89.248.172.52 - IPInfo

Basic Info

City: Utrecht

Region: Utrecht

Country: Netherlands

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
89.248.172.16	attack	Bap IP	2024-05-12 23:39:04
89.248.172.140	attackbots	Automatic report - Port Scan	2020-10-13 20:36:52
89.248.172.140	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 80 - port: 2468 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 12:08:47
89.248.172.140	attackspambots	ET DROP Dshield Block Listed Source group 1 - port: 7110 proto: tcp cat: Misc Attackbytes: 60	2020-10-13 04:58:27
89.248.172.16	attack	ET DROP Dshield Block Listed Source group 1 - port: 60001 proto: tcp cat: Misc Attackbytes: 60	2020-10-11 03:06:34
89.248.172.16	attackspambots	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-10 18:56:46
89.248.172.16	attackbotsspam	- Port=2081	2020-10-08 03:13:38
89.248.172.16	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 78 - port: 8089 proto: tcp cat: Misc Attackbytes: 60	2020-10-07 19:27:51
89.248.172.85	attackbots	scans 5 times in preceeding hours on the ports (in chronological order) 28589 10777 30026 10201 30103 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 07:13:00
89.248.172.140	attack	scans 10 times in preceeding hours on the ports (in chronological order) 2728 4590 4446 3410 20222 1983 5656 6300 2728 3031 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 06:47:26
89.248.172.85	attack	TCP (SYN) 89.248.172.85:50104 -> port 30009, len 44	2020-09-30 23:39:40
89.248.172.140	attackspam	TCP (SYN) 89.248.172.140:44912 -> port 3410, len 44	2020-09-30 23:10:43
89.248.172.140	attack	firewall-block, port(s): 1983/tcp, 3450/tcp, 5656/tcp	2020-09-30 15:44:03
89.248.172.140	attackbots	TCP (SYN) 89.248.172.140:47677 -> port 2000, len 44	2020-09-21 20:38:47
89.248.172.140	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 5566 proto: tcp cat: Misc Attackbytes: 60	2020-09-21 12:30:09

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 89.248.172.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34756
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;89.248.172.52.			IN	A

;; AUTHORITY SECTION:
.			546	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022091502 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 16 10:33:55 CST 2022
;; MSG SIZE  rcvd: 106

