ScriptResourceHandler on my site errorlog shows a MS IP address

Question

This  message shows up in the error log

ip address is Microsoft address.  (multiple messages with different but MS ip addresses)

Cab someone else be using their ip address ? or is this bing etc.  looking for a web site ?

3/21/2015 7:23:54 PM ==> Exception message: This is an invalid script resource request.

Exception type: System.Web.HttpException

Stack Trace:    at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath)

   at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context)

   at System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)

   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

User: Unknown

IP Address: 207.46.13.138

  Should I worry about a hacker attack here ? or is it coming from MS  or what ?

Answer 1

There are over 100,000 Microsoft employees worldwide and likely only a handful might know these specifics.  None of those would be available here or even on any website supported by Microsoft since that's not their job, maintaining the systems is.

In any case you have absolutely no need of their assistance or even this specific information, all you need to do is determine what those specific error messages mean, which I highly doubt really matter in any case.  If you do really care then researching them from the point of reference of the application involved is what matters as I mentioned earlier.

The issue with Whois.com is that it 's designed for domain lookups, so when requesting an IP it simply offers the ARIN WHOIS response which only provides IP block information.  Using a true IP lookup such as the one you mentioned is what I had assumed you'd done, so that explains the difference in our results.  I never called you a fool though, that's your own interpretation of my assumption.

You need to concentrate on the error messages themselves rather than which source addresses may be "causing" them, since obviously your own server is exposed to the Internet.  Open Internet IP addresses are typically scanned by hundreds or even thousands of potentially malicious actors every day, as well as dozens of non-malicious search engine servers.

Some of these are also security related servers looking for outdated applications or services in order to report them in aggregate or for other related research.  Based on the name including MSN I suspect this address is simply performing search engine scanning.

I would venture a guess that the errors you are getting are due to invalid or missing fragments within your web pages, though researching the precise errors and correlating them with others indicating which exact URL was being requested at the time might help you determine what triggered them.

Rob

Answer 2

Hi;

 I do expect that MS would be able to say where their bots are working from.  I used www.whois.com and that site only listed ms not search.msn.com   If I type in the address directly ... 

  I don't know how to find the full address msbot  the words reverse lookup response""are not defined for me.  I don't see where they are ...

using http://www.ipchecking.com/  instead of whois.com  does give that info....   so it is not that I am a fool but I would expect MS to care about a request about what their software is doing....  Since it is doing something.

Answer 3

You actually expect to get an answer to such a question from a corporation the size of Microsoft?  Who do you think answers question in these forums, web site developers and engineers?

Complaining to a contracted level 1 support person based in India who's responsible for helping consumer customers using Windows products, specifically antivirus related products, isn't likely to find an answer for such an obscure request.

If you are capable of looking up the source of the IP address you should have instantly recognized the answer to your own question based on the name provided in the Reverse lookup response.

msnbot-207-46-13-138.search.msn.com

Let's see, the name includes both "msnbot" and is within the subdomain "search.msn.com".  So with very little imagination it would appear this was an MSN bot scanning websites for their search functions, which might possibly be related to Bing as well, though this last part is just an extrapolation.

As for what exactly the error message is indicating, you'd be better off contacting the support for your web hosting or if you're doing this yourself, then posting in web support and development forums for the specific web server and operating system in use.  For Microsoft these would be found in the MSDN forums which are for developers or possibly TechNet for other technical resources.

Rob

Answer 4

Hi;

  I haven't done this yet BUT even after I do all this and don't get any more messages in the error log, my question still remains...

Is MS using this address and doing a request to the script resource handler or is a hacker using that address to hide behind and attempting a bad action ?

  You are part of MS and if you can't or will not answer my question, please believe I will keep asking until I get a definitive answer.

Answer 5

Hi GregoryWWDiehl,

Thank you for posting your question in the Microsoft Community.

Sorry to know that you are facing this issue.

Please answer these questions to get more clarity on this issue:

• Which version of Windows is installed on the computer?
• Have you performed a full computer virus scan on the system recently?
• Which browser are you using on the computer?
• Have you installed all pending Windows Updates?

This issue might occur due to incorrect system file settings or some system files are not working as expected.

Let us follow these methods and check if this helps:

Method 1.

You can perform a full computer virus scan using Windows Defender to ensure that the computer is free from virus.

A fast way to check whether your PC has a virus is to use Windows Defender. This malware protection is included with Windows and helps identify and remove viruses, spyware, and other malicious software.

How do I find and remove a virus?: http://windows.microsoft.com/en-in/windows-8/how-find-remove-virus

Note: There could be a loss of data while performing a scan using Microsoft safety scanner to eliminate virus if any.

Method 2.

You may reset the Internet Explorer settings to default and restart the computer to check if this helps.

1. Press “Windows key + R” to get the run window.
2. Type “inetcpl.cpl” and click ok to get the “Internet Options” window.
3. Click the “Advanced” tab and click “reset”.

Disclaimer: The Reset Internet Explorer Settings feature might reset security settings or privacy settings that you added to the list of Trusted Sites. The Reset Internet Explorer Settings feature might also reset parental control settings. We recommend that you note these sites before you use the Reset Internet Explorer Settings feature.

Keep us informed to help you further.