Mobile app version of vmapp.org
Login or Join
Looi9037786

: What is "?sfgdataq" that I see appended to some requests to my application? I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably

@Looi9037786

Posted in: #Analytics

I have noticed that a small number of requests come through my application with ?sfgdataq appended to them, I probably wouldn't have ever noticed it if it didn't cause an error on some requests.

I have seen requests come through with a mix of user agents, (Firefox, IE 7, IE 8) so I don't think it is a bot.

I looked around and I can't find any information on what is doing this, I found a couple people with similar questions on message boards (so I don't think it is isolated to my application) but no good answers.

edit:
I also noticed that the User Agents have some sort of large random value appended: +sfgRmluamFuX1R5cGU9amF2YV9zY3JpcHQmRmluamFuX0xhbmc9dGV4dC9qY is a sample - searching for that on google turns it up in other logs as well.

10.03% popularity Vote Up Vote Down


Login to follow query

More posts by @Looi9037786

3 Comments

Sorted by latest first Latest Oldest Best

 

@Frith620

It appears to be from a Finjan (now part of M86 Security) security appliance.

I found an old forum post here (in Estonian) asking why it was adding "?sfgdata=4" to URLs.

There's also an old set of release notes that has a few references to "sfgdata".

10% popularity Vote Up Vote Down


 

@Steve110

More and more I find add-ons toolbars and plugins to be adding modifications to my user's behavior. Looks like it may be something like that, or a proxy.

10% popularity Vote Up Vote Down


 

@Kristi941

Sounds like a bot looking for some kind of vulnerability. It's hard to say but I would guess there's a flaw in some software somewhere and that query string either exposes it so the hacker know where to find a vulnerable site or maybe it even begins an attack. Or it may be checking to see if your software gives an error message because of that query string and they can then try to exploit your code.

I would recommend logging the IPs of the visitors who are doing this in case it is malicious. Then you can ban them if necessary. I would also keep researching it as someone may figure out what this is and post it online for others to see.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme