PDA

View Full Version : the origin of this IP



jass
08-31-2007, 02:58 AM
IP: 89.164.18.86

Someone left a message leaving URL of indecent webpages using the above IP number. Is it possible to trace the origin of this IP and whether the IP is from a proxy?

Many thanks in advance.

Rockonmetal
08-31-2007, 03:32 AM
ok, let me help you out... hold on

jscheuer1
08-31-2007, 03:36 AM
If you mean a message, as in email. Most likely not.

Twey
08-31-2007, 08:26 AM
It's a home DSL address in Hungary. It's unlikely that it's a proxy, but I can't be sure since it's down at the moment. The ISP is Iskon (http://www.iskon.hr/); report the abuse to them and they'll take action if appropriate.

jscheuer1
08-31-2007, 09:41 AM
It's a home DSL address in Hungary. It's unlikely that it's a proxy, but I can't be sure since it's down at the moment. The ISP is Iskon (http://www.iskon.hr/); report the abuse to them and they'll take action if appropriate.

Geez, if they get banned from that ISP, they will probably have to get an IP address in some break away republic. I don't see why it's being located in Hungary would have anything to do with its being a proxy or not. The fact that it sent spam, and is down, would make think you could never find the originator. They've probably already moved on, one way or another.

Twey
08-31-2007, 08:16 PM
Because the ISP should have access to details about the user, including a traffic log, from which it may be possible to discover his/her/their real identit(y|ies).
I don't see why it's being located in Hungary would have anything to do with its being a proxy or not.It isn't, but it's a home address. Generally such users like to use an offshoot of a big network somewhere anonymous.

jscheuer1
09-01-2007, 05:03 AM
Ah well. My thinking is that there could be at least two possibilities:


A spammer hijacks some IP address to do his/her spamming with.

Some nut uses their own IP address to send out links to ****.


Which do you think is more likely?

Twey
09-01-2007, 12:26 PM
That is true. In which case, the ISP should contact the user to tell him/her that his/her machine may have been infected with something.

jass
09-02-2007, 05:30 PM
It's a home DSL address in Hungary. It's unlikely that it's a proxy, but I can't be sure since it's down at the moment. The ISP is Iskon (http://www.iskon.hr/); report the abuse to them and they'll take action if appropriate.

May I know the URL of the site that you used which discloses the above information? Thank you.

thetestingsite
09-02-2007, 05:45 PM
Here you go:

http://private.dnsstuff.com/tools/ipall.ch?ip=89.164.18.86

Hope this helps.

Twey
09-02-2007, 08:30 PM
I just did a reverse DNS lookup then a whois on the domain, no site.

jass
09-04-2007, 03:40 PM
The following were posted on the guestbook again but this time with 5 different IPs. Would appreciate if someone could advise on what action I could take to stop this. I did a reverse DNS lookup but the ISP are all different, even though the messages must have been posted by the same person. . Would appreciate if someone could help.

<A HREF="http://premiumgrownups.com/7/bestiality-bestiality-free.html"><b>Bestiality Bestiality Free</b></A><br> <A HREF="http://premiumgrownups.com/7/free-gay-tgp.html"><b>free gay tgp</b></A><br>
(165.228.128.11) .. 2007/09/04(Tue) 23:21 [109]
--------------------------------------------------------------------------------
<A HREF="http://premiumgrownups.com/5/japan-girls-in-tokyo.html"><b>Japan Girls in Tokyo</b></A><br> <A HREF="http://premiumgrownups.com/5/pregnant-women-naked.html"><b>pregnant women naked</b></A><br>
(165.228.132.11) .. 2007/09/04(Tue) 23:20 [108]
--------------------------------------------------------------------------------
<A HREF="http://premiumgrownups.com/6/sandra-bullock-naked.html"><b>Sandra Bullock naked</b></A><br> <A HREF="http://premiumgrownups.com/6/adult-maine-coon-cats-for-sale.html"><b>adult maine coon cats for sale</b></A><br>
(165.228.131.12) .. 2007/09/04(Tue) 23:15 [107]

