IP Address Inspector

18.187.1.68

The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.

Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google

Geographic Location United States (Waltham, Massachusetts)
Spider First Seen approximately 8 years, 6 months, 3 weeks ago
Spider Last Seen within 1 week
Spider Sightings 637 visit(s)
User-Agents seen with 30 user-agent(s)

First Post On approximately 1 year, 8 months, 1 week ago
Last Post On within 1 week
Form Posts 395 web post submission(s) sent from this IP

IPs In The Neighborhood
18.187.1.55
18.187.1.155
18.187.1.165
18.187.1.169
18.187.1.201
18.187.1.218 | C
Sample Spam URLs & Keywords Posted From 18.187.1.68
Domain: bookgrill.com
URL: http://bookgrill.com
Domain: bookgrill.com
URL: http://bookgrill.com
Domain: glamour.sexblog.pw
URL: http://glamour.sexblog.pw/?kasey
Domain: lesbianhentai.xblog.in
URL: http://lesbianhentai.xblog.in/?facebook.arianna
Domain: shemale.erolove.in
URL: http://shemale.erolove.in/?blog-asia
Domain: tits.porndairy.in
URL: http://tits.porndairy.in/?summon
Domain: selfshotamateur.adultnet.in
URL: http://selfshotamateur.adultnet.in/?jasmyn
Domain: bookgrill.com
URL: http://bookgrill.com
Domain: gayfiles.xblog.in
URL: http://gayfiles.xblog.in/?pg-brendan
Domain: webcamsex.net.erolove.in
URL: http://webcamsex.net.erolove.in/?destiny
Domain: shemales.blogporn.in
URL: http://shemales.blogporn.in/?pictures.alana
Domain: bookgrill.com
URL: http://bookgrill.com
Domain: teenlesbians.xblog.in
URL: http://teenlesbians.xblog.in/?ayanna
Domain: girlfriend.net.erolove.in
URL: http://girlfriend.net.erolove.in/?kallie
Domain: blackgay.net.erolove.in
URL: http://blackgay.net.erolove.in/?pg-garrett
18.187.1.68's User Agent Strings
Akregator/4.10.2; syndication
Akregator/4.10.3; syndication
Akregator/4.10; syndication
FeedDemon/4.5 (http://www.feeddemon.com/; Microsoft Windows)
KrISS feed agent 8 by Tontof.net http://tontof.net/kriss/feed
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; Media Center PC 6.0; FDM)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; MRA 6.0 (build 6005); User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E; MRIE8PACK 2.0.1)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MRA 6.0 (build 5993); MRA 8.0 (build 5784); InfoPath.2)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (Linux; U; Debian Linux; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.28.10 (KHTML, like Gecko) Version/6.0.3 Safari/536.28.10
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; de-at) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.1634 Safari/535.19 YE
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.1634 Safari/535.19 YI
Honey Pot System commented...
WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
March 17 2014 11:23 PM

Honey Pot System commented...
WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
March 16 2014 01:30 PM

Honey Pot System commented...
WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:05. Documented reason for whitelist: Hit by a virus or trojan
March 16 2014 01:23 PM

M.Sameli commented...
SQL-Injection Attempt
January 16 2014 08:31 PM

J.Woody commented...
ATTEMPTED ADMIN EXPLOIT HACK(Attempt to access non existing area using known exploit script attack and sql injection)
Combined attacks from TOR networks:

72.52.91.18 - United States - Livermore - Hurricane Electric Inc.
96.44.189.98 - United States - Los Angeles - Axigy - Resolve Host: axigy2.torservers.net - Web Africa Proxy
96.44.189.102 - United States - Los Angeles - Axigy - Resolve Host: herngaard.torservers.net - Web Africa Proxy
208.73.211.247 - United States - Los Angeles - Oversee.net - Resolve Host: tor-exit-router38-readme.formlessnetworking.net
96.44.189.100 - United States - Los Angeles - Axigy - Resolve Host: manning1.torservers.net - Web Africa Proxy
208.73.211.247 - United States - Los Angeles - Oversee.net - Resolve Host: tor-exit-router42-readme.formlessnetworking.net
209.222.8.196 - Sweden - Guilhem.org - Resolve Host: madiba.guilhem.org
204.124.83.134 - United States - Chicago - Conformal Systems Llc. - Resolve Host: tor-exit4.conformal.com
18.187.1.68 - United States - Cambridge - Massachusetts Institute Of Technology - Resolve Host: sipb-tor.mit.edu
128.6.224.107 - United States - Newark - Rutgers University - Resolve Host: tor-node.rutgers.edu

USER AGENT:
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.2; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)"

CONTINUED BELOW...
July 16 2013 11:50 AM

J.Woody commented...
...CONTINUED FROM ABOVE

SMALL SAMPLE (trim xxx for char limit):
72.52.91.18 - - xxx%20or%201%3E1 HTTP/1.1" 403
axigy2.torservers.net - - xxx%20or%201%3Dutl_inaddr.get_host_address%28%28select%20chr%28126%29%7C%7xxx HTTP/1.1" 403
herngaard.torservers.net - - xxx%20or%201%3Dctxsys.drithsx.sn%281%2C%28select%20chr%28126%29%7C%7Cchr%2839%29%7C%7Cglobal_name%7C%7Cxxx HTTP/1.1" 403
tor-exit-router38-readme.formlessnetworking.net - - xxx%20or%201%3Dordsys.ord_dicom.getmappingxpath%28%28select%20chr%28126%29%7C%7Cxxx HTTP/1.1" 403
manning1.torservers.net - - xxx%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnullxxx HTTP/1.1" 403
tor-exit-router42-readme.formlessnetworking.net - - xxx999999.9%20or%20gth%28%28select%20name%20from%20v%24databasexxx HTTP/1.1" 403
madiba.guilhem.org - - xxx999999.9%20%2F*%2130000union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2xxx-- HTTP/1.1" 403
tor-exit4.conformal.com - - xxx%20%2F*%2130000union%20all%20select%20null%2Cnull%2Cnull%2Cnull*%2F-- HTTP/1.1" 403
sipb-tor.mit.edu - - xxx=convert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cxxx HTTP/1.1" 403
tor-node.rutgers.edu - - xxx=999999.9 or ascii(substr((select name from v$database where rownum=1),36,1))
July 16 2013 11:47 AM

K.Hart2 commented...
attempted to access /CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/connector.cfm?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/

you would think someone at MIT could do better... shame on you script kiddies.
July 11 2013 04:57 AM

D.Lofgren commented...
Some voice spammer joined my Mumble server from this address and had a bunch of other IPs he kept rejoining with: 37.59.40.61, 85.24.184.226, and 199.239.183.213. I put a password on my server after that, so that's all the related IPs I got.
January 31 2013 09:32 AM

Page generated on: November 27 2014 11:01:47 AM
do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | CloudFlare Site Protection | Contact Us

Copyright © 2004–14, Unspam Technologies, Inc. All rights reserved.

Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot

contact | wiki | email