The last few weeks I have noticed some odd activity across all of our websites. A single IP will crawl all our the pages in the site and attempt to inject a URL into the forms. After some google searches for the offending IPs I came across this post which contained all the addresses scanning my sites.
The IPs that were crawling my pages where:
UserAgent for all:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Some sample entries out of my web-server logs
This information above is being injected directly into pages with forms as inputs and passed to the server via GET. From the post I linked to alot of people have reported this activity. Hopefully somebody can ultimately get busted (probably not though).
Seems people are doing a variety of things to stop this from blocking the entire list of addresses to checking time between page request. In my situation as far as I can tell this is nothing more than a nuisance. I will continue to post Ip addresses in hopes that others can find this information useful like I did!