89.248.169.12 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Incrediserve Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-14 05:20:20
attack	TCP port : 3389	2020-09-01 19:58:18
attack	Port Scan ...	2020-08-19 04:33:49
attack	TCP port : 995	2020-08-16 18:25:39
attackbotsspam	Sent packet to closed port: 5985	2020-08-10 12:56:13
attackspam	Icarus honeypot on github	2020-08-01 14:16:24
attack	Port scanning [4 denied]	2020-07-28 00:30:51
attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 79 - port: 554 proto: tcp cat: Misc Attackbytes: 60	2020-07-22 19:00:45
attack	Port Scan ...	2020-07-17 02:32:34
attack	scans 2 times in preceeding hours on the ports (in chronological order) 5901 5901 resulting in total of 42 scans from 89.248.160.0-89.248.174.255 block.	2020-07-07 00:17:14
attackbots	port	2020-07-05 23:17:17
attackspam	firewall-block, port(s): 5800/tcp	2020-06-24 02:09:27
attack	2000/tcp 995/tcp 993/tcp... [2020-04-20/06-19]191pkt,15pt.(tcp)	2020-06-20 05:42:09
attackspam	2020-06-17 09:53:11 Unauthorized connection attempt to IMAP/POP	2020-06-18 13:09:56
attackbots	RDP brute force attack detected by fail2ban	2020-06-06 23:16:26
attackbots	Multiport scan 14 ports : 110(x4) 554(x4) 587(x4) 993(x4) 995(x4) 2000(x3) 3306(x3) 5672(x3) 5800(x4) 5900(x3) 5901(x4) 5985(x4) 7779(x4) 8443(x4)	2020-06-01 19:09:39
attackspambots	firewall-block, port(s): 5900/tcp	2020-05-12 08:35:42
attackbots	RDP brute force attack detected by fail2ban	2020-05-11 07:59:34
attack	firewall-block, port(s): 2000/tcp	2020-05-07 02:57:57
attackbotsspam	Port probing on unauthorized port 2000	2020-04-18 15:52:04
attack	firewall-block, port(s): 993/tcp	2020-04-14 19:08:54
attack	SNORT TCP Port: 110 Classtype misc-attack - ET CINS Active Threat Intelligence Poor Reputation IP group 84 - - Destination xx.xx.4.1 Port: 110 - - Source 89.248.169.12 Port: 55569 (Listed on abuseat-org zen-spamhaus) (56)	2020-04-11 14:44:07
attack	Port scan: Attack repeated for 24 hours	2020-04-05 08:40:28
attackspam	firewall-block, port(s): 5672/tcp	2020-04-02 06:36:07
attack	SNORT TCP Port: 110 Classtype misc-attack - ET CINS Active Threat Intelligence Poor Reputation IP group 79 - - Destination xx.xx.4.1 Port: 110 - - Source 89.248.169.12 Port: 54504 (Listed on abuseat-org zen-spamhaus) (281)	2020-03-18 22:12:45
attack	Scanning random ports - tries to find possible vulnerable services	2020-03-13 07:03:43
attackbots	Port 110 (POP) access denied	2020-02-29 07:30:32
attack	Unauthorized connection attempt detected from IP address 89.248.169.12 to port 3306 [J]	2020-01-17 22:42:35
attack	UTC: 2019-12-02 port: 110/tcp	2019-12-03 13:23:11
attack	Portscan or hack attempt detected by psad/fwsnort	2019-11-11 01:50:59

Comments on same subnet:

IP	Type	Details	Datetime
89.248.169.94	attackbots	Sep 24 01:38:36 [host] kernel: [1236330.720053] [U Sep 24 01:42:19 [host] kernel: [1236553.667330] [U Sep 24 01:56:08 [host] kernel: [1237382.692303] [U Sep 24 01:57:08 [host] kernel: [1237443.259790] [U Sep 24 01:58:46 [host] kernel: [1237540.448229] [U Sep 24 01:59:31 [host] kernel: [1237586.206618] [U	2020-09-25 00:42:28
89.248.169.94	attackbots	Sep 24 01:38:36 [host] kernel: [1236330.720053] [U Sep 24 01:42:19 [host] kernel: [1236553.667330] [U Sep 24 01:56:08 [host] kernel: [1237382.692303] [U Sep 24 01:57:08 [host] kernel: [1237443.259790] [U Sep 24 01:58:46 [host] kernel: [1237540.448229] [U Sep 24 01:59:31 [host] kernel: [1237586.206618] [U	2020-09-24 16:21:04
89.248.169.94	attack	Triggered: repeated knocking on closed ports.	2020-09-24 07:47:11
89.248.169.94	attackbots	Sep2019:52:42server2kernel:Firewall:\TCP_INBlocked\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=89.248.169.94DST=136.243.224.57LEN=40TOS=0x00PREC=0x00TTL=249ID=10647PROTO=TCPSPT=51729DPT=9307WINDOW=1024RES=0x00SYNURGP=0Sep2019:52:44server2kernel:Firewall:\TCP_INBlocked\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=89.248.169.94DST=136.243.224.52LEN=40TOS=0x00PREC=0x00TTL=249ID=14257PROTO=TCPSPT=51729DPT=9560WINDOW=1024RES=0x00SYNURGP=0Sep2019:52:51server2kernel:Firewall:\TCP_INBlocked\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=89.248.169.94DST=136.243.224.54LEN=40TOS=0x00PREC=0x00TTL=249ID=40939PROTO=TCPSPT=51729DPT=9271WINDOW=1024RES=0x00SYNURGP=0Sep2019:52:51server2kernel:Firewall:\TCP_INBlocked\IN=eth0OUT=MAC=00:16:3e:3f:7a:43:52:54:00:a2:7f:43:08:00SRC=89.248.169.94DST=136.243.224.53LEN=40TOS=0x00PREC=0x00TTL=249ID=44137PROTO=TCPSPT=51729DPT=9307WINDOW=1024RES=0x00SYNURGP=0Sep2019:52:53server2kernel:Firewall:\TCP_INBlocked\IN=eth0OUT=MAC=00:16:3e:3f:	2020-09-21 02:12:13
89.248.169.94	attackbots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-20 18:12:46
89.248.169.143	attackspam	TCP ports : 8861 / 9556	2020-09-04 21:17:55
89.248.169.143	attack	" "	2020-09-04 12:56:24
89.248.169.143	attackspambots	Port scan: Attack repeated for 24 hours	2020-09-04 05:26:09
89.248.169.94	attack	Port scan on 3 port(s): 5900 5904 5959	2020-09-01 02:34:00
89.248.169.94	attack	TCP (SYN) 89.248.169.94:54894 -> port 5901, len 44	2020-08-30 07:58:28
89.248.169.143	attackspambots	Connection to SSH Honeypot - Detected by HoneypotDB	2020-08-19 06:23:52
89.248.169.143	attackspambots	Aug 16 13:01:21 game-panel sshd[9963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.248.169.143 Aug 16 13:01:23 game-panel sshd[9963]: Failed password for invalid user web from 89.248.169.143 port 50294 ssh2 Aug 16 13:06:21 game-panel sshd[10209]: Failed password for root from 89.248.169.143 port 57126 ssh2	2020-08-16 21:14:09
89.248.169.143	attackspam	Port Scan detected from 89.248.169.143 (DE/Germany/Hesse/Frankfurt am Main/-). 4 hits in the last 221 seconds	2020-08-09 07:14:33
89.248.169.143	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 83 - port: 11085 proto: tcp cat: Misc Attackbytes: 60	2020-07-30 17:24:21
89.248.169.143	attackspambots	TCP port : 11523	2020-07-23 19:51:51

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.248.169.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51664
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;89.248.169.12.			IN	A

;; AUTHORITY SECTION:
.			2801	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019051000 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri May 10 17:38:04 +08 2019
;; MSG SIZE  rcvd: 117

Host info

12.169.248.89.in-addr.arpa domain name pointer security.criminalip.com.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
12.169.248.89.in-addr.arpa	name = security.criminalip.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
188.166.229.193	attackspambots	$f2bV_matches	2020-10-05 22:28:30
103.90.190.54	attackbots	Oct 5 05:34:40 ift sshd\[29208\]: Failed password for root from 103.90.190.54 port 26824 ssh2Oct 5 05:36:00 ift sshd\[29571\]: Failed password for root from 103.90.190.54 port 36944 ssh2Oct 5 05:37:26 ift sshd\[29705\]: Failed password for root from 103.90.190.54 port 47068 ssh2Oct 5 05:38:57 ift sshd\[29784\]: Failed password for root from 103.90.190.54 port 57190 ssh2Oct 5 05:40:28 ift sshd\[30155\]: Failed password for root from 103.90.190.54 port 2799 ssh2 ...	2020-10-05 22:16:47
201.159.114.203	attackspam	Icarus honeypot on github	2020-10-05 22:37:23
60.174.95.133	attackbots	23/tcp [2020-10-04]1pkt	2020-10-05 22:22:57
115.58.17.164	attack	23/tcp [2020-10-04]1pkt	2020-10-05 22:26:20
200.146.227.146	attackspam	schuetzenmusikanten.de 200.146.227.146 [05/Oct/2020:16:08:51 +0200] "POST /wp-login.php HTTP/1.1" 200 9252 "http://schuetzenmusikanten.de/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" schuetzenmusikanten.de 200.146.227.146 [05/Oct/2020:16:08:52 +0200] "POST /wp-login.php HTTP/1.1" 200 9252 "http://schuetzenmusikanten.de/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"	2020-10-05 22:43:04
154.126.36.108	attackspambots	SMB Server BruteForce Attack	2020-10-05 22:44:13
177.155.139.16	attackbots	445/tcp [2020-10-04]1pkt	2020-10-05 22:38:10
95.252.8.106	attackbotsspam	firewall-block, port(s): 445/tcp	2020-10-05 22:06:16
106.54.253.41	attackspam	(sshd) Failed SSH login from 106.54.253.41 (CN/China/-): 5 in the last 3600 secs	2020-10-05 22:39:22
27.202.4.216	attackspam	2323/tcp [2020-10-04]1pkt	2020-10-05 22:35:55
112.85.42.230	attackspambots	Oct 5 16:20:10 * sshd[394]: Failed password for root from 112.85.42.230 port 60446 ssh2 Oct 5 16:20:24 * sshd[394]: error: maximum authentication attempts exceeded for root from 112.85.42.230 port 60446 ssh2 [preauth]	2020-10-05 22:27:47
181.211.102.6	attackbots	445/tcp [2020-10-04]1pkt	2020-10-05 22:11:17
54.37.106.114	attackbots	Oct 5 16:02:22 vpn01 sshd[2849]: Failed password for root from 54.37.106.114 port 58726 ssh2 ...	2020-10-05 22:17:20
106.12.217.204	attackspam	sshd jail - ssh hack attempt	2020-10-05 22:34:50

Recently Reported IPs

94.179.11.211	113.184.104.135	137.119.82.120	105.98.220.79
95.123.135.123	97.236.172.214	14.3.146.211	85.93.59.152
66.181.161.48	200.68.244.39	51.75.46.251	113.76.230.103
178.210.178.205	3.86.231.28	114.99.2.41	81.16.207.106
103.23.201.173	103.102.238.85	125.214.52.182	68.52.115.154