HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 70 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Featuresarrow Opinionsarrow event viewer log
EH-Net
May 25, 2012, 10:57:06 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
EH-Net > Features > Opinions (Moderator: don) > event viewer log
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: event viewer log  (Read 7930 times)
0 Members and 1 Guest are viewing this topic.
rvs
Jr. Member
**
Offline Offline

Posts: 94


View Profile
« on: August 05, 2010, 11:32:27 PM »
Hi,

got a log file coming from one of the sys ad. would you guys have any idea what this site do? http://wantsfly.com/prx2.php?hash=asldkjhsflkjshdHTTP/1.0 from xxx.china.xxx.xxx

Quote
HTTP_PROXY_CONNECTION:
HTTP_X_FORWARDED_FOR:
HTTP_VIA:
HTTP_MAX_FORWARDS:
REMOTE_ADDR=ip
REMOTE_HOST=ip
HTTP_PC_REMOTE_ADDR=
HTTP_X_FWD_IP_ADDR=
HTTP_CONNECTION=
VIA:
HTTP_FORWARDED:
FORWARDED:
HTTP_X_BLUECOAT_VIA:
HTTP_PROXY____:
HTTP_PROXY___________:
HTTP_X_HOST:
HTTP_X_REFERER:
HTTP_X_SERVER_HOSTNAME:
PROXY_HOST:
PROXY_PORT:
PROXY_REQUEST:
HTTP_CLIENT_IP:
HTTP_PRAGMA:
super or gateway or noproxy
Level:1
´úÀí¼¶±ð=³¬¼¶´úÀí
³¬¼¶´úÀí1=³¬¼¶´úÀí
´úÀí¼¶±ð=³¬¼¶´úÀí

Disclaimer:The addresses used only as a local IP address to verify .This site does not assume any liability. All responsibility is taken charge of by user .

Logged
rvs
Jr. Member
**
Offline Offline

Posts: 94


View Profile
« Reply #1 on: September 11, 2010, 09:06:56 PM »
any updates?! on this one I just want to know what would you guys do if you see something like this on your box?!
Logged
sil
Hero Member
*****
Offline Offline

Posts: 536



View Profile WWW
« Reply #2 on: September 12, 2010, 11:36:28 AM »
wantsfly seems to be a proxy server mainly used in China. Unless you have something more like sniffer output showing the server initiating the connection, sky is the limit in playing the guessing game. I can use curl to change my useragent to mimick EVERYTHING posted here just for the sake of hiding who I am. While I have zero intention on doing anything but surfing, an admin might get all spooked out about it. So ask yourself, outside of useragent information and a connection. "What about this connection" what were they looking for/at, what did they do, etc. Until these questions are answered, the bottom line is, its only proxy information.
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.238 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.