Jay Dyson of Treachery.net monitored CodeRed II attempts to his 
server. Among them he found the following and shared it with
Attrition staff:

Apache log:
64.8.206.178 - - [14/Aug/2001:18:09:40 -0700] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 200 658 "-" "-"

Early Bird log:
Aug-15-2001 01:09:38 [UTC] : CR2 : 64.8.206.178 : Notify to 'nas-corp.com'

	Hokay, so the automatic email is fired off.  Then I figure a look
around the site is in order (mostly out of morbid curiosity).  And lo,
what is found?

	http://www.nas-corp.com/solutions/security.shtml

	From the page:

	"NAS has excelled at providing comprehensive network security
solutions addressing both internal and external requirements. These
solutions are both flexible enough and robust enough to be adapted to
changing network topologies and security policies. 

	"With NAS, your firewalls are monitored 24 hours a day, 7 days a
week, 365 days a year. NAS security engineers perpetually assess alarms
and review security logs, looking for patterns and variances such as
network probes, increases in activity levels or increases in denied
connections."