:53794 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35529 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xCC2703B4  Ack: 0xB152F712  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933434 78579697 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:08.278194 10.2.197.241:53796 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:11756 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xCCE3A441  Ack: 0xB1FC8C2C  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933489 78579927 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:08.513064 10.2.197.241:53808 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:15489 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xCCD2B59A  Ack: 0xB1B405CA  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933549 78580166 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:08.741868 10.2.197.241:53810 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:9918 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xCD28ACA3  Ack: 0xB1940600  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933604 78580396 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:08.966504 10.2.197.241:53812 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:50840 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xCCEA4CC1  Ack: 0xB2555416  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933661 78580622 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:09.176365 10.2.197.241:53814 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:57526 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xCDC56A3B  Ack: 0xB2D016A8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933717 78580855 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:09.427553 10.2.197.241:53826 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:43853 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xCD572199  Ack: 0xB26D384A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933785 78581084 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:09.662891 10.2.197.241:53828 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:19518 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xCE02C732  Ack: 0xB2E53BE6  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933844 78581318 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:09.895308 10.2.197.241:53830 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:61126 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xCE2D658D  Ack: 0xB2D0492B  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933902 78581555 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:10.161782 10.2.197.241:53832 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:54701 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xCDFD5E22  Ack: 0xB347DFCC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5933968 78581823 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:10.391446 10.2.197.241:53844 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:2705 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xCEFC814E  Ack: 0xB3919AAC  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934024 78582053 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:10.614413 10.2.197.241:53846 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:58222 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xCF256897  Ack: 0xB3C7D88F  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934080 78582278 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:10.839529 10.2.197.241:53848 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:24439 IpLen:20 DgmLen:204 DF
***AP*** Seq: 0xCF14D35B  Ack: 0xB3C993C7  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934133 78582504 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:11.075866 10.2.197.241:53850 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:26903 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xCF5DE57E  Ack: 0xB459147A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934190 78582741 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:11.317829 10.2.197.241:53852 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:21771 IpLen:20 DgmLen:203 DF
***AP*** Seq: 0xCF5FD9AE  Ack: 0xB4BAF64A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934251 78582984 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:11.544853 10.2.197.241:53864 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:63718 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xCFCF7439  Ack: 0xB4BD74AD  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934307 78583213 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:11.874467 10.2.197.241:53866 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:44505 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xCFB020F5  Ack: 0xB4633359  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934400 78583449 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:12.395371 10.2.197.241:53878 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:14866 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xD014B7AC  Ack: 0xB5B47D22  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934532 78584058 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:12.684986 10.2.197.241:53880 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:35454 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xD13C047B  Ack: 0xB587ABF8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934605 78584358 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:12.914914 10.2.197.241:53882 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:5966 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xD0989973  Ack: 0xB5E80AF0  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934661 78584590 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:13.140570 10.2.197.241:53884 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:6229 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xD0FD9626  Ack: 0xB62F2845  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934717 78584817 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:13.367437 10.2.197.241:53896 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:54570 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0xD1115B87  Ack: 0xB5F10A62  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934772 78585045 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:13.594156 10.2.197.241:53898 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:10279 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xD1AAA6C3  Ack: 0xB6EF0A83  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934829 78585272 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:13.820179 10.2.197.241:53900 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:14426 IpLen:20 DgmLen:201 DF
***AP*** Seq: 0xD1E1B747  Ack: 0xB65FF61A  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934885 78585500 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:14.044705 10.2.197.241:53902 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:18273 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xD271C809  Ack: 0xB76BFCE8  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934942 78585725 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:14.269660 10.2.197.241:53904 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:55675 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xD27656F7  Ack: 0xB6FEA067  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5934998 78585951 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/08-13:15:14.497370 10.2.197.241:53916 -> 154.241.88.201:80
TCP TTL:61 TOS:0x0 ID:38334 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xD2971A7C  Ack: 0xB754AB41  Win: 0xB7  TcpLen: 32
TCP Options (3) => NOP NOP TS: 5935053 78586180 
[Xref => http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_W3AF][Xref => http://doc.emergingthreats.net/2007757][Xref => http://w3af.sourceforge.net]

[**] [1:2007757:3] ET SCAN w3af User Agent [**]
[Classification: Attempted Information Leak] [Prio