I found some suspicious comments posted to pages few days ago. So I add some code to trace this kind of activity and starting from today I will post it under a tag “suspicious_activity”. It was a bot.
Comment in blog: 2010/02/18 at 11:27am
IP:213.21.34.82
AGENT:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
request= "Post comment"={
comment="4FD8s9 <a href=\"http://ldwwtdlacbzq.com/\">ldwwtdlacbzq</a>, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/";
author="svppaezbf";
email="daoqgi@sgtohi.com";
url="http://qvjngtzfuwgq.com/";
4FD8s9 ldwwtdlacbzq, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/
came from 213.21.34.82
inetnum: 213.21.0.0 - 213.21.63.255
netname: RU-DDCOM-20080218
descr: Demos Datacom
country: RU
org: ORG-DD5-RIPE
admin-c: SES53-RIPE
tech-c: VLAD2-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: DDCOM-MNT
mnt-routes: DDCOM-MNT
source: RIPE # Filtered
inetnum: 213.21.0.0 - 213.21.63.255
netname: RU-DDCOM-20080218
descr: Demos Datacom
country: RU
org: ORG-DD5-RIPE
admin-c: SES53-RIPE
tech-c: VLAD2-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: DDCOM-MNT
mnt-routes: DDCOM-MNT
source: RIPE # Filtered
inetnum: 85.235.192.0 - 85.235.196.255
netname: PROMETEY-BBNET-1
descr: Prometey backbone network
country: RU
admin-c: SPEC1-RIPE
tech-c: SPEC1-RIPE
status: ASSIGNED PA
mnt-by: PROMETEY-MNT
source: RIPE # Filtered
inetnum: 87.251.152.0 - 87.251.152.255
netname: Saltar-In2
descr: Network of Saltar-Telecom
descr: Russia, Moskow
country: RU
admin-c: SVA79-RIPE
tech-c: SVA79-RIPE
status: ASSIGNED PA
mnt-by: SALTAR-MNT
source: RIPE # Filtered
inetnum: 81.91.176.0 - 81.91.177.255
netname: ANDERS-EQ
descr: Anders BG
country: RU
admin-c: ABN4-RIPE
tech-c: ABN4-RIPE
mnt-by: RU-ANDERS-MNT
status: ASSIGNED PA
source: RIPE # Filtered
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '213.21.0.0 - 213.21.63.255'
inetnum: 213.21.0.0 - 213.21.63.255
netname: RU-DDCOM-20080218
descr: Demos Datacom
country: RU
org: ORG-DD5-RIPE
admin-c: SES53-RIPE
tech-c: VLAD2-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: DDCOM-MNT
mnt-routes: DDCOM-MNT
source: RIPE # Filtered
organisation: ORG-DD5-RIPE
org-name: Demos Datacom
org-type: LIR
address: Demos Datacom
Euegene Serebryakov
82 Pavlovskaya
196650 Saint-Petersburg, Kolpino
RUSSIAN FEDERATION
phone: +78124611028
fax-no: +78124611028
e-mail: ses@kspd.ru
admin-c: SES53-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Eugene Serebryakov
address: Demos Datacom, Ltd.
address: Pavlovskaya, 82
address: 196650, Saint-Petersburg, RU
phone: +78124611028
phone: +78124562024
phone: +79618035970
fax-no: +78124611028
nic-hdl: SES53-RIPE
source: RIPE # Filtered
person: Vladimir Popov
address: Demos Datacom, Ltd.
address: Pavlovskaya, 82
address: 196650, Saint-Petersburg, Kolpino, RU
phone: +78124611028
phone: +78124562024
phone: +79618035980
nic-hdl: VLAD2-RIPE
source: RIPE # Filtered
% Information related to '213.21.0.0/18AS44720'
route: 213.21.0.0/18
descr: RU-DDCOM-20080903
origin: AS44720
mnt-by: DDCOM-MNT
source: RIPE # Filtered
% Information related to '213.21.32.0/22AS44720'
route: 213.21.32.0/22
descr: RU-DDCOM-Part-ANNC-Prometey
origin: AS44720
mnt-by: DDCOM-MNT
source: RIPE # Filtered
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.