Join Log in
Score:0
avatar Server

Email click results in multiple requests from different ips and user agents

cn flag
airyt

i run a small website that tracks game attendance for teams. Email is dispatched to the team players with 3 links in the email, 1 for attending, 1 for not attending, 1 for might be attending. Each user simply clicks on the link in the email to indicate whether or not they are attending the next game. Easy peasy. Lately something strange happened and someone told me they clicked on Will Not Attend, but the website logged it as Will Attend. I just chalked it up to user error or fat fingers, but enabled more detailed logging just in case. While i didn't find a fix to the above issue, i found something weirder. What i found was that some users would have multiple requests to the server for the same resource (same query string) over the course of a few minutes from different IP addresses and sometimes even different User Agents. I found this to be really odd. Here is a sample of some such occurrences:

20211009 093747 - a=48170&k=[TOKEN]&r=y,Player: [Player 2 Name],Attendance: 48170,Game: 1425,Team: 68,Response: y,Error: ,IP: 184.147.117.186,User Agent: Mozilla/5.0 (Linux; Android 11; SAMSUNG SM-G781W) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/15.0 Chrome/90.0.4430.210 Mobile Safari/537.36,Referer
20211009 093753 - a=48170&k=[TOKEN]&r=y,Player: [Player 2 Name],Attendance: 48170,Game: 1425,Team: 68,Response: y,Error: ,IP: 96.63.131.4,User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36,Referer
20211009 093755 - a=48170&k=[TOKEN]&r=y,Player: [Player 2 Name],Attendance: 48170,Game: 1425,Team: 68,Response: y,Error: ,IP: 198.235.201.68,User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36,Referer
20211009 094047 - a=48170&k=[TOKEN]&r=y,Player: [Player 2 Name],Attendance: 48170,Game: 1425,Team: 68,Response: y,Error: ,IP: 184.147.117.186,User Agent: Mozilla/5.0 (Linux; Android 11; SAMSUNG SM-G781W) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/15.0 Chrome/90.0.4430.210 Mobile Safari/537.36,Referer

20211008 090050 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 104.47.60.254,User Agent: ,Referer
20211008 090051 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 184.145.50.95,User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36,Referer
20211008 090207 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 184.72.165.49,User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36,Referer
20211008 090232 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 52.90.211.63,User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36,Referer
20211008 090236 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 40.94.16.18,User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36,Referer
20211008 090244 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 104.47.61.254,User Agent: ,Referer
20211008 090245 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 54.84.28.125,User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36,Referer
20211008 090409 - a=48168&k=[TOKEN 3]&r=n,Player: [Player 3 Name],Attendance: 48168,Game: 1425,Team: 68,Response: n,Error: ,IP: 54.209.227.48,User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36,Referer

I've traced some of the IPs to ISPs here in my country which makes sense, but some of them are AWS, some are in different countries, etc. I note that this is happening for more than one User Agent as well, so it's not one particular device. Nor is it happening to everyone, it doesn't seem to have any rhyme or reason. Does anyone know why this might be happening, or if i should be concerned?

Thank you.

155
0 + 0
ip
Score:0
avatar Server
in flag
Gerald Schneider

Wild guess: malware checks on the computers of the recipients which use cloud based services to check the links in the mail for malware. Antispam measures on the involved mailservers will do the same.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.