IP: 91.224.160.25 Finland Location: Finland
Country:
Finland
Latitude:
60.1708
Longitude:
24.9375
NetRange: 91.0.0.0 - 91.255.255.255
CIDR: 91.0.0.0/8
NetName: 91-RIPE
NetHandle: NET-91-0-0-0-1
Parent: ()
NetType: Allocated to RIPE NCC
OriginAS:
Organization: RIPE Network Coordination Centre (RIPE)
RegDate: 2005-06-30
Updated: 2009-05-18
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
Ref: https://rdap.arin.net/registry/ip/91.0.0.0

ResourceLink: https://apps.db.ripe.net/search/query.html
ResourceLink: whois.ripe.net

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: https://rdap.arin.net/registry/entity/RIPE

ReferralServer: whois://whois.ripe.net
ResourceLink: https://apps.db.ripe.net/search/query.html

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: abuse@ripe.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN
DNS BlackList results:
Most recent complaints on 91.224.160.25
Complaint by z-z-z :

Extensive hacking. Searching for phpmyadmin/index.php pma/index.php phpMyAdmin/index.php PMA/index.php dbadmin/index.php mysql/index.php myadmin/index.php /php-my-admin/index.php sqlmanager/index.php mysqlmanager/index.php phpmanager/index.php webadmin/index.php sqlweb/index.php websql/index.php webdb/index.php mysqladmin/index.php mysql-admin/index.php admin/index.php php-myadmin/index.php phpmy-admin/index.php wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php wp-content/plugins/wp-phpmyadmin/phpmyadmin/index.php at half past eight this morning. Shut that machine down!

Reported on: 23rd, Nov. 2012
Complaint by adminuk :

continually trying to hack server

Reported on: 5th, Dec. 2012
Complaint by Cube :

Found using PHP root kit on website under vulnerable WordPress theme.

Reported on: 9th, Jan. 2013
Complaint by Don :

Attempting a SQL injection attack on our servers

Reported on: 3rd, Apr. 2013
Complaint by Lambom :

multiple SQL injection attempts from this IP

Reported on: 18th, Apr. 2013
Complaint by Kitties :

Caught attempting to exploit a PHP file include vulnerability on our webserver.

Reported on: 10th, Jun. 2013
Complaint by Tony :

Multiple SQL injection attempts

Reported on: 26th, Jun. 2013
Complaint by mark :

me to as reported by zzz WHAT THE **** DOES A GUY DO???

Reported on: 2nd, Jul. 2013
Complaint by mark :

what is this x12.mktsmart.cu.cc AdnormCrawler www.adnorm.com/crawler about? ALSO>>>>>91.224.160.25 is looking for zero day threats!>>>LOOK /phppath/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation% http://blog.sucuri.net/2013/06/plesk-0-day-remote-vulnerability-in-the-wild.html PROOF SO YOU NO IM NOT FULL OF IT!i dont know how to use the htacess to block the range of ips the dork has! hosted-by.bergdorf-group.com "country": "Netherlands", "city": "Group", "isp": "Bergdorf Group Ltd.", "organization": "Bergdorf Group Ltd.", "latitude": 51.7862, "ip": "91.224.160.25", "region": "Zuid-Holland", "hostname": "hosted-by.bergdorf-group.com", "asn": [], "longitude": 4.4377}i spend more time trying to protect my server then i do writing articles anyway he trys to use a feed to get to u also he or should say it tried 198 attempts

Reported on: 2nd, Jul. 2013
Complaint by Jim :

Over 200 attempts through our blog this morning for to open: timthumb.php thumb.php index.php wp-conf.php as well as a few others

Reported on: 4th, Jul. 2013
Complaint by z-z-z :

Eight months after my first complaint they're still at it. This Bergdorf group must be one of the most sorry heaps of losers this side of the Moskva-river, to sit quietly back and turn a blind eye to one of their clients making a regular occupation of hacking websites! I blocked them after their first walk-through, which didn't deter them from -- today -- again searching for phpmyadmin/index.php phpMyAdmin/index.php mysqladmin/index.php mysql-admin/index.php webadmin/index.php and some more of the same kind. After it all failed, however, they came up with a new one. Perhaps anyone can make something of this (for I'm at a loss): "POST /?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" and "POST /phppath/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" ???

Reported on: 20th, Jul. 2013
Complaint by Chilchii :

SQL injection attacks from this IP

Reported on: 30th, Aug. 2013
Complaint by MIchael :

It's still up and running and just tried to access our server as well.

Reported on: 22nd, Oct. 2013
Complaint by Ol Jay :

continually trying to hack server

Reported on: 17th, Jul. 2015
Complaint by David E :

Trying to break into Wordpress and run PHP Mailer exploit in Gravity Forms

Reported on: 4th, Aug. 2015

Please help us keep Internet safer and cleaner by leaving a descriptive comment about 91.224.160.25 IP address


DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.

WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.

** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.