homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

MSIE9 requesting */scanImageUrl and */[object]
Seeing internet explorer 9 request strange invalid urls on my websites

 7:29 am on Apr 2, 2013 (gmt 0)

Over the last couple of weeks I've been seeing requests to /[object] and /scanImageUrl in my websites root and subdirectories.

I suspect the requests to /[object] and /subdir/[object] are because of a javascript, because with those requests the HTTP_ACCEPT header is set to: application/javascript, */*;q=0.8

The requests to /scanImageUrl have HTTP_ACCEPT set to: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5

I can't for the life of me figure out why browsers are sending these requests, I've been using the same website + javascripts for almost a year now and requests like these started popping up a couple of weeks ago.

Is anyone else seeing stuff like this?

Edit: I forgot to mention that _all_ of the requests containing [object] are from MSIE9, the requests containing scanImageUrl are from different browsers.



 11:36 am on Apr 2, 2013 (gmt 0)

welcome to WebmasterWorld, tomashastings!

have you checked the IP addresses from which these requests are originating to see if they might be known spambots or vulnerability probes.


 11:46 am on Apr 2, 2013 (gmt 0)

Yes I checked, the requests seem to be coming from legitimate users. At least 5 of them are IP addresses of users that have ordered from my webshop in the past.


 1:45 pm on Apr 2, 2013 (gmt 0)

I'm seeing this on an eComm asp.net site. My guess is a browser plugin gone haywire.

"scanImageUrl" is a JS variable used in the McAfee/HackerSafe logo/trustmark display, but we don't use that. One of the many broeser security plugins?


 6:12 pm on Apr 2, 2013 (gmt 0)

we too have been observing this issue.

It's all from IE9 and only in compatibility mode, denoted by the Trident attribute of the user agent string.


 11:41 am on Apr 4, 2013 (gmt 0)


Me too i can see this 404 error on my logs since 5 or 6 days. My website is not in asp but in php


 6:03 pm on Apr 8, 2013 (gmt 0)

We are also receiving requests for /scanImageUrl.

They seem to be coming from IE 8 and IE 9 (both with Trident in the User Agent string).

Has anyone determined the underlying cause yet?


 2:09 pm on May 20, 2013 (gmt 0)

I posted a question on stackexchange: [snip]

and someone responded and it points to a 3rd party addon(spyware)

here's a summary:

One of my coworkers started exhibit the symptoms (random requests for http://www.example.com/scanImageUrl from IE8), so I hopped on her computer to figure out what was causing the issue.

The problem appears to be due to a malware IE add-on called Yontoo v2.051. I doubt anyone intentionally installs the software, but, among other installers, it is bundled with "EZ Fonts" ([snip]). Disabling both parts of the add-on from IE stops the issue.

[edited by: phranque at 10:08 am (utc) on May 21, 2013]
[edit reason] links to malware, etc [/edit]


 10:23 am on May 21, 2013 (gmt 0)

welcome to WebmasterWorld, ttomsen!

thanks for your help with an explanation of the issue.


 10:23 am on May 21, 2013 (gmt 0)

warm welcomes all around to mydogbart, rhum1, and gfergo!

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved