IP Address Inspector
The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
|Geographic Location||United States|
|Spider First Seen||approximately 11 years, 2 months, 3 weeks ago|
|Spider Last Seen||within 5 years, 11 months, 1 week|
|Spider Sightings||1,162 visit(s)|
|User-Agents||seen with 30 user-agent(s)|
|First Post On||approximately 9 years, 8 months, 4 weeks ago|
|Last Post On||within 5 years, 11 months, 1 week|
|Form Posts||576 web post submission(s) sent from this IP|
A user with IP address 22.214.171.124 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username 'administrator' to try to sign in.
User IP: 126.96.36.199
User hostname: tor-node.rutgers.edu
IP Address 188.8.131.52 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2015-10-06 09:00 GMT (+/- 30 minutes), approximately 11 hours, 30 minutes ago.
This IP is infected with, or is NATting for a machine infected with s_downloaderbot-mxb
Note: If you wish to look up this bot name via the web, remove the "s_" before you do your search.
This was detected by observing this IP attempting to make contact to a s_downloaderbot-mxb Command and Control server, with contents unique to s_downloaderbot-mxb C&C command protocols.
This was detected by a TCP/IP connection from 184.108.40.206 on port 38826 going to IP address 220.127.116.11 (the sinkhole) on port 80.
The botnet command and control domain for this connection was "birthdaymailas.com".
October 06 2015 04:42 PM
Referrer spam: "http://hvd-store.com/"
Agent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
March 28 2015 03:33 AM
Net Range 18.104.22.168 - 22.214.171.124
Name Rutgers University
Street Computing Services
110 Frelinghuysen Road
Postal Code 08854-8089
March 27 2015 06:30 AM
Honey Pot System commented...
WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
February 11 2015 03:42 AM
Honey Pot System commented...
WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
February 05 2015 10:50 AM
Honey Pot System commented...
WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:05. Documented reason for whitelist: Owner of a Dynamic IP Address
February 05 2015 10:48 AM
January 17 2014 02:13 PM
SQL Injection Attempts, TOR networks from multiple IP's
July 21 2013 01:34 PM
ATTEMPTED ADMIN EXPLOIT HACK(Attempt to access non existing area using known exploit script attack and sql injection)
Combined attacks from TOR networks:
126.96.36.199 - United States - Livermore - Hurricane Electric Inc.
188.8.131.52 - United States - Los Angeles - Axigy - Resolve Host: axigy2.torservers.net - Web Africa Proxy
184.108.40.206 - United States - Los Angeles - Axigy - Resolve Host: herngaard.torservers.net - Web Africa Proxy
220.127.116.11 - United States - Los Angeles - Oversee.net - Resolve Host: tor-exit-router38-readme.formlessnetworking.net
18.104.22.168 - United States - Los Angeles - Axigy - Resolve Host: manning1.torservers.net - Web Africa Proxy
22.214.171.124 - United States - Los Angeles - Oversee.net - Resolve Host: tor-exit-router42-readme.formlessnetworking.net
126.96.36.199 - Sweden - Guilhem.org - Resolve Host: madiba.guilhem.org
188.8.131.52 - United States - Chicago - Conformal Systems Llc. - Resolve Host: tor-exit4.conformal.com
184.108.40.206 - United States - Cambridge - Massachusetts Institute Of Technology - Resolve Host: sipb-tor.mit.edu
220.127.116.11 - United States - Newark - Rutgers University - Resolve Host: tor-node.rutgers.edu
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.2; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)"
July 16 2013 02:51 PM
...CONTINUED FROM ABOVE
SMALL SAMPLE (trim xxx for char limit):
18.104.22.168 - - xxx%20or%201%3E1 HTTP/1.1" 403
axigy2.torservers.net - - xxx%20or%201%3Dutl_inaddr.get_host_address%28%28select%20chr%28126%29%7C%7xxx HTTP/1.1" 403
herngaard.torservers.net - - xxx%20or%201%3Dctxsys.drithsx.sn%281%2C%28select%20chr%28126%29%7C%7Cchr%2839%29%7C%7Cglobal_name%7C%7Cxxx HTTP/1.1" 403
tor-exit-router38-readme.formlessnetworking.net - - xxx%20or%201%3Dordsys.ord_dicom.getmappingxpath%28%28select%20chr%28126%29%7C%7Cxxx HTTP/1.1" 403
manning1.torservers.net - - xxx%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnullxxx HTTP/1.1" 403
tor-exit-router42-readme.formlessnetworking.net - - xxx999999.9%20or%20gth%28%28select%20name%20from%20v%24databasexxx HTTP/1.1" 403
madiba.guilhem.org - - xxx999999.9%20%2F*%2130000union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2xxx-- HTTP/1.1" 403
tor-exit4.conformal.com - - xxx%20%2F*%2130000union%20all%20select%20null%2Cnull%2Cnull%2Cnull*%2F-- HTTP/1.1" 403
sipb-tor.mit.edu - - xxx=convert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cxxx HTTP/1.1" 403
tor-node.rutgers.edu - - xxx=999999.9 or ascii(substr((select name from v$database where rownum=1),36,1))
July 16 2013 02:50 PM
Its just a TOR exitnode
March 28 2013 08:27 AM
ran into a trap
January 15 2013 12:48 PM
Warning on this IP.
Currently being used as one of a cycle of many false IP accounts attempting to hack into numerous trusted member accounts.
Details of IP also include : New Jersey RUTGERS.EDU
March 07 2011 11:26 PM