This certainly is a top attacker IP: 128.68.86.93.
We will find it at ThreatSTOP flagged last 19 hrs ago under Russia, Eastern Europe, ITAR with danger level 1.
Nothing here: http://www.ipvoid.com/scan/128.68.86.93/
Nothing here: http://urlquery.net/report.php?id=9446224
See what is going on from that AS: http://sitevet.com/db/asn/AS8402
badware, current events and spam activity
SOA problems → http://dnscheck.sidn.nl/?time=1392477088&id=1735994&view=basic&test=standard
Reverse for 213.234.192.3 direct to an unknow n host name (-trumpet.post.ru) → http://ipduh.com/dns/?trumpet.post.ru
Reverse adres voor 2a00:18c0:1:3:0:0:0:201 (1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.1.0.0.0.0.c.8.1.0.0.a.2.ip6.arpa.) has not been found.
Reverse adres voor 2a00:18c0:1:0:0:0:0:201 (1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.8.1.0.0.a.2.ip6.arpa.) not found.
For trunpet dot post dot org → http://www.ipaddresse.com/213.234.192.3
Oooops 213.234.192.3 is currently listed in APEWS
Entry matching your Query: E-247460
213.234.192.0/18
CASE: C-312
AS8402 RU, ISP permits abuse and/or ignores criminal activity
History:
Entry created 2007-07-07 also flagged at ThreatSTOP
OA serial number is: 1376636704. This does not appears to be in the recommended format of YYYYMMDDnn.
Reverse entries for MX records: http://www.dnsinspect.com/corbina.net
This IP address range has been identified by Spamhaus as not meeting our policy for IP addresses permitted to deliver unauthenticated 'direct-to-mx' email to PBL users.
But why are they allowed to continue their manipulative activities and are not alerted elsewhere? These are the top 5 attacker IPs,
see: http://www.nothink.org/honeypots.php
Same as with the afraid dot org anomalies, now all blocked by avast! but no-one else,
and then later we get the affected or malcreants blabbering here: “Why you block us with your false positives”.
Is this just because others close their eyes to is.
The only reliable IP checking resources I recently am aware of is ThreatSTOP and APEWS dot org .
IPVOID is just missing too much out, even while it is a fat big meta-scanner. Here it has blind eyes!
The occasional DNS check could bring much more intentional misconfigurations out
→ http://dnscheck.sidn.nl/ → http://ipduh.com/dns/?trumpet.post.ru
This recent DNS manipulation for criminal activities is terra icognita for the larger part.