We were poking in our web server access logs this morning and found a request with ?winzoom=1
on the end.
Given that this web server only serves firmware upgrade files to IoT devices (that we also control), we were wondering where it came from.
In particular, we don't deal with query strings, so we were wondering whether to strip them, or whether to reject the request.
I've tried searching for "winzoom", but all I get is the screen magnification software. If I exclude that, it's a mixture of random Russian and Chinese sites.
I also found some cached pages in Google with ?winzoom=1
on the end.
What is it? Some kind of web caching software I've never heard of? A proxy? Something else?
If it's a proxy (i.e. our IoT devices might connect through it), then we need to ignore it. If it's a desktop app, we can simply reject the request.
Update: we got hold of the User-Agent: "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Mobile/14D27 MicroMessenger/6.5.5 NetType/WIFI Language/en"
Some of our customers have factories in China; this was most likely the workers in those factories using their iPhones to check the factory connectivity to our server.