In my web server logs I get a lot of these: [error] [client x.x.x.x] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
I know it's just a failed request and I don't have to worry abut it too much. In the past I have tried searching for the actual script or tool that does this. It must be pretty commonly available judging from the number of occurences of this request. I found different tips on how to deal with the message, but I'm interested in looking at this tool/script itself and I never found its name or location mentioned.
My question ends here. A bit more background: Today I noticed one of the clients doing this request is an IP of another server of mine, quite important, actually, because it's my server virtualization host. I suspect intrusion. That's why I want to look at this script - so I can analyze what it does and how to find it.