I found some suspicious comments posted to pages few days ago. So I add some code to trace this kind of activity and starting from today I will post it under a tag “suspicious_activity”. It was a bot.
Comment in blog: 2010/02/18 at 11:27am IP:213.21.34.82 AGENT:"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" request= "Post comment"={ comment="4FD8s9 <a href=\"http://ldwwtdlacbzq.com/\">ldwwtdlacbzq</a>, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/"; author="svppaezbf"; email="daoqgi@sgtohi.com"; url="http://qvjngtzfuwgq.com/"; 4FD8s9 ldwwtdlacbzq, [url=http://gystknfeqthm.com/]gystknfeqthm[/url], [link=http://wcgdyvrtxjct.com/]wcgdyvrtxjct[/link], http://akzoniynxfvt.com/ came from 213.21.34.82 inetnum: 213.21.0.0 - 213.21.63.255 netname: RU-DDCOM-20080218 descr: Demos Datacom country: RU org: ORG-DD5-RIPE admin-c: SES53-RIPE tech-c: VLAD2-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: DDCOM-MNT mnt-routes: DDCOM-MNT source: RIPE # Filtered inetnum: 213.21.0.0 - 213.21.63.255 netname: RU-DDCOM-20080218 descr: Demos Datacom country: RU org: ORG-DD5-RIPE admin-c: SES53-RIPE tech-c: VLAD2-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: DDCOM-MNT mnt-routes: DDCOM-MNT source: RIPE # Filtered inetnum: 85.235.192.0 - 85.235.196.255 netname: PROMETEY-BBNET-1 descr: Prometey backbone network country: RU admin-c: SPEC1-RIPE tech-c: SPEC1-RIPE status: ASSIGNED PA mnt-by: PROMETEY-MNT source: RIPE # Filtered inetnum: 87.251.152.0 - 87.251.152.255 netname: Saltar-In2 descr: Network of Saltar-Telecom descr: Russia, Moskow country: RU admin-c: SVA79-RIPE tech-c: SVA79-RIPE status: ASSIGNED PA mnt-by: SALTAR-MNT source: RIPE # Filtered inetnum: 81.91.176.0 - 81.91.177.255 netname: ANDERS-EQ descr: Anders BG country: RU admin-c: ABN4-RIPE tech-c: ABN4-RIPE mnt-by: RU-ANDERS-MNT status: ASSIGNED PA source: RIPE # Filtered % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '213.21.0.0 - 213.21.63.255' inetnum: 213.21.0.0 - 213.21.63.255 netname: RU-DDCOM-20080218 descr: Demos Datacom country: RU org: ORG-DD5-RIPE admin-c: SES53-RIPE tech-c: VLAD2-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: DDCOM-MNT mnt-routes: DDCOM-MNT source: RIPE # Filtered organisation: ORG-DD5-RIPE org-name: Demos Datacom org-type: LIR address: Demos Datacom Euegene Serebryakov 82 Pavlovskaya 196650 Saint-Petersburg, Kolpino RUSSIAN FEDERATION phone: +78124611028 fax-no: +78124611028 e-mail: ses@kspd.ru admin-c: SES53-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered person: Eugene Serebryakov address: Demos Datacom, Ltd. address: Pavlovskaya, 82 address: 196650, Saint-Petersburg, RU phone: +78124611028 phone: +78124562024 phone: +79618035970 fax-no: +78124611028 nic-hdl: SES53-RIPE source: RIPE # Filtered person: Vladimir Popov address: Demos Datacom, Ltd. address: Pavlovskaya, 82 address: 196650, Saint-Petersburg, Kolpino, RU phone: +78124611028 phone: +78124562024 phone: +79618035980 nic-hdl: VLAD2-RIPE source: RIPE # Filtered % Information related to '213.21.0.0/18AS44720' route: 213.21.0.0/18 descr: RU-DDCOM-20080903 origin: AS44720 mnt-by: DDCOM-MNT source: RIPE # Filtered % Information related to '213.21.32.0/22AS44720' route: 213.21.32.0/22 descr: RU-DDCOM-Part-ANNC-Prometey origin: AS44720 mnt-by: DDCOM-MNT source: RIPE # Filtered
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.