| Network Data Source | Custom network features |
| Network Data Labeled | Yes |
| Host Data Source | - |
| Host Data Labeled | - |
| Overall Setting | Single OS |
| OS Types | Undisclosed |
| Number of Machines | 1 |
| Total Runtime | 12 days |
| Year of Collection | 2020 |
| Attack Categories | Web-based attacks |
| User Emulation | Real users |
| Packed Size | - |
| Unpacked Size | 436 MB |
| Download Link | goto |
Overview
The SR-BH 2020 dataset (SR/BH most likely being the initials of the two primary authors) consists of twelve days of traffic collected from a honeypot machine running a Wordpress webserver. Each individual request is recorded using a small set of fields; the distinguishing feature of the dataset is the inclusion of multi-class labels, where each request is either labeled “normal” or assigned to at least one of twelve MITRE CAPEC attack classifications. This dataset is then used by the authors to showcase several machine learning applications, whereby textual features are translated into numerical ones by taking the mean ASCII-value of all characters.
It should be noted that some features within the dataset are strongly biased towards one side, for example http_status_message, which will always be “Not Found” for all attacks (although some benign requests have this value as well).
This is not addressed by the authors, though I do assume that their main focus was on correctly assigning different attack labels, where this is less of a factor compared to pure attack detection (as the model still has to figure out the correct set of attack labels).
Environment
The honeypot consists of a Wordpress webserver running on a virtual machine that is exposed to the Internet. A separate router is configured between VM and internet, which causes all requests received by the webserver to originate from the local IP of this router (for the sake of anonymization).
The Web Application Firewall (WAF) ModSecurity, which analyzes traffic at the application layer using a set of rules (Core Rule Set 3.3.0), is installed in “Detection Mode”, meaning it does not block any requests and instead only generates logs. These logs, which inform about individual request and already contain CAPEC labels assigned by ModSecurity, are collected, and the virtual machine is reset every day.
Activity
As this is a honeypot, there is no pre-planned malicious activity. Benign behavior is also not detailed in any fashion, even though it makes up a notable portion of requests (~58%). This is unusually high for a “pure” honeypot, leading me to believe it was also used by instructed users, though I have no way to confirm this.
The following CAPEC attack classifications are considered, with statistics regarding their distribution being available in Table 1 of the paper:
- 272 - Protocol Manipulation
- 242 - Code Injection
- 88 - OS Command Injection
- 126 - Path Traversal
- 66 - SQL Injection (these are the majority of attacks)
- 16 - Dictionary-based Password Attack
- 310 - Scanning for Vulnerable Software
- 153 - Input Data Manipulation
- 274 - HTTP Verb Tampering
- 194 - Fake the Source of Data
- 34 - HTTP Response Splitting
- 33 - HTTP Request Smuggling
Contained Data
As mentioned, request origins are obfuscated via the interposed router.
Each request is described with 24 features (like request_origin or response_http_protocol) for a total of 907,814 requests (525,195 normal, 382,619 malicious).
Additionally, every request is labeled as either “normal” or assigned to at least one of the aforementioned CAPEC attack classifications (as one request can fit into multiple attack categories).
For this purpose, the labels assigned by ModSecurity are used, with the authors stating to have verified these labels using manual and semi-manual analysis, though this is not further detailed.
This information is made available as a single CSV file.
Papers
Links
Data Examples
Snippet of logged requests taken from data_capec_multilabel.csv
timestamp,src_ip,src_port,dst_ip,dst_port,request_http_method,request_http_request,request_http_protocol,request_user_agent,request_referer,request_host,request_origin,request_cookie,request_content_type,request_accept,request_accept_language,request_accept_encoding,request_do_not_track,request_connection,request_body,response_http_protocol,response_http_status_code,response_http_status_message,response_content_length,000 - Normal,272 - Protocol Manipulation,242 - Code Injection,88 - OS Command Injection,126 - Path Traversal,66 - SQL Injection,16 - Dictionary-based Password Attack,310 - Scanning for Vulnerable Software,153 - Input Data Manipulation,248 - Command Injection,274 - HTTP Verb Tampering,194 - Fake the Source of Data,34 - HTTP Response Splitting,33 - HTTP Request Smuggling
[...]
18/Jul/2020:13:38:43 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%27+and+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=football; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:43 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%22+and+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=importance; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:43 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=perspective; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,1,0,0,0,0,0,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:43 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen+where+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=employee; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0+%2F+sleep%2815%29+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=person; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%27+where+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=fact; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%27+%2F+sleep%2815%29+%2F+%27,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=role; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%22+where+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=engine; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%22+%2F+sleep%2815%29+%2F+%22,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=comparison; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen+or+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=philosophy; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:44 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0+and+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=discussion; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%27+and+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=football; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%27+or+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=theory; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%22+and+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=construction; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen%22+or+0+in+%28select+sleep%2815%29+%29+--+/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=cigarette; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0+where+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=soup; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:45 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=priority; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,301,Moved Permanently,360,1,0,0,0,0,0,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:46 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets+%2F+sleep%2815%29+/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=teacher; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,1,0,0,0,0,0,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:46 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%27+where+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=language; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:46 +0200,172.26.0.1,50168,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets%27+%2F+sleep%2815%29+%2F+%27/css,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/blog/index.php/my-account/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=importance; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,404,Not Found,276,1,0,0,0,0,0,0,0,0,0,0,0,0,0
18/Jul/2020:13:38:46 +0200,172.26.0.1,50169,172.26.0.4,80,GET,/blog/wp-content/themes/twentyseventeen/assets/css/ie8.css?ver=1.0%22+where+0+in+%28select+sleep%2815%29+%29+--+,HTTP/1.1,Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0,http://test-site.com/,test-site.com,,comment_author_url_1aefbe2f76edd740f8e362f39da3353b=http%3A%2F%2Fwww.example.com; comment_author_email_1aefbe2f76edd740f8e362f39da3353b=foo-bar%40example.com; comment_author_1aefbe2f76edd740f8e362f39da3353b=bread; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_1aefbe2f76edd740f8e362f39da3353b=rafael%7C1595243069%7CS1aAsPTqjUoyV2aimmpvYKjF7xFDV3DZPKn4Q7thFzB%7Cd4f9b4f5e6991cdb74513e27895a8683d1dc98424a4daa749abde34702a8a9ea,,,,,,,,HTTP/1.1,200,OK,3646,0,0,0,0,0,1,0,0,0,0,0,0,0,0