2002-07-05 19:51:59 127.0.0.1 2780 127.0.0.1 80 HTTP/1.1 GET /ThisIsMyUrl.htm 400 – Hostname
2002-07-05 19:53:00 127.0.0.1 2894 127.0.0.1 80 HTTP/2.0 GET / 505 - Version_N/S
2002-07-05 20:06:01 172.31.77.6 64388 127.0.0.1 80 - - - - - Timer_MinBytesPerSecond
If you have a look at one running on a real life web server, it’s usually a lot of entries with the reason Timer_ConnectionIdle entries and a number of entries with the reason Url. The reason code Url entries are often from security software scanning for vulnerable hosts or worms that take advantage of sloppy Url parsing trying to spread. These requests just get rejected outright by http.sys’s pretty strict validation checks and we log that rejection here. The other reason code, Timer_ConnectionIdle, happens in normal HTTP protocol usage, where the client decides not to disconnect from the server because there is a good chance that it will have another request for the server either in the process of loading a page or because a client will probably click a link on a web page that will go back to the same server. By default the server will close the connection and reclaim those resources after 2 minutes of inactivity. This is nothing to worry about, it's just an informational type of entry.
Source URL: http://blogs.msdn.com/webtransports/archive/2004/07/15/184336.aspx