IP Address Inspector

213.79.125.20

This IP addresses has been seen by at least one Honey Pot. However, none of its visits have resulted in any bad events yet. It's possible that this IP is just a harmless web spider or Internet user. If you know something about this IP, please leave a comment.

Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google

Geographic Location Russia Russia
Spider First Seen approximately 4 years, 3 months, 3 weeks ago
Spider Last Seen within 3 years, 6 months, 4 weeks
Spider Sightings 10 visit(s)
User-Agents seen with 1 user-agent(s)
IPs In The Neighborhood
213.79.124.66 | SD Poland
213.79.124.122 | SDC Russia
213.79.124.123 | SD Russia
213.79.124.124 | SD Russia
213.79.124.125 | SD Russia
213.79.124.126 | SD Russia
213.79.124.130 | SD Russia
213.79.124.194 | S Poland
213.79.124.205 Poland
213.79.124.234 | S Russia
213.79.124.246 | S Poland
213.79.124.254 | SC Russia
213.79.125.10 Russia
213.79.125.26 | S Russia
213.79.125.34 | SD Poland
213.79.125.58 Russia
213.79.125.66 | SD Russia
213.79.125.114 Poland
213.79.125.122 | SD Poland
213.79.125.182 Russia
213.79.125.194 | D Russia
213.79.125.196 | SD Poland
213.79.125.205 Russia
213.79.125.210 | SD Poland
213.79.125.222 Russia
213.79.125.230 | S Russia
213.79.125.235 | S Poland
213.79.125.20's User Agent Strings
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
J.Controlletti commented...
phpMyAdmin, xampp and so on hacking attempts
April 01 2012 03:22 PM
M.Giddings2 commented...
This ip appears to be used by a script kiddie.


213.79.125.20 - - [22/Mar/2012:21:17:21 -0400] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:22 -0400] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:22 -0400] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:22 -0400] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:23 -0400] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:23 -0400] "GET /websql/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:23 -0400] "GET /webdb/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:24 -0400] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
213.79.125.20 - - [22/Mar/2012:21:17:24 -0400] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
March 22 2012 09:06 PM
C.JJ commented...
213.79.125.20 - - [01/Mar/2012:19:38:19 +0100] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:19 +0100] "GET /scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:19 +0100] "GET /admin/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:22 +0100] "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:23 +0100] "GET /db/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:23 +0100] "GET /dbadmin/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:23 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
213.79.125.20 - - [01/Mar/2012:19:38:23 +0100] "GET /mysql/scripts/setup.php HTTP/1.1" 403 1290 "-" "ZmEu"
...
March 01 2012 01:41 PM
J.Woody commented...
DICTIONARY ATTACKER
ATTEMPTED EXPLOIT HACK(Attempt to access non existing areas using known exploit)

213.79.125.20 - Russia - Network for Mikrostayl - Jsc Comcor

SMALL SAMPLE:
213.79.125.20 - - [25/Oct/2011:07:37:01 +0100] "GET // HTTP/1.1" 403 5225 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
213.79.125.20 - - [25/Oct/2011:07:37:02 +0100] "GET //htdocs/ HTTP/1.1" 403 1224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
213.79.125.20 - - [25/Oct/2011:07:37:02 +0100] "GET //phpldapadmin/htdocs/ HTTP/1.1" 403 1224 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
October 25 2011 05:59 AM
M.Headrick commented...
Trying to run database admin scripts. Various versions of phpMyAdmin and so on.
October 21 2011 01:55 PM
A.Heathcock commented...
Attempting admin hack
October 13 2011 06:21 PM
J.Woody commented...
DICTIONARY ATTACKER
ATTEMPTED EXPLOIT HACK(Attempt to access non existing areas using known exploit)

213.79.125.20 - Russia - Network for Mikrostayl - Jsc Comcor

SMALL SAMPLE:
213.79.125.20 - - [29/Sep/2011:16:17:40 +0100] "GET /muieblackcat HTTP/1.1" 403 1224 "-" "-"
213.79.125.20 - - [29/Sep/2011:16:17:40 +0100] "GET //scripts/setup.php HTTP/1.1" 403 1224 "-" "-"
213.79.125.20 - - [29/Sep/2011:16:17:41 +0100] "GET /muieblackcat HTTP/1.1" 403 1224 "-" "-"
213.79.125.20 - - [29/Sep/2011:16:17:41 +0100] "GET //admin/scripts/setup.php HTTP/1.1" 403 1224 "-" "-"
213.79.125.20 - - [29/Sep/2011:16:17:41 +0100] "GET //scripts/setup.php HTTP/1.1" 403 1224 "-" "-"
September 29 2011 04:28 PM
H.User724 commented...
Offensive behaviour noted 03-Sep-2011:

[03/Sep/2011:11:06:38 +0200] "GET /muieblackcat HTTP/1.1"
[03/Sep/2011:11:06:42 +0200] "GET //admin/scripts/setup.php HTTP/1.1"
[03/Sep/2011:11:06:43 +0200] "GET //admin/pma/scripts/setup.php HTTP/1.1"

etc.
September 03 2011 02:23 AM
C.Brockman commented...
Dictionary attacker. Example: 213.79.125.20 - - [09/Aug/2011:08:18:26 -0600] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 2071 "-" "-"
August 09 2011 10:38 AM
Page generated on: January 06 2016 03:58:14 PM

Please note: being listed on these pages does not necessarily mean an IP address, domain name, or any other information is owned by a spammer. For example, it may have been hijacked from its true owner and used by a spammer.


Follow projecthoneypot on Twitter

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | CloudFlare Site Protection | Contact Us

Copyright © 2004–16, Unspam Technologies, Inc. All rights reserved.

Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot

contact | wiki | email