Techie Question? What is this IP doing?

Profile picture of the author Michael Mayhew by Michael Mayhew Posted: 04/21/2012
Everyday almost on the hour I get a visit like this

Referer: http://88.198.7.221/?xurl=88.198.7.2...automation.com

3 different IP's, all everyday.

Just trying to figure out the purpose?
#question #techie

  • Profile picture of the author Farish
    Farish
    Trying to figure out it's purpose from your link is hard. What you need to do is look over your logs and see exactly what the referrer is trying to access. They are basically using a proxy service if that is what you were wondering about. Read this post on how to disable people using an xurl to come over. You may want to read that whole thread.

    http://www.warriorforum.com/main-int...ml#post5162802
  • Profile picture of the author Lloyd Buchinski
    Lloyd Buchinski
    At least the ip isn't in the spam database I checked.

    If you treat the ip as a domain and do a whois, it looks like ripe.net has that whole range of ips.

    88.198.7.221 - Who.is

    It looks like it might be slightly related to your sig site, so maybe they are just keeping a check for new material.

    It doesn't really answer your question, but maybe some of that is useful, or could lead to other ideas.
  • Profile picture of the author arthurnyc
    arthurnyc
    I have the same IP hitting us (starreviews dot com) but I think it is some sort of bot for posting comments. We use wordpress and I am trying to match up IPs with the Spam comments. Let you know.

    Arthur
  • Profile picture of the author automaton
    automaton
    Weird, searching with the operators inurl:"xurl" inurl:"xref" yields other examples.
    There are some Russian sites blocked by their hosting in those examples so I guess there is a high probability that nothing good is of these kind of requests.
  • Profile picture of the author williamk
    williamk
    I think it is a spam bot too. Its better you change some comments to approval based. Its hard to tackle them.
    They are persistent.
  • Profile picture of the author prismkuet
    prismkuet
    Probably they are keeping on eye to your site to see what the update you have that they can use. This sometimes happens for similar/same segment. And I don't think, they will be anyhow useful for you.

Related discussions