|
Title: event viewer log Post by: rvs on August 05, 2010, 11:32:27 PM Hi,
got a log file coming from one of the sys ad. would you guys have any idea what this site do? http://wantsfly.com/prx2.php?hash=asldkjhsflkjshdHTTP/1.0 from xxx.china.xxx.xxx Quote HTTP_PROXY_CONNECTION: HTTP_X_FORWARDED_FOR: HTTP_VIA: HTTP_MAX_FORWARDS: REMOTE_ADDR=ip REMOTE_HOST=ip HTTP_PC_REMOTE_ADDR= HTTP_X_FWD_IP_ADDR= HTTP_CONNECTION= VIA: HTTP_FORWARDED: FORWARDED: HTTP_X_BLUECOAT_VIA: HTTP_PROXY____: HTTP_PROXY___________: HTTP_X_HOST: HTTP_X_REFERER: HTTP_X_SERVER_HOSTNAME: PROXY_HOST: PROXY_PORT: PROXY_REQUEST: HTTP_CLIENT_IP: HTTP_PRAGMA: super or gateway or noproxy Level:1 代理级别=超级代理 超级代理1=超级代理 代理级别=超级代理 Disclaimer:The addresses used only as a local IP address to verify .This site does not assume any liability. All responsibility is taken charge of by user . Title: Re: event viewer log Post by: rvs on September 11, 2010, 09:06:56 PM any updates?! on this one I just want to know what would you guys do if you see something like this on your box?!
Title: Re: event viewer log Post by: sil on September 12, 2010, 11:36:28 AM wantsfly seems to be a proxy server mainly used in China. Unless you have something more like sniffer output showing the server initiating the connection, sky is the limit in playing the guessing game. I can use curl to change my useragent to mimick EVERYTHING posted here just for the sake of hiding who I am. While I have zero intention on doing anything but surfing, an admin might get all spooked out about it. So ask yourself, outside of useragent information and a connection. "What about this connection" what were they looking for/at, what did they do, etc. Until these questions are answered, the bottom line is, its only proxy information.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |