hmm, did find this, and I do quote:
"If you see these characters in any log file there is a good chance an attacker
is trying to mask his requests, or even trying to get around an IDS product.

Encoded characters mentioned in last paper/this paper.

%2e = . (Example: .. requests)
%3e = > (Example: Html/Javascript/SSI insertion. Mentioned in last paper)
%3c = < (Example: Html/Javascript/SSI insertion. Mentioned in last paper)
%2a = * (Examples Listed in chapter 2 of this paper)
%2b = + (Example: cmd.exe backdoor request. Also used as space)
%60 = ` (Examples Command execution. Mentioned in last paper)
%21 = ! (Example: SSI insertion. Mentioned in last paper)
%7c = | (Example: Command execution. Mentioned in last paper)
%3b = ; (Example: Command execution. Mentioned in last paper)
%7e = ~ (Examples Listed in chapter2 of this paper)
%3f = ? (Example: Php/Mentioned in last paper)
%5c = \ (Example: Possible Encoded Windows Directory Transversal Attempt)
%2f = / (Example: Possible Encoded Unix Directory Transversal Attempt)
%7b = { (Example: Possible trojan/backdoor upload attempt, possible command argument)
%7d = } (Example: Possible trojan/backdoor upload attempt, possible command argument)
%28 = ( (Example: Possible Cross Site Scripting attempt)
%29 = ) (Example: Possible Cross Site Scripting attempt)
%5b = [ (Example: Possible trojan/backdoor upload attempt, possible command argument)
%5d = ] (Example: Possible trojan/backdoor upload attempt, possible command argument)
%5e = ^ (Example: Possible trojan/backdoor upload attempt, possible command argument)


For a complete list of characters in Unix type "man ascii" and a list will be provided.
Below is what An example of directory transversal would look like while trying to fetch
the server's password file.


Example 1 :

h t t p:// host/ script.ext?template=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 <----- edited so this wouldnt turn into a url

This looks similar, info is at http://www.cgisecurity.com/papers/fi...nting-2.html#1

im going back to lurking now