envio: &lt;script&gt; => &lt;ScRiPT\t&gt; <!-- WEB-MISC cross site scripting attempt y COMMUNITY WEB-PHP XSS attempt
envio: &lt;/script&gt; => &lt;/ScRiPT\t&gt; <!-- COMMUNITY WEB-PHP XSS attempt
header: Transfer-Encoding: chunked => Transfer-EncodinG: chUnked <!-- COMMUNITY WEB-MISC HTTP Transfer-Content Request Smuggling attempt
envio: img\s+src=javascript => img\tsrc=javascript <!-- WEB-MISC cross site scripting HTML Image tag set to javascript attempt
envio: \.\./ => ..%2f <!-- WEB-MISC http directory traversal
envio: \.\.(/|\%2f) => ..%2f%2f <!-- Varios Directory Transfersal
envio: ref%3Cscript%20language%3D%22Javascript => ref%3Cscript%20language%20%3D%20%22Javascript <!-- WEB-MISC amazon 1-click cookie theft
url: servlet/\.{7} => servlet//....... <!-- WEB-MISC Allaire JRUN DOS attempt
url: /admin-serv/config/admpw => /admin-serv/config//admpw <!-- WEB-MISC Netscape admin passwd
url: \.html/\.{6} => .html//...... <!-- WEB-MISC ICQ webserver DOS
envio: ls%20-l => ls%20%20-l <!-- WEB-MISC ls%20-l
envio: /etc/passwd => /etc//passwd <!-- WEB-MISC /etc/passwd
url: /config/check.txt => /config//check.txt <!-- WEB-MISC Ecommerce check.txt access
url: /scripts/convert.bas => /scripts//convert.bas <!-- WEB-MISC convert.bas access
url: /scripts/cpshost.dll => /scripts//cpshost.dll <!-- WEB-MISC cpshost.dll access
envio: cd\.\. => cd .. <!-- WEB-MISC cd..
<!-- rcontenido:nossl: window\.location\.replace\(([\s\\r\\n]*)"https:\/\/"([\s\\r\\n]*)\+([\s\\r\\n]*)window\.location\.hostname([\s\\r\\n]*)\+([\s\\r\\n]*)window\.location\.pathname([\s\\r\\n]*)\+([\s\\r\\n]*)window\.location\.hash([\s\\r\\n]*)\) => window.location.replace("http://"+window.location.hostname+window.location.pathname+"?&08dae2760be9fe48274a74c31fba5b0f"+window.location.hash) <!-- Twitter y otros :P
<!-- reqline: ^GET(\s|\t)+ => POST $1 <!-- GET a POST
separador: 9,11,12,13,32 => Apache/2.x
separador: 9,32 => IIS/x.x
separador: 10,32 => GWS
separador: 32 => Cherokee Web Server
separador: 9,10,13,32 => GWS/BlogSpot
