Should I be worried when I see things like this in ISA? I know ISA blocked it, but could this be a clue to something worse, like a hacked server?
Denied Connection SERVER1 11/13/2010 3:19:35 PM
Log type: Web Proxy (Forward)
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External ( 18.104.22.168:0)
Destination: External ( 192.168.17.2:8080)
Request: GET http://ipadmin.ru/whois/?host=via-gra.eu&server=eu.whois-servers.net
Filter information: Req ID: 17e1a776
Object source: Processing time: 1
Cache info: 0x0 MIME type
HERE IS ANOTHER
Denied Connection SERVER1 11/13/2010 3:19:34 PM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.
Source: External ( 22.214.171.124:4448)
Destination: Local Host ( 192.168.17.2:8080)
Protocol: HTTP Proxy
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 126.96.36.199