--------------------------------------------------------------------------------
I like your website alot...its lots of fun... you have to help me out with mine... <a href="http://ages****.com/7/teen-body-painting.html">teen body painting</a> <a href="http://ages****.com/3/anal-lick.html">anal lick</a> <a href="http://ages****.com/2/sexy-beauties.html">sexy beauties</a> <a href="http://ages****.com/0/wet-black-girls.html">wet black girls</a> <a href="http://ages****.com/0/teen-trannies.html">teen trannies</a> <a href="http://ages****.com/7/shemales.html">shemales</a>
(217.18.184.82) .. 2007/09/04(Tue) 23:13 [106]

Isabella180

-------------------------------------------------------------------------------
Nice webpage, lovely, cool design. http://www.ej3.net/foro/index.php?showtopic=966 buy phentermine online
http://www.ej3.net/foro/index.php?showtopic=967 buy cheap phentermine
http://www.ej3.net/foro/index.php?showtopic=968 buy phentermine
http://www.ej3.net/foro/index.php?showtopic=969 phentermine no prescription
http://www.ej3.net/foro/index.php?showtopic=970 phentermine without prescription
http://www.ej3.net/foro/index.php?showtopic=971 phentermine 37.5 mg
http://www.ej3.net/foro/index.php?showtopic=972 cheap phentermine
http://www.ej3.net/foro/index.php?showtopic=973 phentermine overnight
http://www.ej3.net/foro/index.php?showtopic=974 order phentermine
http://www.ej3.net/foro/index.php?showtopic=975 discount phentermine

(91.121.67.145) .. 2007/09/04(Tue) 23:12 [105]


After the above were deleted, the following appeared this morning:

<A HREF=" http://trol****.com/7/wifes.html

"><b>wifes</b></A><br> <A HREF=" http://trol****.com/7/xxx-

babysitters.html "><b>xxx babysitters</b></A><br>
(195.175.37.70) .. 2007/09/05(Wed) 09:58 [149]

------------------------------------------------------------
<A HREF=" http://aski****.com/s/adolescent-bikini-girls.html
"><b>adolescent bikini girls</b></A><br> <A HREF="

http://aski****.com/s/teens-in-short-skirts.html "><b>teens

in short skirts</b></A><br> <A HREF="

http://aski****.com/s/shania-twain-sexy.html "><b>shania

twain sexy</b></A><br>
(72.36.162.26) .. 2007/09/05(Wed) 09:57 [148]

-----------------------------------------------------------

Hi there! Your site is cool!
(213.75.36.23) .. 2007/09/05(Wed) 09:57 [147]

-----------------------------------------------------
<A HREF=" http://trol****.com/6/caught-naked.html

"><b>caught naked</b></A><br> <A HREF="

http://trol****.com/6/bikini-buns.html "><b>bikini

buns</b></A><br>
(195.175.37.70) .. 2007/09/05(Wed) 09:57 [146]
------------------------------------------------------------

<A HREF=" http://ytsieks.com/2/vintage-xxx.html "><b>vintage

xxx</b></A><br> <A HREF=" http://ytsieks.com/2/programming-

hepatitis-c-sex.html "><b>programming hepatitis c

sex</b></A><br>
(80.58.205.33) .. 2007/09/05(Wed) 09:56 [145]

------------------------------------------------

<A HREF=" http://ytsieks.com/1/holla-back-girl.html

"><b>holla back girl</b></A><br> <A HREF="

http://ytsieks.com/1/licking-tits.html "><b>licking

tits</b></A><br>
(80.58.205.33) .. 2007/09/05(Wed) 09:55 [144]

-------------------------------------------------------
It looks like you really had a nice time.
(212.25.95.135) .. 2007/09/05(Wed) 09:54 [143]

jscheuer1
09-05-2007, 04:47 AM
Well, that tends to support my theory that these are simply proxies and/or hijacked IP addresses. The only things I can think of are:


Use some kind of validation routine on posts before they are accepted, like reject all with the word phentermine, etc. in them.

Require validation of the user via a CAPTCHA before allowing them to post.

Constant vigilance. Here at the forums, we use the second method plus email verification and have several moderators who can delete questionable posts.

Twey
09-05-2007, 01:13 PM
Beware when creating a CAPTCHA: they're very hard to do right. Remember that blind users will be unable to view an image CAPTCHA. Some common mistakes people make when creating image CAPTCHAs, too, are listed here (http://sam.zoy.org/pwntcha/).