0 1 1 1 100 101 102 103 104 105 0 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 1 0 /denied.htm 0 999 No Hacking 1 1 6 0 36 0 1 D:\WebFirewall\LogFiles\ 1 0 28 1 1 0 0 0 1 1 0 1 0 0 0 400 2 1 1 1 1 12345 54321 adm admin administrator access account all anyone backup control database dba debug default develop developer development enter ftp ftproot god guest login master oracle oracle8 password pass pwrchute root sa secret sql sqlserver tech test user web webmaster work www 1 1 5 30 0 Administrateur Administrator Beheerder 0 Guest SQLDebugger TsInetnetUser Test SQL SQLServer Webserver nobody postmaster operator Mail Replicator Replication Debug DBA abc access admin anon anonymous anyone backup batch config control data database ftp ftproot install login master oracle oracle8 public pwrchute recovery remote root router sa security server service setup sybase test user web webdb webmaster www wwwadmin 1 1 1 1 1 5300642 2024 2024 22 1 HTTP/0.9 HTTP/1.0 HTTP/1.1 0 BITS-Packet-Type:64 Content-Encoding:128 Content-Language:256 Content-Transfer-Encoding:128 Destination:1024 Lock-Token:1024 Cookie:4095 Expires:64 Host:256 Max-Forwards:32 Allow:512 Content-Range:256 If-Modified-Since:64 BITS-Supported-Protocols:4095 Connection:256 Forwarded:9000 Last-Modified:64 Message-id:1024 Title:9000 Upgrade:256 Version:128 Accept-Ranges:128 Ms-Echo-Request:128 Pragma:256 Referer:1024 TE:128 Unless-Modified-Since:64 BITS-Session-Id:1024 Content-Location:1024 Vary:128 BITS-Response-DataFile-Name:1024 If-None-Match:256 If-Range:4000 If-Unmodified-Since:64 PassportConfig:4000 Authorization:4000 Content-Base:1024 Depth:64 Trailer:128 Content-Id:1024 Orig-Uri:1024 Proxy-Authorization:4000 Public:4000 SOAPAction:4095 User-Agent:256 Accept-Charset:1024 Date:64 Accept-Encoding:256 Accept-Language:356 Derived-From:9000 PassportURLs:4000 BITS-Original-Request-URL:1024 If:4095 Proxy-Connection:256 Content-Disposition:256 Content-MD5:4000 Mime-Version:128 Overwrite:64 Proxy-Support:4000 Timeout:1024 BITS-Request-DataFile-Name:1024 Content-Name:512 Expect:256 Translate:256 Via:9000 Accept:1024 Cache-Control:256 Charge-To:512 Ms-Echo-Reply:128 Transfer-Encoding:128 BITS-Protocol:1024 Content-Description:1000 Content-Type:256 From:321 If-Match:256 Range:256 Uri:1024 1 1 1 1 1 1 0 0 0 0 ?# 0 0 /scripts /iishelp /iisadmin /msadc /printers /samples /iisadmpwd /_vti_aut /_vti_bin /_vti_rpc /_vti_pvt /admcgi /admisapi /_private /_vti_cnf /_vti_log /_vti_script /_vti_txt /_mem_bin /ftp only /ftp_only /ftp-only /system32 /adsamples /pbserver /rpc /cfdocs /cfdocs/exampleapp /cfdocs/snippets /cfdocs/expeval /cfdocs/examples /cfappman /cfide/administrator /siteserver /advworks /ssi/envout.bat /cgi-bin /cgi-local /cgi-win /htbin /cgibin /cgis /cgi /test-cgi /ows-bin/ /bin/ /sbin/ /etc/ /database/ /databases/ /dbase/ /db/ /storedb/ /fpdb/ /log/ /logs/ /logfile/ /logfiles/ /logger/ /server_stats/ /trafficlog/ /weblog/ /weblogs/ /webstats/ /wstats/ /wusage/ /wwwlog/ /wwwstats/ /mall_log_files/ /admin /admin_/ /_admin/ /srchadm/ /admnlogin /adminlogin /siteadmin /w3perl/admin /webaccess/ /account/ /administrator/ /config/ /fpadmin/ /srchadm/ /admin_files /passwords/ /etc/passwd /exchange /exchweb /public /exadmin /hit_tracker/ /hitmatic/ /counter/ /c/ /d/ /doc-html/ /ftp/ /htdocs/ /install/ /intranet/ /jdbc/ /msql/ /odbc/ /oracle/ /private/ /sql/ /temp/ /tmp/ /test/ /webdriver /http/1. /glimpse /aglimpse /htmlscript /info2www /nph-test-cgi /nph-publish /view-source /w3-msql /www-sql /level/*/exec/ /nessus_is_probing_you_ /~root /handler /backup /filemail /plusmail /ultraboard /empower /pals-cgi /htgrep /.nsconfig /catinfo /sweditservlet /cybercop /webcart/ /rmp_query /rpm_query /servlet/servletexec /admin-serv/config/admpw /c32web.exe/changeadminpassword /graphics/sml3com /jsp/snp/*.snp _authchangeurl /dbadmin /myadmin /mysqladmin /mysql-admin /phpadmin /phpmyadmin slurpconfirm404 /thisdoesnotexistahaha. 0 / http:// https:// 1 1 1 1 1 0 *?"<>|$^# 0 c:\inetpub\wwwroot c:\inetpub\scripts c:\winnt\help\iishelp c:\inetpub\iissamples c:\winnt\web\printers c:\winnt\system32\inetsrv\iisadmin c:\winnt\system32\certsrv c:\program files\common files\system\msadc c:\program files\common files\microsoft shared\web server extensions m:\ c:\program files\exchsrvr\exchweb \\.\backofficestorage c:\program files d:\www d:\web e:\www e:\web f:\www f:\web 0 \:/*?"<>|$^# 0 0 arp.exe at.exe atmadm.exe attrib.exe cacls.exe chkdsk.exe chkntfs.exe cipher.exe cluster.exe cmd.exe comp.exe date.exe debug.exe diskcomp.com diskcopy.com diskperf.exe doskey.exe edlin.exe exe2bin.exe expand.exe fc.exe find.exe findstr.exe forcedos.exe format.exe ftp.exe graphics.com hostname.exe ipconfig.exe ipxroute.exe label.exe loadfix.exe mem.exe mode.com mountvol.exe nbtstat.exe net.exe netsh.exe netstat.exe nslookup.exe pathping.exe ping.exe rcp.exe replace.exe rexec.exe route.exe rsh.exe runas.exe rundll.exe rundll32.exe runonce.exe setver.exe subst.exe tcmsetup.exe telnet.exe tftp.exe time.exe winnt.exe winnt32.exe xcopy.exe command.com cmd1.exe root.exe shell.exe iisreset.exe formmail. mailform. nc.exe netcat.exe sumthin whisker.ida whisker.idc whisker.idq whisker.htw whisker.htr carbo.dll ctguestb.idc details.idc w3proxy.dll sam._ sensepost.exe achg.htr anot.htr adctest.asp ism.dll bdir.htr codebrws.asp form_jscript.asp form_vbscript.asp servervariables_jscript.asp fpcount.exe _vti_inf.html postinfo.html fp30reg.dll fp4areg.dll shtml.dll shtml.exe fpsrvadm.exe fpremadm.exe fpadmin.htm fpadmcgi.exe cfgwiz.exe authors.pwd author.exe author.dll administrators.pwd access.cnf service.cnf service.pwd service.stp services.cnf svcacl.cnf users.pwd writeto.cnf dvwssr.dll getdrvs.exe global.asa $data msadcs.dll newdsn.exe search97.vts viewcode. showcode. site.csc srch.htm uploadn.asp logonfrm.asp cgimail.exe quickstore.cfg bigconf.cgi storemgr.pw admin.pw test. password.php3 password.txt passwd.txt passwd.php passwd.php3 submit.cgi ss.cfg ncl_items.html stat_what.log easylog.html analyse.cgi admin.cgi admin.php admin.pl access-options.txt access.log access-log awebvisit.stat dan_o.dat hits.txt log.htm log.html logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm whois_raw.cgi localstart.asp .asa. .asp. .asax. .aspx. trace.axd webplus websendmail dcboard.cgi dcforum.cgi mmstdod.cgi cvsweb.cgi php.cgi maillist.pl perl.exe rguest.exe rwwwshell.pl textcounter.pl uploader.exe webhits.exe webgais finger perlshop.cgi pfdisplay.cgi args.bat at-admin.cgi bnbform.cgi wais.pl wguest.exe classifieds.cgi environ.pl filemail.pl man.sh snork.bat blat.exe day5datacopier.cgi day5datanotifier.cgi hsx.cgi s.cgi yabb.cgi post-query visadmin.exe dumpenv.pl snorkerz.cmd win-c-sample.exe w3tvars.pm lwgate flexform www-admin.pl sendform.cgi ppdscgi.exe upload.pl anyform2 machineinfo bb-hist.sh pals-cgi webspirs.cgi tstisapi.dll testisapi.dll sendmessage.cgi lastlines.cgi zml.cgi ads.cgi %00.jsp postinfo.asp repost.asp queryhit.htm counter.exe cached_feed.cgi shopping_cart.mdb password.mdb check.txt checks.txt mylog.phtml mlog.phtml convert.bas cpshost.dll smssend.php txt2html.cgi console.exe sojourn.cgi ping.exe ftp.pl poll_it_ssi_v2.0.cgi source.asp guestbook.pl import.txt count.cgi catalog.nsf domcfg.nsf domlog.nsf log.nsf names.nsf windmail.exe quikstore.cfg order.log webdist.cgi ws_ftp.ini jdkrqnotify.exe infosrch.cgi code.php3 search.vts ax-admin.cgi axs.cgi cachemgr.cgi dfire.cgi web-map.cgi responder.cgi read.php3 violation.php3 get32.exe cgitest.exe ftpsavecsp.dll ftpsavecvp.dll ftpsave.dll contextadmin.html architext_query.pl wwwboard.pl db_mysql.inc cs.exe bizdb1-search.cgi bb-hostsvc.sh pscoerrpage.htm gwweb.exe openview5.exe rpcproxy.dll read_dump.php backdoor cfcache.map exprcalc.cfm beaninfo.cfm application.cfm getfile.cfm addcontent.cfm fileexists.cfm evaluate.cfm displayopenedfile.cfm mainframeset.cfm cfmlsyntaxcheck.cfm onrequestend.cfm startstop.html gettempdirectory.cfm nul lpt1 lpt2 lpt3 lpt4 aux prn com1 com2 com3 com4 wget uname echo kill chmod chgrp chsh gcc g++ python tclsh nasm traceroute nmap lsof inetd.conf motd shadow httpd.conf 0 robots.txt 0 .htm .html .mdl .htt .htc .xml .wml .dtd .css .uls .wsc .vcf .sgm .sgml .vrml .wrl .cur .ani .js .class .sfw .cfm .cfml .txt .asc .doc .ai .eps .ps .vsd .mpp .pdf .wk4 .rtf .wmf .mcw .wps .wpg .xls .csv .xlw .ppt .pot .png .jpe .jpg .jpeg .gif .tif .tiff .bmp .xbm .ico .pcx .ief .rgb .ppm .pbm .pnm .mpg .mpeg .mpe .mp2 .avi .mov .qt .asf .ivf .lsx .wm .wmv .wmx .wvx .asd .asx .divx .wma .mp3 .m3u .aif .aiff .aifc .au .snd .ra .ram .wav .mod .mid .midi .cdf .pac .zip .rar .tar .gtar .arj .jar .gz .z .tgz .cab .exe .hqx .msi .jsp .asp .aspx .ashx .asmx .cer .p7b .crl 1 .asa .ascx .axd .config .csproj .licx .rem .resources .resx .soap .vb .vbproj .vsdisco .webinfo .scr .vbs .bat .btr .cmd .com .cpl .pif .htw .ida .idq .htr .idc .shtm .shtml .stm .printer .bin_ .dmp .dns .evt .ini .mdb_ .mde .ldb .sav .adp .db .cfg .cnf .conf .ids .rules .log .pol .dom .sec .bak .backup .old .000 .asp~ .tmp .acl .sch .dat .mmc .msc .sql .tql .cns .inc .sam .htgroup .htpasswd .htaccess .wwwacl .www_acl .ewl 1 0 1 /badbottrap /guestbookspamtrap /robotsxx.txt 0 180 3 36 0 0 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 WWW Server/1.1 0 0 Translate: If: Lock-Token: Timeout: Transfer-Encoding: Content-Encoding: Content-Transfer-Encoding: Proxy-Authenticate: WWW-Authenticate: Ms-Echo-Request: Ms-Echo-Reply: SOAPAction: BITS-Packet-Type: BITS-Session-Id: BITS-Supported-Protocols: BITS-Original-Request-URL: BITS-Request-DataFile-Name: BITS-Response-DataFile-Name: Content-Name: 0 0 1 0 1 cmd.exe root.exe system32 xp_cmdshell cirestriction=none cihilitetype=full ciwebhitsfile %u <object <iframe <link <applet <embed <script <form javascript: urn:schemas-microsoft-com:time onabort= onblur= onchange= onclick= ondblclick= ondragdrop= onerror= onfocus= onkeydown= onkeypress= onkeyup= onload= onmousedown= onmouseout= onmouseover= onmouseup= onmove= onreset= onresize= onselect= onsubmit= onunload= cf_setdatasourceusername() cf_setdatasourcepassword() cf_iscoldfusiondatasource() cfusion_getodbcdsn() cfusion_dbconnections_flush() cfusion_encrypt() cfusion_setodbcini() cfusion_settings_refresh() cfusion_verifymail() file=http\:// includedir= _phplib[libdir] cookie: = 