|MSIE9 requesting */scanImageUrl and */[object]|
Seeing internet explorer 9 request strange invalid urls on my websites
Over the last couple of weeks I've been seeing requests to /[object] and /scanImageUrl in my websites root and subdirectories.
The requests to /scanImageUrl have HTTP_ACCEPT set to: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Is anyone else seeing stuff like this?
Edit: I forgot to mention that _all_ of the requests containing [object] are from MSIE9, the requests containing scanImageUrl are from different browsers.
welcome to WebmasterWorld, tomashastings!
have you checked the IP addresses from which these requests are originating to see if they might be known spambots or vulnerability probes.
Yes I checked, the requests seem to be coming from legitimate users. At least 5 of them are IP addresses of users that have ordered from my webshop in the past.
I'm seeing this on an eComm asp.net site. My guess is a browser plugin gone haywire.
"scanImageUrl" is a JS variable used in the McAfee/HackerSafe logo/trustmark display, but we don't use that. One of the many broeser security plugins?
we too have been observing this issue.
It's all from IE9 and only in compatibility mode, denoted by the Trident attribute of the user agent string.
Me too i can see this 404 error on my logs since 5 or 6 days. My website is not in asp but in php
We are also receiving requests for /scanImageUrl.
They seem to be coming from IE 8 and IE 9 (both with Trident in the User Agent string).
Has anyone determined the underlying cause yet?
I posted a question on stackexchange: [snip]
and someone responded and it points to a 3rd party addon(spyware)
here's a summary:
One of my coworkers started exhibit the symptoms (random requests for http://www.example.com/scanImageUrl from IE8), so I hopped on her computer to figure out what was causing the issue.
The problem appears to be due to a malware IE add-on called Yontoo v2.051. I doubt anyone intentionally installs the software, but, among other installers, it is bundled with "EZ Fonts" ([snip]). Disabling both parts of the add-on from IE stops the issue.
[edited by: phranque at 10:08 am (utc) on May 21, 2013]
[edit reason] links to malware, etc [/edit]
welcome to WebmasterWorld, ttomsen!
thanks for your help with an explanation of the issue.
warm welcomes all around to mydogbart, rhum1, and gfergo!