GeeCON Prague 2014*
The moose likes Servlets and the fly likes Mystery GET with url(data:image/png;base64,iVBOR Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Mystery GET with url(data:image/png;base64,iVBOR" Watch "Mystery GET with url(data:image/png;base64,iVBOR" New topic
Author

Mystery GET with url(data:image/png;base64,iVBOR

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12792
    
    5
Browsing thru some access logs I found that starting about Oct. 23, I am getting occasional GET requests that start like this:


where the base64 text is about 1600 characters long. My Tomcat server responds with a 404 error to this GET.

Now, I see that there is a data URI scheme where this kind of string gets used, but what the sam hill is it doing in a GET to my perfectly ordinary HTML site containing no Javascript?

I was wondering if this is some sort of attack since only a few IP addresses are the source and the GETs repeat at short intervals some times.



Anybody got any idea why these suddenly appeared.

Bill
Nauman Hasan
Ranch Hand

Joined: Jul 27, 2005
Posts: 34
Hi Bill,

Not sure what would cause this... it could well be an attack. You could try and make a construct an html page with the png to see what it looks like (visually) or try to see if you can unbase64 encode it using a utility to see what the contents are (without running it on a browser).

~Nauman
Eric Johnston
Greenhorn

Joined: Nov 16, 2010
Posts: 1
I've seen similar 404 errors after a visitor arrives as the result of a normal Google search.
The wanted page and its associated images are downloaded normally.
Then comes
"GET /url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAAOCAYAAAB6pd..... 404
The very long base64 code starting iVBORw0... can be decoded to this rectangular image:


The icon to the right hand end is a Google icon, so the phenomena may have something to do with Google.

Best regards, Eric.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12792
    
    5
AHA! That has got to be it - maybe Google made some sort of change around October 23 which generates this spurious GET or some other site is leaching off of Google and screws up the link creation.

Now who can I talk to at Google....

Bill

 
GeeCON Prague 2014
 
subject: Mystery GET with url(data:image/png;base64,iVBOR