IP Address Inspector

ATTENTION
  • This IP has not seen any suspicious activity within the last 3 months. This IP is most likely clean and trustworthy now. (This record will remain public for historical purposes, however.)

222.221.6.144

The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server, dictionary attacker and comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.

Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google

Geographic Location China (Beijing)
Spider First Seen approximately 4 years, 5 months, 3 weeks ago
Spider Last Seen within 3 years, 7 months, 1 week
Spider Sightings 12,338 visit(s)
User-Agents seen with 30 user-agent(s)
First Received From approximately 4 years, 5 months, 4 weeks ago
Last Received From within 3 years, 7 months, 1 week
Number Received 3,428 email(s) sent from this IP
First Post On approximately 4 years, 5 months, 3 weeks ago
Last Post On within 3 years, 7 months, 1 week
Form Posts 2,077 web post submission(s) sent from this IP
Dictionary Attacks 161 email(s) sent from this IP
First Received From approximately 4 years, 2 months, 4 weeks ago
Last Received From within 3 years, 8 months, 2 weeks
Associated Harvesters
12.155.126.162 | HS
24.84.235.237 | H
24.107.216.146 | H
24.132.194.168 | HS
24.132.194.192 | H
24.201.114.99 | H
58.1.134.137 | H
58.93.53.241 | H
58.93.60.43 | H
58.156.55.142 | H
59.112.238.183 | H
60.39.204.165 | H
60.41.32.52 | H
60.236.76.181 | H
61.12.154.89 | HS
61.116.197.9 | H
61.116.197.82 | H
61.116.197.209 | H
61.120.171.99 | H
61.121.78.251 | H
61.192.188.10 | H
61.192.204.14 | H
61.192.209.235 | H
61.194.3.241 | H
61.201.27.57 | H
61.201.27.178 | H
61.209.182.88 | H
61.209.182.114 | H
61.209.182.171 | H
61.214.28.119 | H
61.214.29.211 | H
61.214.152.225 | H
61.231.69.112 | H
62.84.91.1 | HC
62.108.31.25 | HS
62.163.32.36 | H
62.163.32.151 | H
62.163.43.213 | H
62.163.57.172 | H
62.163.70.57 | H
62.163.70.106 | HS
62.163.70.150 | H
62.163.70.194 | H
62.163.72.171 | H
62.163.80.205 | H
62.166.6.76 | H
62.194.10.133 | H
62.194.16.131 | H
62.194.26.138 | H
62.194.62.177 | H
62.194.115.68 | HSD
62.194.205.117 | HS
64.20.36.58 | H
64.20.38.178 | H
64.118.93.212 | H
65.111.169.191 | H
66.96.216.133 | HS
66.111.214.228 | H
66.132.228.95 | H
66.148.67.102 | H
66.246.252.117 | HSD
67.15.94.63 | H
67.15.130.23 | H
67.19.136.180 | H
67.114.112.62 | HS
67.159.22.195 | H
68.3.170.33 | H
69.41.171.48 | H
69.41.173.93 | H
69.50.193.104 | H
69.50.208.24 | H
69.64.33.231 | HS
70.84.55.114 | HC
70.86.161.50 | HC
70.87.196.242 | H
IPs In The Neighborhood
222.221.5.210 | S
222.221.5.251
222.221.6.139 | SD
222.221.6.165
222.221.6.189 | W
222.221.6.254 | S
222.221.7.43 | S
222.221.7.45 | S
222.221.7.47 | S
222.221.7.81
222.221.7.90 | S
Sample Spam URLs & Keywords Posted From 222.221.6.144
Domain: groups.google.ru
URL: http://groups.google.ru/group/mortgageee/web/mortgage-loan-lead
Keywords: ambetloan loans
Domain: www.google.com
URL: http://www.google.com/
Keywords: google
Domain: site4u11.gigacities.net
URL: http://site4u11.gigacities.net/portable-spa.html
Keywords: portable spa\"
Domain: mntwfpsxgtde.com
URL: http://mntwfpsxgtde.com/
Keywords: mntwfpsxgtde
Domain: juxterhkqqfh.com
URL: http://juxterhkqqfh.com/
Keywords: juxterhkqqfh
Domain: eeuklcdehwdr.com
URL: http://eeuklcdehwdr.com/
Keywords: juxterhkqqfh
Domain: svalgzzoczvu.com
URL: http://svalgzzoczvu.com/
Keywords: svalgzzoczvu
Domain: pfzfkublxylp.com
URL: http://pfzfkublxylp.com/
Keywords: pfzfkublxylp
Domain: iwuyxtmjyejn.com
URL: http://iwuyxtmjyejn.com/
Keywords: pfzfkublxylp
Domain: pharmacy.ucoz.kz
URL: http://pharmacy.ucoz.kz
Domain: trams.we.bs
URL: http://trams.we.bs
Domain: lipspill.we.bs
URL: http://lipspill.we.bs
Domain: lipopo.50webs.com
URL: http://lipopo.50webs.com
Domain: bydigygi.50webs.org
URL: http://bydigygi.50webs.org
Domain: oliadeshevo.we.bs
URL: http://oliadeshevo.we.bs
222.221.6.144's User Agent Strings
none/blank
ELinks (0.4pre5; Linux 2.4.27 i686; 80x25)
Microsoft Internet Explorer/4.0b1 (Windows 95)
Mozilla/0.6 Beta (Windows)
Mozilla/0.91 Beta (Windows)
Mozilla/1.10 [en] (Compatible; RISC OS 3.70; Oregano 1.10)
Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)
Mozilla/2.02 [fr] (WinNT; I)
Mozilla/2.0 compatible; Check&Get 1.14 (Windows NT)
Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)
Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)
Mozilla/2.0 (Compatible; SIS 1.2; IIgs)
Mozilla/3.01-C-SYMPA (Macintosh; I; PPC)
Mozilla/3.01 (WinNT; I) [AXP]
Mozilla/3.0 (compatible)
Mozilla/3.0 (compatible; NetPositive/2.2.1; BeOS)
Mozilla/3.0 (compatible; NetPositive/2.2.2; BeOS)
Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)
Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)
Mozilla/3.0 (x86 [en] Windows NT 5.1; Sun)
Mozilla/4.01 (Compatible; Acorn Browse 1.25 [23-Oct-97] AW 97; RISC OS 4.39) Acorn-HTTP/0.84
Mozilla/4.01 (Compatible; Acorn Phoenix 2.08 [intermediate]; RISC OS 4.39) Acorn-HTTP/0.84
Mozilla/4.06 [es] (Win98; I)
Mozilla/4.08 [en] (WinNT; I ;Nav)
Mozilla/4.08 [en] (X11; U; IRIX 5.3 IP5; Nav)
Mozilla/4.0 (compatible; ICS 1.2.105)
Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)
Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)
Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)
Example Messages Sent From 222.221.6.144
From:
Subject: ÅRÆEµL¼Ä¶W¯Å´Îªº²£«~¡I¥©³s´¼ Ä_Ä_ª© DVD®M¸Ë 1350§K
From:
Subject: ±À¥X«á¨Îµû¦p¼é¡Iºô¸ô³Ð·~¤£¥²µ¥¡A´M§ä«È¤á¦Û¤v¨Ó¡I
From:
Subject: ¨C­Ó¤ë´£¨Ñ«Ä¤l©w´Á©w¶qªº¾Ç²ß,¨Ã¥B°t¦X§¹¾ã³W¹ºªº¾Ç²
From:
Subject: Da muss man hingucken
From:
Subject: ddd§A­n°Ñ¥[¶Ç¾P¶Ü?§Ú§K¶OÀ°§A§ä¤U½u(¦êÁp°ê»Ú¥«³õ)¡a
From:
Subject: , Especial de Tecnologia
From:
Subject: ¸gÀ綵¥Ø¡G1.¨T¨®­É´Ú¡A³t«×§Ö¡B¤£¥²¯d¨® 2.Æp¥Û¡B¦W¿
From:
Subject: GUCCI·s´Ú ¤â´£/ªÓ­I¥](©@)181497- -315607055927336
From:
Subject: How long was I out?
From:
Subject: Ihr ARBEITSSTUHL
From:
Subject: お世話になります。
From:
Subject: お約束
From:
Subject: Kann ich dich am Sonntag treffen
From:
Subject: ‚±‚ñ‚Ȑ«•È‚̃Iƒ“ƒi‚Á‚Ä
From:
Subject: Notice,
From:
Subject: ¤¤µØ®ð±K¹j­µµ¡
From:
Subject: Re:Re:Re:
From:
Subject: Re:Re:Re:
From:
Subject: SOLD OUT !Looking for gift? Buy Rolex! w3nqvu
From:
Subject: Start earning the salary you deserve by obtaining
From:
Subject: Tiered of been passed over for that promotion beca
From:
Subject: Time, Money, Keeping you from earning the Degree y
From:
Subject: .¦Û¤v¾Ç¾Þ§@¡A§Ö³t¤S¤è«K ^_^ ¥©ªê¤@°_¡u°Û°Û¸õ¸õ¡v
From:
Subject: ’x‚­‚È‚è‚Ü‚µ‚½
From:
Subject: Zm·N©À¦¨´N¨Æ¹ê.¥u­n§AªÖ¾Ç.µ´¹ï OK¡I¥©ªê¤@°_¡u°Û°Û¸
Example User Names Used By 222.221.6.144
User-name: administrator
User-name: aesign
User-name: arenda
User-name: arla
User-name: arla_
User-name: boss
User-name: bradleynexcannedmeatwod
User-name: brusov
User-name: buh
User-name: bvxru
User-name: contact
User-name: design
User-name: dir
User-name: director
User-name: direktor
User-name: economist
User-name: eith.h.cevera
User-name: escottesg
User-name: fabrika
User-name: faustina
User-name: faustina_
User-name: fin
User-name: fpyly
User-name: glavbux
User-name: home
User-name: hr
User-name: iamjustsendingthisleter
User-name: inder
User-name: landon
User-name: leventhaljrc
P.Hauser commented...
I agree exactly from my logs with what you have seen:

222.221.6.144 - - [21/Oct/2007:22:49:44] "GET /?cs HTTP/1.0" 200 66887 "/?cs" "Mozilla/0.6 Beta (Windows)"
68.12.76.125 - - [21/Oct/2007:22:50:42] "GET /?cs HTTP/1.0" 200 66895 "/?cs" "Mozilla/0.6 Beta (Windows)"
68.12.76.125 - - [21/Oct/2007:22:51:12] "GET /?cs HTTP/1.0" 200 66891 "/?cs" "Mozilla/0.6 Beta (Windows)"
December 08 2007 03:50 PM
A.Nora commented...
It seems before this spammer decides to make their move, they utilize two different IP to check things out. Right before this spammer got caught in the honeypot, my site was visited by two different IP address within seconds apart from each other.

The first on was from 213.61.13.68 at 6:00:26. Then the other one was from 200.83.4.4 at 6:01:01. A few seconds later, the spammer who got caught in the honeypot trap using this IP address (222.221.6.144) came in at 6:01:16.

All three of them were using the same agent - Agent: Mozilla/5.0. The only difference the one who got caught had a different Http Version - HTTP/1.0 - from the other two, Http Version: HTTP/1.1.
September 07 2007 05:33 AM
Page generated on: February 13 2012 07:35:09 PM

Please note: being listed on these pages does not necessarily mean an IP address, domain name, or any other information is owned by a spammer. For example, it may have been hijacked from its true owner and used by a spammer.

Want to keep this IP address off your website? Start taking advantage of http:BL.

If you are the owner of this IP address, you can whitelist it by connecting to this paged from the IP itself (or from an IP within /24). Alternatively, the IP will be auto excused after 90 days of no activity.

Twitter Button from twitbuttons.com


Follow projecthoneypot on Twitter

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | CloudFlare Site Protection | Contact Us

Copyright © 2004–12, Unspam Technologies, Inc. All rights reserved.

Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot

contact | wiki | email