Host info

52.172.248.89.in-addr.arpa domain name pointer no-reverse-dns-configured.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
52.172.248.89.in-addr.arpa	name = no-reverse-dns-configured.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
137.59.66.140	attack	port scan and connect, tcp 1433 (ms-sql-s)	2019-10-13 17:12:15
85.172.13.206	attackspam	Oct 13 04:05:26 localhost sshd\[3764\]: Invalid user 0o9i8u from 85.172.13.206 port 46002 Oct 13 04:05:27 localhost sshd\[3764\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.172.13.206 Oct 13 04:05:28 localhost sshd\[3764\]: Failed password for invalid user 0o9i8u from 85.172.13.206 port 46002 ssh2 Oct 13 04:09:45 localhost sshd\[4006\]: Invalid user 0o9i8u from 85.172.13.206 port 56803 Oct 13 04:09:45 localhost sshd\[4006\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.172.13.206 ...	2019-10-13 17:35:02
125.130.110.20	attack	Oct 13 10:25:22 MK-Soft-VM6 sshd[26431]: Failed password for root from 125.130.110.20 port 37230 ssh2 ...	2019-10-13 17:26:32
129.204.89.209	attackspam	php WP PHPmyadamin ABUSE blocked for 12h	2019-10-13 17:08:15
122.116.140.68	attackspambots	$f2bV_matches_ltvn	2019-10-13 17:05:28
124.152.76.213	attackbots	Oct 13 10:04:45 v22018076622670303 sshd\[650\]: Invalid user Amateur from 124.152.76.213 port 40902 Oct 13 10:04:45 v22018076622670303 sshd\[650\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.152.76.213 Oct 13 10:04:47 v22018076622670303 sshd\[650\]: Failed password for invalid user Amateur from 124.152.76.213 port 40902 ssh2 ...	2019-10-13 17:28:08
112.126.100.99	attack	ssh failed login	2019-10-13 17:34:00
35.236.168.103	attackspam	Oct 11 14:10:56 pi01 sshd[6091]: Connection from 35.236.168.103 port 42226 on 192.168.1.10 port 22 Oct 11 14:10:57 pi01 sshd[6091]: User r.r from 35.236.168.103 not allowed because not listed in AllowUsers Oct 11 14:10:57 pi01 sshd[6091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.236.168.103 user=r.r Oct 11 14:10:59 pi01 sshd[6091]: Failed password for invalid user r.r from 35.236.168.103 port 42226 ssh2 Oct 11 14:10:59 pi01 sshd[6091]: Received disconnect from 35.236.168.103 port 42226:11: Bye Bye [preauth] Oct 11 14:10:59 pi01 sshd[6091]: Disconnected from 35.236.168.103 port 42226 [preauth] Oct 11 14:22:21 pi01 sshd[6259]: Connection from 35.236.168.103 port 37010 on 192.168.1.10 port 22 Oct 11 14:22:23 pi01 sshd[6259]: User r.r from 35.236.168.103 not allowed because not listed in AllowUsers Oct 11 14:22:23 pi01 sshd[6259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.236........ -------------------------------	2019-10-13 17:13:25
149.129.124.66	attackspam	Automatic report - XMLRPC Attack	2019-10-13 17:24:24
139.59.37.96	attackspambots	Lines containing failures of 139.59.37.96 Oct 13 05:18:15 * sshd[63312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.37.96 user=r.r Oct 13 05:18:17 * sshd[63312]: Failed password for r.r from 139.59.37.96 port 59069 ssh2 Oct 13 05:18:17 * sshd[63312]: Received disconnect from 139.59.37.96 port 59069:11: Bye Bye [preauth] Oct 13 05:18:17 * sshd[63312]: Disconnected from authenticating user r.r 139.59.37.96 port 59069 [preauth] Oct 13 05:27:00 * sshd[63665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.37.96 user=r.r Oct 13 05:27:01 * sshd[63665]: Failed password for r.r from 139.59.37.96 port 33147 ssh2 Oct 13 05:27:01 * sshd[63665]: Received disconnect from 139.59.37.96 port 33147:11: Bye Bye [preauth] Oct 13 05:27:01 * sshd[63665]: Disconnected from authenticating user r.r 139.59.37.96 port 33147 [preauth] Oct 13 05:32:11 *** sshd[64114]: pam_unix(sshd:........ ------------------------------	2019-10-13 17:11:56
117.2.51.158	attackspambots	Unauthorised access (Oct 13) SRC=117.2.51.158 LEN=52 TTL=107 ID=1897 DF TCP DPT=445 WINDOW=8192 SYN	2019-10-13 17:27:18
149.28.249.122	attackspam	Oct 13 09:08:53 dedicated sshd[1734]: Invalid user Windows@xp from 149.28.249.122 port 50062	2019-10-13 17:09:04
120.236.164.176	attackbotsspam	Oct 12 01:39:10 finnair postfix/smtpd[59969]: connect from unknown[120.236.164.176] Oct 12 01:39:11 finnair postfix/smtpd[59969]: warning: unknown[120.236.164.176]: SASL LOGIN authentication failed: authentication failure Oct 12 01:39:11 finnair postfix/smtpd[59969]: disconnect from unknown[120.236.164.176] Oct 12 01:39:13 finnair postfix/smtpd[59969]: connect from unknown[120.236.164.176] Oct 12 01:39:14 finnair postfix/smtpd[59969]: warning: unknown[120.236.164.176]: SASL LOGIN authentication failed: authentication failure Oct 12 01:39:14 finnair postfix/smtpd[59969]: disconnect from unknown[120.236.164.176] Oct 12 01:39:17 finnair postfix/smtpd[59969]: connect from unknown[120.236.164.176] Oct 12 01:39:17 finnair postfix/smtpd[59969]: warning: unknown[120.236.164.176]: SASL LOGIN authentication failed: authentication failure Oct 12 01:39:18 finnair postfix/smtpd[59969]: disconnect from unknown[120.236.164.176] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?	2019-10-13 17:28:40
79.101.222.11	attackbotsspam	Automatic report - Port Scan Attack	2019-10-13 17:18:17
58.87.75.178	attack	Oct 12 21:57:46 auw2 sshd\[14234\]: Invalid user Bienvenue from 58.87.75.178 Oct 12 21:57:46 auw2 sshd\[14234\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.75.178 Oct 12 21:57:48 auw2 sshd\[14234\]: Failed password for invalid user Bienvenue from 58.87.75.178 port 60990 ssh2 Oct 12 22:03:42 auw2 sshd\[14880\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.75.178 user=root Oct 12 22:03:44 auw2 sshd\[14880\]: Failed password for root from 58.87.75.178 port 42860 ssh2	2019-10-13 17:44:04

Recently Reported IPs

196.52.43.226	181.174.164.89	181.174.164.19	176.32.34.222
103.138.70.61	93.174.89.112	181.174.164.14	181.174.165.115
181.174.165.90	185.62.189.246	167.94.146.118	5.182.39.17
190.14.39.146	185.143.221.228	5.182.39.6	190.14.39.21
167.248.133.14	5.182.39.121	89.248.172.241	45.148.10.255