Is seems that Microsoft Internet Explorer 7 with the phishing filter active ping back home for every URL requested. This could be the default in many environments.
[zeno] IE7 sends a request to MS for EVERY single URL your visit when phishing filter is on
[zeno] including internal hosts
[zeno] friend just found out
[zeno] he's posting to the lists soon
[transzorp] they don't let you specify an intranet?
[zeno] default settings
[zeno] at an enterprise that would be the most likely configuration
If confirmed we will hear more on this very soon. URLs often contains precious informations: "hidden" folders, user sessions, data, etc. This is not a new behavior, a lot of plugins/addons act so (think about plugins that show google pagerank or alexa rank diuring navigation) but you have actually to install 3rd party extensions/plugin/widget/whenever to be spy ed! With IE7 this is included in the bundle :)
UPDATE: the author published a post on the finding: IE7 Phishing vs. Privacy
Today I was testing WebInspect on my newly installed version of Vista with IE7 and found something startling. When running a browser through a proxy you can see soap requests being made to Microsoft as you hit each page.
UPDATE 2: Thierry Zoller wrote an article on how MS tracks the Search terms you enter in the URL bar even when the results are displayed by Google! Microsoft monitors Search queries - SP2