IP Address Inspector
The Project Honey Pot system has detected behavior from the IP address consistent with that of a spam harvester and rule breaker. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
|Harvester First Seen||approximately 15 years, 7 months, 5 weeks ago|
|Harvester Last Seen||within 13 years, 2 months, 3 weeks|
|Harvester Sightings||7,778 visit(s) to 270 honey pot(s)|
238.877 messages per visit
1,857,983 message(s) resulting from harvests
- First: approximately 15 years, 7 months, 4 weeks ago
- Last: approximately 1 year, 3 weeks ago
6,291 email address(es) harvested
- First: approximately 15 years, 7 months, 5 weeks ago
- Last: Thu, 15 Jul 2010 11:57:40 -0400
|Time From Harvest
To First Spam
Fastest: 3 hours, 29 mins, 36 secs
Slowest: 1 week, 5 days, 1 hour, 14 mins, 17 secs
Average: 3 days, 5 hours, 5 mins, 59 secs
Std Dev: 2 days, 10 hours, 58 mins, 57 secs
|First Rule-Break On||approximately 13 years, 4 months, 3 weeks ago|
|Last Rule-Break On||within 13 years, 2 months, 4 weeks|
|Rule Breaks||3 web page navigation rule(s) broken by this IP|
IP Address: 220.127.116.11
Location: BUCURESTI (44.433N, 26.106E)
June 01 2009 09:53 AM
Bot did 12 times a request on my wiki. Seems to like HTTP/1.1
Bot tries some files (even root and some kind of google-analytics-js that was placed at the end of my pages). First searched some png-files, then used a piece of a .js-script (404-error), then took the api to search the site and tried to access the search.php-file. Stopped when trying to access root; (301-error)
Bot is using Java/1.6.0_04 now. No known
April 27 2009 05:13 PM
V.De Waal commented...
I saw it today for the second time in a week. It tried to bypass a login.
I shall change the script, so not only the ipadress is showed, but also the words he uses to get in.
February 21 2009 05:35 AM
This IP was blocked, as all from China are blocked from my site.
It used UA "Java/1.6.0_04" coming for homepage, but maybe gave up after it got a 403.
Some time in the past my site has also seen nearby IPs, and are now specifically on my deny list for trying to access the guestbook trap:
deny from 18.104.22.168
deny from 22.214.171.124
January 18 2009 12:20 PM
A.Degives Mas commented...
Repeatedly and in rapid succession attempts to probe for access to a variety of files, arguably trying to fingerprint the server system. Displays a UA of Java/1.6.0_11. Operates in very close time proximity and with almost identical probes from IP 126.96.36.199 - that one differs merely on a different UA namely Java/1.6.0_07.
One interesting feature these all have in common is that in the headers they send they show Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
December 30 2008 05:28 PM