You are browsing the archive for Proxy Logs Analysis.

Santa’s bag full of User Agents

December 20, 2015 in Batch Analysis, Clustering, Compromise Detection, Forensic Analysis, Incident Response, Proxy Logs Analysis

Santa dropped some user agents on the DFIR/RCE community today. It is similar to other lists shared before: https://www.hexacorn.com/blog/2014/12/23/santas-bag-full-of-mutants/ https://www.hexacorn.com/blog/2015/04/05/the-easter-bunny-comes-with-a-bag-full-of-events/ https://www.hexacorn.com/blog/2015/02/19/year-of-sheep-starts-with-a-bag-full-of-atoms/ The list includes over 6K user agents used by […]

Java – y u haz no class? (proxy logs patterns: class.class, com.class, edu.class, net.class, org.class)

July 9, 2013 in Forensic Analysis, Malware Analysis, Proxy Logs Analysis

TL;DR; This post explains why we see /class.class, /com.class, /edu.class, /net.class, /org.class in the proxy logs; The first one is a result of the .class file missing on the server, […]