If you go to ironport dot com it redirects to cisco and seems to be one of those business "protection" systems, i.e. sniff out a site before allowing access.

Would this be the kind of visit(s) that you see ?

No clue from the hit to / other than it was a bot -- no graphics, no nothing.

Hmm. Speaking of ironport.com (my brain didn't make that leap so thanks), from last March, a fake UA and URIs to nine nonexistent files and directories:

204-15-80-53.ironport.com
Mozilla/5.0

22:12:09 /
22:12:11 /?C=S;O=A
22:12:11 /?C=N;O=D
22:12:12 /?C=M;O=A
22:12:16 /current_mapping.txt
22:12:17 /cgi/
22:12:17 /staging/
22:12:18 /raw/
22:12:19 /feedback.out
22:12:20 /?C=D;O=A

Those hits were enough to earn |ironport a spot in one of my arrays o' banned REMOTE_HOSTs.

Plus, when G sez "No results found" as in --

No results found for "current_mapping.txt"

-- you know there's a rip in the space-time continuum somewhere. Any of those URIs look familiar/suggestive to anyone?

Bing does return results for current_mapping.txt. The first hit amusingly enough is to do with Google Earth, but that it for a file support/30_day_history_in_3d_current_mapping.txt so probably not relevant.


The /?C=M;O=A etc. seems to be a feature of wget and the server being configured to send a directory listing if no index.html is found according to a thread I found here [mail-archive.com...]