found in referrer logs: wizard.yellowbrick.oz
spoofed, of course. but why?
google led me to confessions of a g33k, which in turn led me to google groups, in which this URL is used in a Perl script intended to “automate an HTML form submission” (in which case this would most likely be an unsuccessful test run, since no form submissions accompanied these visits).
so far i have these two IPs, DNS traces to arrival.net (bakersfield)?:
220.127.116.11 (dns is 18.104.22.168.in-addr.arpa domain name pointer 66-17-15-132.biz.bkfd.arrival.net.)
22.214.171.124 (dns is 126.96.36.199.in-addr.arpa domain name pointer 66-17-15-164.biz.bkfd.arrival.net.)
ARIN returns this, consistent with the above:
Arrival Communication, USA ARRIVAL-COM (NET-66-17-0-0-1)
188.8.131.52 – 184.108.40.206
Lightspeed Technologies ARRV-66-17-15-128 (NET-66-17-15-128-1)
220.127.116.11 – 18.104.22.168
i will now pause to contemplate my
navel referrer logs for further spoofage and ponder the meaning of this, life, the universe, and everything.