IP Address Inspector
84.90.89.157 
The Project Honey Pot system has detected behavior from the IP address consistent with that of a spam harvester and mail server. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
Lookup IP In: Domain Tools | SpamHaus | OpenRBL | Spamcop | SenderBase | Google Groups | Google
| Geographic Location |
Portugal
(Santarem)
|
| Harvester First Seen | approximately 1 year, 5 months, 3 weeks ago |
| Harvester Last Seen | within 1 month, 1 week |
| Harvester Sightings | 210 visit(s) to 84 honey pot(s) |
| Harvester Results |
0.91 messages per visit 191 message(s) resulting from harvests - First: approximately 1 year, 4 months, 1 week ago - Last: approximately 1 week ago 958 harvested address(es) have seen message(s) - First: approximately 1 year, 5 months, 3 weeks ago - Last: Tue, 15 Jul 2008 09:34:47 -0400 |
| Time From Harvest To First Spam |
Fastest: 3 days, 15 hours, 39 mins, 41 secs Slowest: 11 months, 2 weeks, 6 days, 19 hours, 56 mins, 51 secs Average: 3 months, 2 weeks, 1 day, 12 hours, 36 mins, 4 secs Std Dev: 2 months, 3 weeks, 6 days, 19 hours, 21 mins, 42 secs |
| First Received From | approximately 1 year, 2 months, 1 week ago |
| Last Received From | within 4 weeks |
| Number Received | 147 email(s) sent from this IP |
|
4 comment(s) - Comment on this IP | Collapse All
|
|
P.Hauser commented...
This IP was seen here again over and over with useless spoofing proxy probes.
84.90.89.157 is currently listed in APEWS : Entry matching your Query: E-216059 84.90.88.0/21 CASE: C-82 IP space of "hot" UCE/UBE operations per NANAS, NANAE, UCEtraps & published statistics Special Reason: If your IP address is listed, go to Google Groups and search for your criteria in news.admin.net-abuse.sightings for evidence of your problem, you are causing abuse. If your IP address is NOT listed but is part of a larger IP listing, only the block owner can solve the problem, contact your ISP, see FAQ 16. Your ISP needs to action FAQ 42 History: Entry created 2007-06-18 February 26 2008 01:50 AM |
|
P.Hauser commented...
Block the whole range from 84.90.88.0 to 84.90.95.255. If you have a LINUX-shell, put all your apache-logfiles in one directory and check for these random user-agents with the following awk-command across your logs:
awk -F[\"] '($6!~ "[./(_):;\\+]"){print $1 $2 $3 $4 $5 $6 $7}' *_WhatEverYourLogNameIs You could also put this regular expression into your .htaccess or some c-, php-check-code for live check of such "harvester-spoofing" and filter them out easily. Thus IP 84.90.89.157 (and many others) were here in vain: 84.90.89.157 - - [06/Aug/2007:19:04:47 +0200] "GET /index.php?lang=es HTTP/1.1" 403 2424 "-" "irp8iSjShmtwef SbqSyixglexvcf" 84.90.89.157 - - [06/Aug/2007:18:54:33 +0200] "GET /index.php?lang=es HTTP/1.1" 403 2424 "-" "dbw gGG ff2rmrGGbklfykgy" 84.90.89.157 - - [06/Aug/2007:17:11:28 +0200] "GET /index.php?lang=fr-fr HTTP/1.1" 403 2424 "-" "wk5vdhhlnsctiflnusgosggfk" 84.90.89.157 - - [06/Aug/2007:14:39:13 +0200] "GET /index.php?lang=it HTTP/1.1" 403 2424 "-" "djjtivbsHxdqvdywud3shdo m" IPs also seen here: 84.90.89.34 84.90.89.207 84.90.89.109 84.90.89.157 84.90.89.157 84.90.89.214 84.90.90.68 August 06 2007 11:53 PM |
|
P.Hauser commented...
IP 84.90.89.34 is not yet honey-pot-trapped and visited here in February with a random user-agent (apache-log):
84.90.89.34 - - [16/Feb/2007:09:26:10 +0100] "GET /index.php?lang=es HTTP/1.1" 200 66862 "-" "dlkqvfwlyfwlfgwrhxjvfxyh" 84.90.89.34 - - [16/Feb/2007:16:00:34 +0100] "GET /index.php?lang=es HTTP/1.1" 200 66870 "-" "gpFwF lhg f r rusbaqvsvocmlorwF" 84.90.89.34 - - [16/Feb/2007:16:36:45 +0100] "GET /index.php?lang=es HTTP/1.1" 200 66870 "-" "hm5wo5oxfj5hpbvxaatshn iqccwdr" So it is obviously that this is NOT a HARMLESS spider. % Information related to '84.90.88.0/21AS13156' route: 84.90.88.0/21 whole range: 84.90.88.0 - 84.90.95.255 counting: 2048 IPs descr: Cabovisao SA - Internet Provider descr: F.Ferro (Equip2) Residential Customers Net role: Cabovisao Network Team address: Cabovisao, SA address: Lugar de pocos address: Palmela address: Portugal phone: +351 21 080 10 80 fax-no: +351 21 080 10 01 e-mail: network@cabovisao.pt abuse-mailbox: abuse@netvisao.pt July 24 2007 11:46 AM |
|
P.Hauser commented...
IP 84.90.89.157 visits here with a random user-agent (apache-log):
84.90.89.157 - - [23/Jul/2007:11:35:30 +0200] "GET /index.php?lang=es HTTP/1.1" 403 2424 "-" "fStf igSocctmbmg ruosu" 84.90.89.157 - - [24/Jul/2007:10:22:10 +0200] "GET /index.php?lang=es HTTP/1.1" 403 6936 "-" "c8jebft8oyxpaufp8b fcTybs Torbmmui uflh" So it is obviously that this is NOT a HARMLESS spider. July 24 2007 11:11 AM |
Page generated on: December 02 2008 11:23:32 PM
Please note: being listed on these pages does not necessarily mean an IP address, domain name, or any other information is owned by a spammer. For example, it may have been hijacked from its true owner and used by a spammer.
Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Contact Us
Copyright © 2004–08, Unspam Technologies, Inc. All rights reserved.
Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot