89.248.172.195

Basic Info

City: Utrecht

Region: Utrecht

Country: Netherlands

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
89.248.172.16	attack	Bap IP	2024-05-12 23:39:04
89.248.172.140	attackbots	Automatic report - Port Scan	2020-10-13 20:36:52
89.248.172.140	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 80 - port: 2468 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 12:08:47
89.248.172.140	attackspambots	ET DROP Dshield Block Listed Source group 1 - port: 7110 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 04:58:27
89.248.172.16	attack	ET DROP Dshield Block Listed Source group 1 - port: 60001 proto: tcp cat: Misc Attackbytes: 60	2020-10-11 03:06:34
89.248.172.16	attackspambots	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-10 18:56:46
89.248.172.16	attackbotsspam	- Port=2081	2020-10-08 03:13:38
89.248.172.16	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 78 - port: 8089 proto: tcp cat: Misc Attackbytes: 60	2020-10-07 19:27:51
89.248.172.85	attackbots	scans 5 times in preceeding hours on the ports (in chronological order) 28589 10777 30026 10201 30103 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 07:13:00
89.248.172.140	attack	scans 10 times in preceeding hours on the ports (in chronological order) 2728 4590 4446 3410 20222 1983 5656 6300 2728 3031 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 06:47:26
89.248.172.85	attack	TCP (SYN) 89.248.172.85:50104 -> port 30009, len 44	2020-09-30 23:39:40
89.248.172.140	attackspam	TCP (SYN) 89.248.172.140:44912 -> port 3410, len 44	2020-09-30 23:10:43
89.248.172.140	attack	firewall-block, port(s): 1983/tcp, 3450/tcp, 5656/tcp	2020-09-30 15:44:03
89.248.172.140	attackbots	TCP (SYN) 89.248.172.140:47677 -> port 2000, len 44	2020-09-21 20:38:47
89.248.172.140	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 5566 proto: tcp cat: Misc Attackbytes: 60	2020-09-21 12:30:09

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.248.172.195
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31702
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;89.248.172.195.			IN	A

;; AUTHORITY SECTION:
.			425	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022091502 1800 900 604800 86400

;; Query time: 282 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 16 10:36:05 CST 2022
;; MSG SIZE  rcvd: 107

Host info

195.172.248.89.in-addr.arpa domain name pointer no-reverse-dns-configured.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
195.172.248.89.in-addr.arpa	name = no-reverse-dns-configured.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
124.137.205.59	attack	fail2ban detected brute force on sshd	2020-09-12 20:30:45
43.251.37.21	attackspambots	(sshd) Failed SSH login from 43.251.37.21 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 12 07:24:38 server sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.251.37.21 user=root Sep 12 07:24:40 server sshd[7807]: Failed password for root from 43.251.37.21 port 55761 ssh2 Sep 12 07:27:29 server sshd[8534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.251.37.21 user=root Sep 12 07:27:31 server sshd[8534]: Failed password for root from 43.251.37.21 port 40311 ssh2 Sep 12 07:29:08 server sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.251.37.21 user=root	2020-09-12 20:37:35
213.32.22.189	attackspam	SSH Honeypot -> SSH Bruteforce / Login	2020-09-12 20:35:18
195.54.160.183	attack	SSH Brute-Forcing (server2)	2020-09-12 20:13:50
14.142.219.150	attackspambots	1599843570 - 09/11/2020 18:59:30 Host: 14.142.219.150/14.142.219.150 Port: 445 TCP Blocked	2020-09-12 20:22:19
167.114.185.237	attackbotsspam	...	2020-09-12 20:01:32
2001:41d0:203:6706::	attackbots	WordPress login Brute force / Web App Attack on client site.	2020-09-12 20:25:13
139.215.217.180	attackspambots	Sep 12 12:37:09 plg sshd[12167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.215.217.180 user=root Sep 12 12:37:11 plg sshd[12167]: Failed password for invalid user root from 139.215.217.180 port 42705 ssh2 Sep 12 12:38:46 plg sshd[12177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.215.217.180 user=root Sep 12 12:38:47 plg sshd[12177]: Failed password for invalid user root from 139.215.217.180 port 53834 ssh2 Sep 12 12:40:25 plg sshd[12236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.215.217.180 user=root Sep 12 12:40:27 plg sshd[12236]: Failed password for invalid user root from 139.215.217.180 port 36725 ssh2 ...	2020-09-12 20:29:32
202.134.160.253	attackbotsspam	Invalid user ellen from 202.134.160.253 port 51740	2020-09-12 20:10:27
120.53.121.152	attackbots	SSH/22 MH Probe, BF, Hack -	2020-09-12 20:28:17
178.34.162.154	attackbots	1599843561 - 09/11/2020 18:59:21 Host: 178.34.162.154/178.34.162.154 Port: 445 TCP Blocked	2020-09-12 20:28:03
167.248.133.52	attackbots	[11/Sep/2020:11:54:31 -0400] "GET / HTTP/1.1" Blank UA [11/Sep/2020:11:54:31 -0400] "GET / HTTP/1.1" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"	2020-09-12 20:33:13
27.5.47.214	attack	Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution. From: 27.5.47.214:35403, to: 192.168.4.99:80, protocol: TCP	2020-09-12 20:18:02
27.5.31.104	attackbots	Threat Management Alert 1: Attempted Administrator Privilege Gain. Signature ET EXPLOIT MVPower DVR Shell UCE. From: 27.5.31.104:59165, to: 192.168.4.99:80, protocol: TCP	2020-09-12 20:27:08
222.186.30.76	attackbots	Sep 12 11:58:45 rush sshd[17450]: Failed password for root from 222.186.30.76 port 37366 ssh2 Sep 12 11:58:49 rush sshd[17450]: Failed password for root from 222.186.30.76 port 37366 ssh2 Sep 12 11:58:51 rush sshd[17450]: Failed password for root from 222.186.30.76 port 37366 ssh2 ...	2020-09-12 20:00:49

Recently Reported IPs

93.174.92.161	92.118.161.163	89.248.172.218	185.62.189.205
185.173.35.80	45.148.10.225	185.62.189.125	162.142.125.126
5.182.39.188	167.94.146.252	93.174.93.9	89.248.168.43
167.94.146.135	93.174.89.218	89.248.172.74	93.174.93.1
89.248.168.120	85.62.188.198	176.121.14.9	176.121.14.44