Skip to content


Post comments

I found some suspicious comments posted to pages few days ago. So I add some code to trace this kind of activity and starting from today I will post it under a tag “suspicious_activity”. It was a bot.

Comment in blog: 2010/02/18 at 11:27am
IP:213.21.34.82
AGENT:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

request= "Post comment"={
 comment="4FD8s9  <a href=\"http://ldwwtdlacbzq.com/\">ldwwtdlacbzq</a>, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/";
 author="svppaezbf";
 email="daoqgi@sgtohi.com";
 url="http://qvjngtzfuwgq.com/";


4FD8s9 ldwwtdlacbzq, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/

came from 213.21.34.82

inetnum:        213.21.0.0 - 213.21.63.255
netname:        RU-DDCOM-20080218
descr:          Demos Datacom
country:        RU
org:            ORG-DD5-RIPE
admin-c:        SES53-RIPE
tech-c:         VLAD2-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      DDCOM-MNT
mnt-routes:     DDCOM-MNT
source:         RIPE # Filtered

inetnum:        213.21.0.0 - 213.21.63.255
netname:        RU-DDCOM-20080218
descr:          Demos Datacom
country:        RU
org:            ORG-DD5-RIPE
admin-c:        SES53-RIPE
tech-c:         VLAD2-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      DDCOM-MNT
mnt-routes:     DDCOM-MNT
source:         RIPE # Filtered

inetnum:        85.235.192.0 - 85.235.196.255
netname:        PROMETEY-BBNET-1
descr:          Prometey backbone network
country:        RU
admin-c:        SPEC1-RIPE
tech-c:         SPEC1-RIPE
status:         ASSIGNED PA
mnt-by:         PROMETEY-MNT
source:         RIPE # Filtered

inetnum:        87.251.152.0 - 87.251.152.255
netname:        Saltar-In2
descr:          Network of Saltar-Telecom
descr:          Russia, Moskow
country:        RU
admin-c:        SVA79-RIPE
tech-c:         SVA79-RIPE
status:         ASSIGNED PA
mnt-by:         SALTAR-MNT
source:         RIPE # Filtered

inetnum:        81.91.176.0 - 81.91.177.255
netname:        ANDERS-EQ
descr:          Anders BG
country:        RU
admin-c:        ABN4-RIPE
tech-c:         ABN4-RIPE
mnt-by:         RU-ANDERS-MNT
status:         ASSIGNED PA
source:         RIPE # Filtered


% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '213.21.0.0 - 213.21.63.255'

inetnum:         213.21.0.0 - 213.21.63.255
netname:         RU-DDCOM-20080218
descr:           Demos Datacom
country:         RU
org:             ORG-DD5-RIPE
admin-c:         SES53-RIPE
tech-c:          VLAD2-RIPE
status:          ALLOCATED PA
mnt-by:          RIPE-NCC-HM-MNT
mnt-lower:       DDCOM-MNT
mnt-routes:      DDCOM-MNT
source:          RIPE # Filtered

organisation:    ORG-DD5-RIPE
org-name:        Demos Datacom
org-type:        LIR
address:         Demos Datacom
 Euegene Serebryakov
 82 Pavlovskaya
 196650 Saint-Petersburg, Kolpino
 RUSSIAN FEDERATION
phone:           +78124611028
fax-no:          +78124611028
e-mail:          ses@kspd.ru
admin-c:         SES53-RIPE
mnt-ref:         RIPE-NCC-HM-MNT
mnt-by:          RIPE-NCC-HM-MNT
source:          RIPE # Filtered

person:          Eugene Serebryakov
address:         Demos Datacom, Ltd.
address:         Pavlovskaya, 82
address:         196650, Saint-Petersburg, RU
phone:           +78124611028
phone:           +78124562024
phone:           +79618035970
fax-no:          +78124611028
nic-hdl:         SES53-RIPE
source:          RIPE # Filtered

person:          Vladimir Popov
address:         Demos Datacom, Ltd.
address:         Pavlovskaya, 82
address:         196650, Saint-Petersburg, Kolpino, RU
phone:           +78124611028
phone:           +78124562024
phone:           +79618035980
nic-hdl:         VLAD2-RIPE
source:          RIPE # Filtered

% Information related to '213.21.0.0/18AS44720'

route:           213.21.0.0/18
descr:           RU-DDCOM-20080903
origin:          AS44720
mnt-by:          DDCOM-MNT
source:          RIPE # Filtered

% Information related to '213.21.32.0/22AS44720'

route:           213.21.32.0/22
descr:           RU-DDCOM-Part-ANNC-Prometey
origin:          AS44720
mnt-by:          DDCOM-MNT
source:          RIPE # Filtered

Posted in development, security.

Tagged with .


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

You must be logged in to post a comment.