strange codered2-like request

[buschermann () gmx de]

hi all,
on sunday our apache logs the thing below:

62.193.140.34 - - [09/Sep/2001:08:08:04 +0200]
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ---cut---

followed by a lot more 'X' and the typical encoded strings.
on 13:28 +0200 i get the exactly same 'request' again.

1. there is no GET-request for anything, so apache said '400' aka 'bad
request'
2. less 'X' have been used than in an normal attempt. there were only 192
instead of 223, which i think
is the 'standard' amount.

the site seems to be a kind of search portal for parents and kids and looks
like under 
construction. it's running IIS 5 on w2k according to netcraft.
i mailed the admin-c of the net and am awaiting an answer, but nevertheless
i thought the list
could shed some light on where this thing might come from.
a crippled worm?
a bored user?
spoofing?
...?


regards
axel fehrs

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com