$ curl -D - http://txt2pic.com HTTP/1.1 302 Object moved Server: Microsoft-IIS/5.0 Date: Fri, 30 Nov 2012 14:36:28 GMT Fun: www.WHAK.com Connection: close Location: http://www.imagegenerator.org Content-Length: 150 Content-Type: text/html Set-Cookie: ASPSESSIONIDCQSCSBBC=HCPFGNFAEIIHNDEPAEFEFFHL; path=/ Cache-control: private Object moved <h1>Object Moved</h1>This object may be found <a href="http://www.imagegenerator.org">here</a>.
This server responds with a 302 redirect and sends the user onto the imagegenerator.org website. So, this attack scenario presumably is simply a method of SPAM linking to increase web traffic hits.
While this attack instance was relatively harmless, the take away from this example is that you must take care if you are ever utilizing any type of web-based log analytic processes. If you are ever using a web browser to review log file data, this type of an attack may trigger. See CAPEC-106: Cross Site Scripting through Log Files for more info.