homepage Welcome to WebmasterWorld Guest from 54.226.136.179
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
MSIE9 requesting */scanImageUrl and */[object]
Seeing internet explorer 9 request strange invalid urls on my websites
tomashastings



 
Msg#: 4560505 posted 7:29 am on Apr 2, 2013 (gmt 0)

Over the last couple of weeks I've been seeing requests to /[object] and /scanImageUrl in my websites root and subdirectories.

I suspect the requests to /[object] and /subdir/[object] are because of a javascript, because with those requests the HTTP_ACCEPT header is set to: application/javascript, */*;q=0.8

The requests to /scanImageUrl have HTTP_ACCEPT set to: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5

I can't for the life of me figure out why browsers are sending these requests, I've been using the same website + javascripts for almost a year now and requests like these started popping up a couple of weeks ago.

Is anyone else seeing stuff like this?

Edit: I forgot to mention that _all_ of the requests containing [object] are from MSIE9, the requests containing scanImageUrl are from different browsers.

 

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4560505 posted 11:36 am on Apr 2, 2013 (gmt 0)

welcome to WebmasterWorld, tomashastings!


have you checked the IP addresses from which these requests are originating to see if they might be known spambots or vulnerability probes.

tomashastings



 
Msg#: 4560505 posted 11:46 am on Apr 2, 2013 (gmt 0)

Yes I checked, the requests seem to be coming from legitimate users. At least 5 of them are IP addresses of users that have ordered from my webshop in the past.

mydogbart



 
Msg#: 4560505 posted 1:45 pm on Apr 2, 2013 (gmt 0)

I'm seeing this on an eComm asp.net site. My guess is a browser plugin gone haywire.

"scanImageUrl" is a JS variable used in the McAfee/HackerSafe logo/trustmark display, but we don't use that. One of the many broeser security plugins?

ttomsen



 
Msg#: 4560505 posted 6:12 pm on Apr 2, 2013 (gmt 0)

we too have been observing this issue.

It's all from IE9 and only in compatibility mode, denoted by the Trident attribute of the user agent string.

rhum1



 
Msg#: 4560505 posted 11:41 am on Apr 4, 2013 (gmt 0)

Hello,

Me too i can see this 404 error on my logs since 5 or 6 days. My website is not in asp but in php

gfergo



 
Msg#: 4560505 posted 6:03 pm on Apr 8, 2013 (gmt 0)

We are also receiving requests for /scanImageUrl.

They seem to be coming from IE 8 and IE 9 (both with Trident in the User Agent string).

Has anyone determined the underlying cause yet?

ttomsen



 
Msg#: 4560505 posted 2:09 pm on May 20, 2013 (gmt 0)

I posted a question on stackexchange: [snip]

and someone responded and it points to a 3rd party addon(spyware)

here's a summary:

One of my coworkers started exhibit the symptoms (random requests for http://www.example.com/scanImageUrl from IE8), so I hopped on her computer to figure out what was causing the issue.

The problem appears to be due to a malware IE add-on called Yontoo v2.051. I doubt anyone intentionally installs the software, but, among other installers, it is bundled with "EZ Fonts" ([snip]). Disabling both parts of the add-on from IE stops the issue.

[edited by: phranque at 10:08 am (utc) on May 21, 2013]
[edit reason] links to malware, etc [/edit]

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4560505 posted 10:23 am on May 21, 2013 (gmt 0)

welcome to WebmasterWorld, ttomsen!


thanks for your help with an explanation of the issue.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4560505 posted 10:23 am on May 21, 2013 (gmt 0)

warm welcomes all around to mydogbart, rhum1, and gfergo!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved