Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

same IP switching UAs

many bad queries

11:18 pm on Jan 20, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

It lasted 11 minutes and made 206 404s.

It was same IP address, but UAs would be like:

User Agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
User Agent = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20060909 Firefox/
User Agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET)
User Agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
User Agent = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

...and so on.

The request would always be like:


mixed with few more characters like "%22%3E %20 %3C"

What's this all about? What does it want?

If IP would be helpful, let me know and I'll post first three numbers.


11:46 pm on Jan 20, 2009 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Those characters are
"> <

Perhaps you're seeing some cross site scripting or script injection attempts

6:45 am on Jan 21, 2009 (gmt 0)

5+ Year Member

I tend to see alot of scrapers witn 'infopath' at end of UA.

It might be an injection scraper attempts. If the sequence of hex chars is identical see my comment below, may NOT be a scraper but a run-together link somehere.

I posted some 80 educational videos on youtube.

under youtube video description, I put more info,
and links to the non-profit where it was taken,
followed by a blank and link to additional still pix about the topic on my site. (actually the other way around but I'm too lazy to edit)

YOutubs comment parser MISTAKES THE URL by combining the two into one long URL with both websites combined. This would cause 404's when users the world over would click the link to my page and instead get mypage / nonprofit page all rolled up into one URL.

So I had to go back and put a non-URL word betweenn the URLs on youtube via comment editing.

however the info has already been shared with youtube versions in dift countries around the world and seems to take quite a while to update, as I was gettig bad hits for quite a while after. They seem to have stopped now so must eventually update.

2:04 am on Jan 28, 2009 (gmt 0)

5+ Year Member

I noticed also that PDFs I send out tend to do the same thing, can get run-together URLs if you have two separated by just a space, unless you separate them with something else in the PDF. I send out a newsletter and found referrals where 404s were happening due to this.
7:00 pm on Jan 28, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I get this all the time, although not with those UA. Usually they start with something that's banned like cURL or wGET, and then keep trying until they find a UA that's not banned. I'm not sure why they do this cause usually by the time they find a valid UA they've been flagged for other reasons.

Featured Threads

Hot Threads This Week

Hot Threads This Month