1 application/x-java-archive multipart/form-data application/x-www-form-urlencoded 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 .bmp .jpg .gif .png .exe .zip 0 localhost 127.0.0.1 0 1 0 0 1 0 1 GET HEAD POST 0 PROPFIND PROPPATCH MKCOL DELETE PUT COPY MOVE LOCK UNLOCK OPTIONS POLL SEARCH CONNECT TRACE M-POST PIN INVOKE CHECKOUT CHECKIN NOTIFY UNSUBSCRIBE SUBSCRIBE BDELETE BPROPPATCH BPROPFIND BCOPY BMOVE UNLINK LINK TRACK SHOWMETHOD TEXTSEARCH SPACEJUMP SUBSCRIPTIONS ACL NOTIFY DEBUG X-MS-ENUMATTS RPC_IN_DATA RPC_OUT_DATA BITS_POST 1 1 1 1 0 1 <object <iframe <link <applet <embed <script <form javascript: urn:schemas-microsoft-com:time onabort= onblur= onchange= onclick= ondblclick= ondragdrop= onerror= onfocus= onkeydown= onkeypress= onkeyup= onload= onmousedown= onmouseout= onmouseover= onmouseup= onmove= onreset= onresize= onselect= onsubmit= onunload= administrators /add cirestriction=none cihilitetype=full ciwebhitsfile cmd.exe system32 root.exe xp_cmdshell %u cf_setdatasourceusername() cf_setdatasourcepassword() cf_iscoldfusiondatasource() cfusion_getodbcdsn() cfusion_dbconnections_flush() cfusion_encrypt() cfusion_setodbcini() cfusion_settings_refresh() cfusion_verifymail() includedir= _phplib[libdir] wp-verify-link wp-cs-dump wp-ver-info wp-ver-diff wp-start-ver wp-stop-ver wp-uncheckout wp-html-rend wp-usr-prop =http://_ =https://_ =[http:// =[https:// dir=http:// dir]=http:// file=http:// file]=http:// root=http:// root]=http:// path=http:// path]=http:// include=http:// name=http:// page=http:// <?php c:\ 0 0 0 0 0 1 <object <iframe <link <applet <embed <script <form javascript: urn:schemas-microsoft-com:time onabort= onblur= onchange= onclick= ondblclick= ondragdrop= onerror= onfocus= onkeydown= onkeypress= onkeyup= onload= onmousedown= onmouseout= onmouseover= onmouseup= onmove= onreset= onresize= onselect= onsubmit= onunload= cmd.exe system32 root.exe xp_cmdshell %u content-encoding: content-transfer-encoding: cf_setdatasourceusername() cf_setdatasourcepassword() cf_iscoldfusiondatasource() cfusion_getodbcdsn() cfusion_dbconnections_flush() cfusion_encrypt() cfusion_setodbcini() cfusion_settings_refresh() cfusion_verifymail() file=http\:// includedir= _phplib[libdir] =http:// =https:// =[http:// =[https:// dir=http:// dir]=http:// file=http:// file]=http:// root=http:// root]=http:// path=http:// path]=http:// include=http:// name=http:// page=http:// <?php ' ` ; -- select insert update delete drop alter create inner join from where union group by having table shutdown kill declare openrowset opendatasource pwdencrypt msdasql sqloledb char( char(124) cast( fetch next allocate syslogins sysxlogins sysdatabases sysobjects syscomments raiserror exec =!( = !( xp_ sp_ xp_cmdshell xp_reg xp_servicecontrol xp_setsqlsecurity xp_readerrorlog xp_controlqueueservice xp_createprivatequeue xp_decodequeuecommand xp_deleteprivatequeue xp_deletequeue xp_displayqueuemesgs xp_dsinfo xp_mergelineages xp_readpkfromqueue xp_readpkfromvarbin xp_repl_encrypt xp_resetqueue xp_sqlinventory xp_unpackcab xp_sprintf xp_displayparamstmt xp_enumresult xp_showcolv xp_updatecolvbm xp_execresultset xp_printstatements xp_peekqueue xp_proxiedmetadata xp_displayparamstmt xp_availablemedia xp_enumdsn xp_filelist sp_password sp_adduser sp_addextendedproc sp_dropextendedproc sp_add_job sp_start_job sp_delete_alert sp_msrepl_startup 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0