A short series of errors just came in from Elmah. They are very peculiar, and I'm unsure as to what they represent and whether they might be malicious.
It amounted to a series of 16 sequential calls to a non-existent web address. In each case the call takes the form /Extranet/Account/non-existent-[seemingly random 10 digit number]. /Extranet/Account is a valid path on the site, but there's nothing which maps to anything like non-existent-[number].
The calls were not hugely rapid, coming in over the course of just over a minute. So it's hard to tell if they were automated
Elmah tells me that the user agent was Mozilla/5.0 [en] (X11, U; OpenVAS 7.0.10) and that the calls originated at an IP in France. OpenVAS is a piece of vulnerability scanning software. I can see nothing in google which suggests it's commonly used for malicious purposes, although I can see how it might be.
If it was malicious, I'm at a loss to explain what they were trying to achieve by making a short series of calls to a non-existent address with a random number appended to the end.
Should I be worried? Does the short duration suggest the responsible parties found something of interest and may be back? If so, is there anything I can do to stop them since I only have the IP of the scanning service itself?