IP Address Inspector
The Project Honey Pot system has detected behavior from the IP address consistent with that of a spam harvester and comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
|Harvester First Seen||approximately 10 years, 1 week ago|
|Harvester Last Seen||within 5 years, 1 month, 1 week|
|Harvester Sightings||596 visit(s) to 9 honey pot(s)|
0.034 messages per visit
20 message(s) resulting from harvests
- First: approximately 9 years, 11 months, 1 week ago
- Last: approximately 7 years, 1 month, 2 weeks ago
452 email address(es) harvested
- First: approximately 10 years, 1 week ago
- Last: Thu, 14 Aug 2008 09:55:55 -0700
|Time From Harvest
To First Spam
Fastest: 1 day, 5 hours, 51 mins, 2 secs
Slowest: 1 month, 1 week, 3 days, 5 hours, 59 mins, 15 secs
Average: 2 weeks, 1 day, 16 hours, 24 mins, 45 secs
Std Dev: 2 weeks, 2 days, 2 hours, 41 mins, 43 secs
|First Post On||approximately 9 years, 6 months, 2 weeks ago|
|Last Post On||within 9 years, 2 months, 4 weeks|
|Form Posts||2 web post submission(s) sent from this IP|
23 hits on my site using the following in the URL: ../../../../etc/passwd%00 Banned again.
January 10 2013 07:21 AM
Sent an email to email@example.com and received this message back: Dear Sirs,
thank you for your message.
Unfortunately we cannot further help you, because the IP 220.127.116.11 belongs to our STRATO Loadbalancer. It distributes incoming requests amongst different servers to evenly disseminate the load. Due to the reason that the incoming load is very high, we cannot keep connection logs in our data center. A further investigation is therefore not possible.
Queries originating from the above mentioned IP-address might be due to a STRATO customer activating a redirect. We use a proxy (Loadbalancer) for this redirect, which uses the above mentioned IP.
STRATO AG | Abuse Management
December 18 2012 01:32 PM
This IP has been hitting my site over and over for the past day.
December 11 2012 12:50 PM
May 13 2009 02:29 PM
@ B.Kennedy4... the same thing is happening to a client of mine. It is something on his computer or connection. I found this by insulating him to a specific FTP folder and the injection took place last night with the rest of the site unaffected. I will report back when I find out more from him.
April 21 2009 05:19 AM
This ip address 18.104.22.168 has been showing up on my logs in the past two weeks. Code has been inserted into my .html files, php files and js files.
I strip it out and it is back again 2 days later.
April 11 2009 02:20 PM
Had http POSTS from this ip to our web site. United States. User-agent is WordPress/2.7.1?
March 13 2009 06:55 AM