IP Address Inspector

89.28.114.111

The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.

Geographic Location	Moldova
Spider First Seen	approximately 1 year, 5 months, 3 weeks ago
Spider Last Seen	within 1 week
Spider Sightings	6,017 visit(s)
User-Agents	seen with 30 user-agent(s)

First Post On	approximately 1 year, 5 months, 2 weeks ago
Last Post On	within 1 week
Form Posts	3,742 web post submission(s) sent from this IP

IPs In The Neighborhood
89.28.113.142 \| S
89.28.113.163 \| SD
89.28.113.183
89.28.113.187 \| SD
89.28.113.223 \| SD
89.28.113.226 \| S
89.28.113.241
89.28.114.5 \| S
89.28.114.26 \| S
89.28.114.27 \| S
89.28.114.37 \| S
89.28.114.47
89.28.114.80 \| S
89.28.114.112 \| S
89.28.114.132 \| S
89.28.114.136 \| S
89.28.114.149 \| S
89.28.114.189
89.28.114.231
89.28.115.22
89.28.115.27
89.28.115.31 \| SD
89.28.115.44 \| S
89.28.115.57 \| SD
89.28.115.59 \| SD
89.28.115.67 \| S
89.28.115.77 \| S

Sample Spam URLs & Keywords Posted From 89.28.114.111

Domain: viagr.fildenafilrx.info
URL: http://viagr.fildenafilrx.info/site_map.html
Keywords: viagr tablet

Domain: vaiagra.fildenafilrx.info
URL: http://vaiagra.fildenafilrx.info/site_map.html
Keywords: vaiagra london

Domain: viagr.fildenafilrx.info
URL: http://viagr.fildenafilrx.info/site_map.html
Keywords: viagr viva

Domain: vaiagra.fildenafilrx.info
URL: http://vaiagra.fildenafilrx.info/site_map.html
Keywords: vaiagra buy ohio

Domain: vaiagra.fildenafilrx.info
URL: http://vaiagra.fildenafilrx.info/site_map.html
Keywords: vaiagra order

Domain: viagr.fildenafilrx.info
URL: http://viagr.fildenafilrx.info/site_map.html
Keywords: viagr generic online

Domain: viagr.fildenafilrx.info
URL: http://viagr.fildenafilrx.info/site_map.html
Keywords: viagr generic ohio

Domain: vaiagra.fildenafilrx.info
URL: http://vaiagra.fildenafilrx.info/site_map.html
Keywords: vaiagra com ohio

Domain: viaga.fildenafilrx.info
URL: http://viaga.fildenafilrx.info/site_map.html
Keywords: viaga women

Domain: vigara.fildenafilrx.info
URL: http://vigara.fildenafilrx.info/site_map.html
Keywords: vigara com indiana

Domain: viaga.fildenafilrx.info
URL: http://viaga.fildenafilrx.info/site_map.html
Keywords: viaga london

Domain: vigara.fildenafilrx.info
URL: http://vigara.fildenafilrx.info/site_map.html
Keywords: vigara order online

Domain: vigara.fildenafilrx.info
URL: http://vigara.fildenafilrx.info/site_map.html
Keywords: vigara samples

Domain: vigara.fildenafilrx.info
URL: http://vigara.fildenafilrx.info/site_map.html
Keywords: vigara generic omaha

Domain: viaga.fildenafilrx.info
URL: http://viaga.fildenafilrx.info/site_map.html
Keywords: viaga atlanta

89.28.114.111's User Agent Strings

Mozilla/0.6 Beta (Windows)

Mozilla/0.91 Beta (Windows)

Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)

Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)

Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)

Mozilla/3.0 (compatible; HP Web PrintSmart 04b0 1.0.1.34)

Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)

Mozilla/3.0 (x86 [en] Windows NT 5.1; Sun)

Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)

Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)

Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en]

Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)

Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) Opera 6.01 [en]

Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)

Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; BCD2000)

Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)

Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)

Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)

Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]

Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]

Mozilla/4.0 (compatible; MSIE 6.0; Update a; AOL 6.0; Windows 98)

Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)

Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; Creative)

Mozilla/4.0 (compatible; MSIE 6.0; Windows ME) Opera 7.11 [en]

6 comment(s) - Comment on this IP | Collapse All

J.Brisebois commented...

Domain Name vigira.buy-vigrarx.info resolves to
Ip Address 212.95.51.85
October 05 2009 05:31 PM

J.Brisebois commented...

This thing is persistant. I have it blocked in .htaccess and when it generated a 403 error, my banjerks.php script emailed me this:

I caught a cretin today at 10/05/09 1:59:42 PM CDT. I banned IP 89.28.114.111 from the requested URI crusaderscontend.com/forum/index.php?action=quickmod2;topic=16.0 They came from referrer [ http://vigira.buy-vigrarx.info/site_map.html ] with user agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.3 (build 01218); .NET CLR 1.1.4322)

I also integrated and started using password_protect.php by zubrag.com which has been 100% effective in stopping spam across all my sites (guestbooks, comment forms, contact forums, forums, etc). Captcha doesn't always work. password_protect.php does.
October 05 2009 05:22 PM

J.Brisebois commented...

Here's more
89.28.114.111 - - [24/Sep/2009:15:19:56 -0500] "GET /forum/index.php/topic,16.0.html HTTP/1.0" 200 4567 "http://vigra.viegra.info/vigra/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:"
89.28.114.111 - - [24/Sep/2009:15:19:56 -0500] "GET /forum/index.php/topic,16.0.html HTTP/1.0" 200 4567 "http://crusaderscontend.com/forum/index.php/topic,16.0.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:"
89.28.114.111 - - [24/Sep/2009:15:19:57 -0500] "GET /forum/index.php HTTP/1.0" 200 4567 "http://crusaderscontend.com/forum/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:"
September 24 2009 04:42 PM

J.Brisebois commented...

tried to access my forums 109 times on sept 1
I found this stuff in my access logs:
89.28.114.111 - - [01/Sep/2009:11:22:37 -0500] "GET /forum/index.php/topic,16.0.html HTTP/1.0" 200 25940 "http://vigramg.idoo.com/viagera" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
89.28.114.111 - - [01/Sep/2009:11:22:38 -0500] "POST /forum/index.php?PHPSESSID=6dd560d60955d763f6fc79a76214af66&action=quickmod2;topic=16.0 HTTP/1.0" 302 - "http://crusaderscontend.com/forum/index.php/topic,16.0.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
September 09 2009 01:41 PM

D.Berg commented...

6/9 - More WP comment spam, but with nonfunctional e-mail and URL
June 09 2009 02:50 PM

I.Ellis commented...

seen today (10 Nov 08) trying to make an addentry to guestbook
November 11 2008 01:28 AM

Page generated on: November 22 2009 10:53:09 AM

Please note: being listed on these pages does not necessarily mean an IP address, domain name, or any other information is owned by a spammer. For example, it may have been hijacked from its true owner and used by a spammer.

Want to keep this IP address off your website? Start taking advantage of http:BL.

If you are the owner of this IP address, you can whitelist it by connecting to this paged from the IP itself (or from an IP within /24). Alternatively, the IP will be auto excused after 90 days of no activity.

89.28.114.111 | C

Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot