IP Address Inspector

A.E4 commented...

Just wanted to let people know ... this one is STILL active!

150.70.84.26 Guest
Sorry Guest, you are banned from using this forum!
Guilty of Malicious Activity on our site
?action=dlattach;attach=463;type=avatar
June 03, 2010, 02:27:49 PM
June 07 2010 12:20 PM

A.E4 commented...

Today, March 18th 2010 it tried to do malicious activity even though banned so now i Have blocked it from even SEEING my site!

This time it tried to upload malicious software in the guise of an avatar!

Sorry Guest, you are banned from using this forum!
Guilty of Malicious Activity on our site
?action=dlattach;attach=463;type=avatar
Today at 02:24:29 PM
March 18 2010 02:21 PM

A.E4 commented...

Also visited from IP 150.70.84.153 on:
Yesterday at 09:58:44 PM
Today at 12:38:48 AM
Today at 12:39:53 AM
Today at 12:41:43 AM

with the same exact TYPE of activity (same type of errors showing up in my logs even after being banned)

I had to ban the whole block: 150.70.84.*
February 28 2010 08:19 AM

A.E4 commented...

Very active currently!

February 26, 2010, 09:19:28 AM
?action=dlattach;attach=463;type=avatar
February 26, 2010, 09:20:01 AM
?topic=1342.0
February 26, 2010, 10:10:56 AM
?action=dlattach;attach=463;type=avatar
February 26, 2010, 10:14:42 AM
?topic=1342.0
Today at 12:38:48 AM
UNKNOWN ACTION
Today at 12:39:53 AM
?action=login
Today at 12:41:43 AM
?action=verificationcode;rand=8b6d4ed6338bacb5e735c6ec2df53d18

(All this activity while already BANNED)
February 28 2010 08:15 AM

S.Stasinski commented...

He is right now on my from 2 IP adresses: 150.70.84.26 and 150.70.84.153. I see he's only looking at some forums
September 11 2009 12:13 PM

G.Wittmeyer commented...

This IP address has something to do with Trend Micro's Worry-Free Business Security Standard software. It seems to repeat HTTP requests made by a user who has Worry-Free Business Security Standard installed.
June 30 2009 08:51 AM

K.L7 commented...

I believe that 150.70.84.26 could either be some kind of search agent - OR a keylogger/spyware.

Tonight, a particular user (a journalist) who I know, has queried my site manually for some hard to find news info, using a few very particular search terms. He did not find what he was looking for, however. The info is not there yet, and so far, this guy is the only one who has been looking for it (he has tried to find it a couple of times before as well).

However, just six minutes after his search raid tonight, 150.70.84.26 pops up in the log, only to access one of the same blog tags. A few minutes later, it reappears again, this time looking up the blog's archive page, and even duplicating a few few more of the journalist's searches for these specific, but yet unpublished news.

My immediate thought was that the journalist could have set up a search agent, located at 150.70.84.26, to look for the info. This might also explain the repeated visits others members here have mentioned.

However, I went back in the log and noticed that 150.70.84.26 has been following in his footsteps earlier as well, repeating some of his queries (not all of them).

My conclusion is that 150.70.84.26 either belongs to a user configurable search agent, or that it is a keylogger/spyware, following in the owner's footsteps.

Using robtex.com to look up info, this "thing" seems somehow connected to Trend Micro's backbone net:

150.70.84.26 (Osaka JAPAN)
150.70.80.0/20 (TREND MICRO INCORPORATED 10101 N. De Anza Blvd. Cupertino, CA 95014 US)
AS16880 (TRENDMICRO Global IDC and Backbone of Trend Micro Inc.)

http://www.robtex.com/ip/150.70.84.26.html
May 16 2009 05:32 PM

I.Thud commented...

I first saw this IP when checking logs after doing some cross browser testing for a new site.
The pages visited had only recently been loaded, and there were no inboud links yet, so the visit couldn't have been the result of a spider.
User agent reports as Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
I carried out some experiments and found that basically any URL visited from a Playstation 3 being used in the testing, was visited shortly after (about 10 - 15 minutes later) from either this address, or one neighbouring it. It didn't follow any links, or do anything else, just mirrored the URL (including any post parameters in the URL) exactly as entered on the PS3, so I'm assuming it is automated. It also didn't shadow any URLs entered on different machines (including other consoles) operating from the same local network, on the same subnet, so I don't think it's some trojan sniffing addresses either..
I was assuming it was some kind of bot for classifying sites for parental controls on the PS3, (the PS3 also has a phishing protection scheme run by Trend Micro) but it would be good to have this confirmed. The Japan address would also tally with this
March 29 2009 03:22 PM

K.Boldt commented...

This IP showed up as a guest on my site and was accessing admin files even though I have them protected as far as I know. It also went to my forum, but did not make any posts (restricted to members).
March 19 2009 06:55 AM

Z.Williams commented...

I have someone or someTHING from this ip address attempting to access numerous administrative files on my server. I am assuming that it is a web-crawler because my report log notes 21 pages of "access denied" or "page not found" errors within a 20 minute time frame. At 50 logs per page per page that is over 1000 attempts! This is a spamming or hacking web-crawler that is just scanning websites to either crawl for email addresses, leave spam, or compromise the website. Either way they are using up my bandwidth. I just blocked the whole ip range.
January 04 2009 02:54 PM

R.Axt commented...

Location Japan attempted to enter our forum this week and continues to lurk.
December 19 2008 05:40 PM