HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 76 guests and 2 members online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Featuresarrow Opinionsarrow event viewer log
EH-Net
May 18, 2013, 10:50:30 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
EH-Net > Features > Opinions (Moderator: don) > event viewer log
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: event viewer log  (Read 9798 times)
0 Members and 1 Guest are viewing this topic.
rvs
Jr. Member
**
Offline Offline

Posts: 94


View Profile
« on: August 05, 2010, 11:32:27 PM »
Hi,

got a log file coming from one of the sys ad. would you guys have any idea what this site do? http://wantsfly.com/prx2.php?hash=asldkjhsflkjshdHTTP/1.0 from xxx.china.xxx.xxx

Quote
HTTP_PROXY_CONNECTION:
HTTP_X_FORWARDED_FOR:
HTTP_VIA:
HTTP_MAX_FORWARDS:
REMOTE_ADDR=ip
REMOTE_HOST=ip
HTTP_PC_REMOTE_ADDR=
HTTP_X_FWD_IP_ADDR=
HTTP_CONNECTION=
VIA:
HTTP_FORWARDED:
FORWARDED:
HTTP_X_BLUECOAT_VIA:
HTTP_PROXY____:
HTTP_PROXY___________:
HTTP_X_HOST:
HTTP_X_REFERER:
HTTP_X_SERVER_HOSTNAME:
PROXY_HOST:
PROXY_PORT:
PROXY_REQUEST:
HTTP_CLIENT_IP:
HTTP_PRAGMA:
super or gateway or noproxy
Level:1
´úÀí¼¶±ð=³¬¼¶´úÀí
³¬¼¶´úÀí1=³¬¼¶´úÀí
´úÀí¼¶±ð=³¬¼¶´úÀí

Disclaimer:The addresses used only as a local IP address to verify .This site does not assume any liability. All responsibility is taken charge of by user .

Logged
rvs
Jr. Member
**
Offline Offline

Posts: 94


View Profile
« Reply #1 on: September 11, 2010, 09:06:56 PM »
any updates?! on this one I just want to know what would you guys do if you see something like this on your box?!
Logged
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #2 on: September 12, 2010, 11:36:28 AM »
wantsfly seems to be a proxy server mainly used in China. Unless you have something more like sniffer output showing the server initiating the connection, sky is the limit in playing the guessing game. I can use curl to change my useragent to mimick EVERYTHING posted here just for the sake of hiding who I am. While I have zero intention on doing anything but surfing, an admin might get all spooked out about it. So ask yourself, outside of useragent information and a connection. "What about this connection" what were they looking for/at, what did they do, etc. Until these questions are answered, the bottom line is, its only proxy information.
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.067 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.