IP Address Inspector

W.Backslash AG commented...

still active
April 08 2020 05:11 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
October 26 2019 02:05 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
September 30 2019 08:50 PM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:02:05. Documented reason for whitelist: Owner of a Dynamic IP Address
September 30 2019 08:45 PM

W.Backslash AG commented...

form-spam
April 24 2019 09:23 AM

R.Heiner2 commented...

IP/Host shown: marylou.nos-oignons.net

UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240

- same UA also used from this Host: tor-exit-readme.memcpy.io - IP =163.172.67.180

Hostname: http://marylou.nos-oignons.net
ASN: AS197422 Tetaneutral.net
ISP: OPDOP SCIC
Provider: Manyones.com Sarl
Country: France
City: Toulouse
ISP Location: Saint-martin-bellevue, Rhone-alpes, France
ISP: Opdop Scic

Website Header: X-Your-Address-Is: 62.113.217.49

Botnet: Janus
Bad Robot with different activities such as referer spam and comment spam. Distributing attacks over hundreds of IP addresses, including the Tor network.

Botnet activity: Bad

Attack target(s): Web, SSH

Proxy type: Tor - Tor Exit Node

Listed all.s5h.net
Listed cbl.abuseat.org
Listed dnsbl.tornevall.org
Listed exitnodes.tor.dnsbl.sectoor.de
Listed spambot.bls.digibase.ca
Listed tor.dnsbl.sectoor.de

DNS Server = 192.5.6.30

Traceroute to Host: be101.ccr41.ord03.atlas.cogentco.com - IP = 154.54.13.93 = ISP Cogent Communications
AS Number AS174 Cogent Communications = PSINet, Inc. (PSI-2)

CBL listed in Spamhaus: This IP is infected with, or is NATting for a machine infected with Trojan:Win32/Ramnit (Microsoft).

Amongst other things, Ramnit inserts malicious code into web server pages is an attempt to propagate itself.

This was detected by a TCP connection from "89.234.157.254" on port "35399" going to IP address "87.106.190.153" (the sinkhole) on port "443".

The botnet command and control domain for this connection was "n/a".

IP 87.106.190.153 = ISP 1&1 Internet AG
AS Number AS8560 1&1 Internet SE
Traceroute to Host: ae-10.r07.chcgil09.us.bb.gin.ntt.net - NTT America. -
November 24 2018 04:28 AM

A.B78 commented...

This is a TOR exit node, because of your list being included in several IP-Filters i'm not able to access some Websites!
Please make it clear to people subscribing to your list that one should not simply block those adresses when they want to read websites.

I, being myself a part time "webmaster" fully understand the reason for blocking malicious users when your server isn't fast enough to do proper filtering. But some websites block just anyone on your list from even simple GET requests!

I would like complain to the websites in question directly but i am blocked from accessing them, also distributors of such lists should at least inform their users about these issues.
From reading the comments on other IP's, here is my quick fix for your security problems: just uninstall PHP.
August 22 2017 02:19 PM

R.Lin3 commented...

Harverster, Comment Spammer
August 16 2017 01:38 PM

R.Heywood commented...

Registration spammer:

Action: Register
Name: nathanbr11
E-mail: scottqo3@esperanzabria.montreal5.top
Username: nathanbr11
UserIP: 89.234.157.254
Spam check: StopForumSpam (EMail: frequency=255, last_seen=2017-07-08 02:48:21; IP: frequency=2998, last_seen=2017-07-08 02:28:41; ) SPAMBOT_TRUE
July 10 2017 08:34 AM

J.Murphy17 commented...

Back again, comment spammer, tor exit. bad, bad bot.
March 15 2016 10:24 AM

J.Murphy17 commented...

referrer spammer. tor exit node, cross-site scripting (XSS) attack. originating from nos-oignons.net
February 28 2016 02:31 PM

J.Humphrey31 commented...

A Tor exit node, belonging to nos-oignons.net.

Seen trying to hack into WordPress, no doubt to leave spam.
October 14 2015 06:33 AM

S.Johnson34 commented...

Attempted brute force wp-admin login
October 07 2015 08:25 AM

H.User7152 commented...

Attempts to manipulate wpdm_ajax_call in Wordpress.
May 08 2015 03:27 AM

W.Backslash AG commented...

xss attack
April 29 2015 04:19 AM

T.Jarvis commented...

Referrer spam: "http://hundejo.com/"
Agent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
March 22 2015 06:51 PM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
March 14 2015 03:09 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
March 12 2015 11:30 PM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:25. Documented reason for whitelist: Other
March 12 2015 11:27 PM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been REMOVED from Project Honey Pot whitelists; bad activity was encountered.
January 31 2015 02:36 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been whitelisted. Future bad activity will result in automatic removal.
January 30 2015 03:50 AM

Honey Pot System commented...

WHITELIST NOTICE: This IP has been marked to be included on Project Honey Pot whitelists. The whitelist is scheduled with a delay of 00:00:05. Documented reason for whitelist: Other
January 30 2015 03:43 AM

B.Viper commented...

This is a Tor exit node, there is lots of traffic and multiple user agent strings because there are multiple users, there are thousands of people using this exit node there is hardly any spam in comparison
January 24 2015 06:34 PM