Is this a scanner?

["Pez Mohr" <boredMDer74 () msn com>]

 First post to list, so please bear with any mistakes I may make.

Received a hit on my FTP server today, and I was wondering whether or not it
was a scanner. Roughly three seconds passed between the username being given
and the password entered, and I thought that would be quite a long time for
an automated scanner, but I doubt that someone randomly chose my IP and
decided to log in as this user. I am running this FTP server as a mirror to
some of the stuff hosted on http://halo.bungie.org, and consequently I have
a public dynDNS url that points to my IP, so I'm not the most hidden box
online.
     Back to the question: Does the log show a new scanner at work,
or is it merely a browser with these values set for anonymous logins? If it
were the latter, I don't see why it would have an email address as both the
username and password. I'm afraid that BulletProof FTP doesn't log any more
than what is below, so these are all of the details I have as of current.

(000059) 12/10/2002 7:25:40 PM - (not logged in) (81.49.70.160) > connected
to ip : 192.168.1.2
(000059) 12/10/2002 7:25:40 PM - (not logged in) (81.49.70.160) > sending
welcome message.
(000059) 12/10/2002 7:25:40 PM - (not logged in) (81.49.70.160) > 220 All
connection attempts logged/reported. Anyone attempting to log in will be
reported to their ISP.  Access illegal unless prior permission recieved from
owner of FTP server.
(000059) 12/10/2002 7:25:43 PM - (not logged in) (81.49.70.160) > USER
anonymous () ftp adobe com
(000059) 12/10/2002 7:25:43 PM - (not logged in) (81.49.70.160) > 331
Password required for anonymous () ftp adobe com.
(000059) 12/10/2002 7:25:46 PM - (not logged in) (81.49.70.160) > PASS
abc () 126 com
(000059) 12/10/2002 7:25:46 PM - (not logged in) (81.49.70.160) > 530 Login
or Password incorrect.
(000059) 12/10/2002 7:25:47 PM - (not logged in) (81.49.70.160) >
disconnected.

Pez Mohr
boredMDer74 () msn com
Aspiring BOFH
http://bofh.ntk.net/Bastard.html