IP Address Inspector
ATTENTION |
|
91.200.13.64
The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.
Lookup IP In: Domain Tools | SpamHaus | Spamcop | SenderBase | Google Groups | Google
Geographic Location | Ukraine |
Spider First Seen | approximately 10 years, 5 months, 2 weeks ago |
Spider Last Seen | within 8 years, 6 months, 2 weeks |
Spider Sightings | 1,827 visit(s) |
User-Agents | seen with 30 user-agent(s) |
First Post On | approximately 10 years, 4 months, 3 weeks ago |
Last Post On | within 9 years, 7 months, 1 week |
Form Posts | 489 web post submission(s) sent from this IP |
15 comment(s) - Comment on this IP | Collapse All
|
G.J6 commented...
Wordpress vulnerabilities scanning active as of today!
September 11 2015 09:43 AM |
J.Huggins6 commented...
Constant attempts to exploit Wordpress plugins. Admins, block this IP address in your firewall!
July 25 2015 08:56 PM |
H.User7152 commented...
Persistent attempts to get database passwords and salts by exploiting bad Wordpress plugins and themes:
91.200.13.64 - - [13/Jul/2015:05:33:35 +0000] "GET / HTTP/1.1" 200 22090 "http://college.newsmixx.com/wp-content/themes/elegance/lib/scripts/dl-skin.php" 91.200.13.64 - - [13/Jul/2015:05:33:47 +0000] "GET /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php HTTP/1.1" 403 900 "http://***/wp-content/themes/infocus/lib/scripts/dl-skin.php" […] 91.200.13.64 - - [13/Jul/2015:09:17:26 +0000] "GET / HTTP/1.1" 200 22090 "http://precisepestcontrol.com/wp-content/themes/lote27/download.php?download=../../../wp-config.php" 91.200.13.64 - - [13/Jul/2015:09:17:37 +0000] "GET /wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php HTTP/1.1" 404 19969 "http://***/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php" […] 91.200.13.64 - - [13/Jul/2015:12:56:26 +0000] "GET / HTTP/1.0" 200 22090 "https://bbax7482m0.wordpress.com/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php" UAs: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Ubuntu/11.04 Chromium/14.0.814.0 Chrome/14.0.814.0 Safari/535.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11" July 13 2015 09:37 AM |
B.Slack5 commented...
The requested page was /support/wp-content/uploads/wp_config.php and the user agent was Mozilla/5.0 (X11; U; Linux armv7l; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16. The refering url was http://xxx/support/ and the client ip was 91.200.13.64
and several others June 17 2015 02:00 AM |
V.Michaelis commented...
Several attempts to access upload and cache files on a WordPress site on May 12, 2015.
May 13 2015 01:46 PM |
K.Harding commented...
it is active again
February 06 2015 05:03 PM |
L.Nicolai commented...
used hostname: dedic336.hidehost.net
This hostname is also used by CIDR 37.143.8.0/21 Russia. inetnum: 91.200.12.0 - 91.200.15.255 netname: GLUBINA-NET descr: PP SKS-Lugan organisation: ORG-PS152-RIPE org-name: PP SKS-LUGAN org-type: LIR address: PP SKS-LUGAN address: Lenina 42/6 address: 94207 address: Alchevsk address: UKRAINE Listed CBL: http://cbl.abuseat.org/lookup.cgi?ip=91.200.13.64 IP Address 91.200.13.64 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet. It was last detected at 2014-11-26 09:00 GMT (+/- 30 minutes). This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem". ZeuS is a malicious software (malware) used by cybercriminals to commit ebanking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.). November 26 2014 08:05 AM |
S.Byrne commented...
Tried accessing an non-extant file /wp-content/plugins/Lead-Octopus-Power/css/popup.css
Then tried accessing another non-extant file /wp-content/218.php So was appears to be trying to exploit an security hole in sites using that plug-in, then trying to run that '218.php' file if they were successful in getting that file uploaded. September 24 2014 04:13 AM |
B.Garden commented...
Back again:
/admin.php /administrator/ /wp-login.php June 05 2014 09:38 AM |
H.Lobineau commented...
GET /admin.php HTTP/1.1
GET /administrator/ HTTP/1.1 GET /wp-login.php HTTP/1.1 25 failed login attempts... May 31 2014 12:20 AM |
P.Info2 commented...
91.200.13.64 (UA/Ukraine/dedic336.hidehost.net) looking for admin area of website to login
April 15 2014 10:12 AM |
P.Info2 commented...
91.200.13.64 (UA/Ukraine/dedic336.hidehost.net) looking for admin area of website to login
April 15 2014 10:12 AM |
K.Megli commented...
100 failed login attempts from 91.200.13.64 using walshbarnes as username.
March 12 2014 04:36 PM |
A.Ivarson commented...
/admin.php
/administrator/ /wp-login.php March 05 2014 05:33 AM |
B.Garden commented...
/admin.php
/administrator/ /wp-login.php February 26 2014 10:23 PM |
Page generated on: May 03 2024 09:22:20 PM
Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us
Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.
Advertisements displayed on this page are not necessarily endorsed by Project Honey Pot