Forum Discussion

Cirrocumulus

Apr 10, 2017

Web Server Probe (internet explorer) Attack Signature Detected

I'm seeing the following in traffic learning and I can't find any information on what the actual attack is trying to accomplish. Any ideas? GET / HTTP/1.1 User-Agent: Microsoft Internet Explore...

Cirrocumulus

Apr 10, 2017

Shann_P, you probably know already but this is complaining because of the fake user-agent. So it is probably an automated tool with a fake user agent and it's trying to probe, or scan, public IPs/web pages, to check for and document the responses. Mostly this is for reconnaisance or information gathering / fingerprinting purposes.

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Web Server Probe (internet explorer) Attack Signature Detected

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Help with SSH Virtual Server

Changes to DO and AS3 GitHub - no longer monitored

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

Related Content

Explore TCP and TLS Profiles for Optimal S3 with MinIO Clusters

F5 Distributed Cloud – CE High Availability Options: A Comparative Exploration

Exploring F5OS automation features on VELOS

November Security Research Update: Newly Released Attack Signatures

Fixing Internet Explorer & AJAX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS