Looks for signature of known server compromises. Currently, the only signature it looks for is the one discussed here: http://blog.unmaskparasites.com/2009/09/11/dynamic-dns-and-botnet-of-zombie-web-servers/. This is done by requesting the page '/ts/in.cgi?open2' and looking for an errant 302 (it attempts to detect servers that always return 302). Thanks to Denis from the above link for finding this technique! SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). http.useragent: The value of the User-Agent header field sent with requests. By default it is ''Mozilla/5.0 (compatible Nmap Scripting Engine http://nmap.org/book/nse.html)''. A value of the empty string disables sending the User-Agent header field. http-max-cache-size: The maximum memory size (in bytes) of the cache.