On 11/1/2011 7:05 PM, Stefan Fouant wrote: > Is there anything perhaps protecting or intercepting the data on its way to > the server, perhaps an Arbor device of some type of load balancer? > > This type of behavior is quite common when protecting web assets to eliminate > zombies and such, but its usually something you would see back to the > clients, not tp the server.
I have seen this in SEO-poisoning type of webpage defacement. They anchor a javascript in the main website "frame" and it generates optimization "links" using a numeric suffix or ?argument so that they appear as separate links. If the crawler is recognized (e.g., googlebot) then the SEO page is returned. Jeff
