IP address: 89.248.172.196

Host rating:

2.0

out of 19 votes

Last update: 2020-03-20

Host details

no-reverse-dns-configured.com.
Netherlands
Unknown
AS29073 Quasi Networks LTD.
See comments

Reported breaches

  • Port scan
Report breach

Whois record

The publicly-available Whois record found at whois.ripe.net server.

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '89.248.172.0 - 89.248.172.255'

% Abuse contact for '89.248.172.0 - 89.248.172.255' is '[email protected]'

inetnum:        89.248.172.0 - 89.248.172.255
netname:        NET-2-172
descr:          IPV NETBLOCK
country:        NL
geoloc:         52.370216 4.895168
org:            ORG-IVI1-RIPE
admin-c:        IVI24-RIPE
tech-c:         IVI24-RIPE
status:         ASSIGNED PA
mnt-by:         IPV
mnt-lower:      IPV
mnt-routes:     IPV
created:        2019-02-03T20:55:31Z
last-modified:  2019-02-03T20:55:31Z
source:         RIPE

% Information related to '89.248.172.0/24AS202425'

route:          89.248.172.0/24
origin:         AS202425
remarks:        +-----------------------------------------------
remarks:        | For abuse e-mail [email protected]
remarks:        | We do not always reply to abuse.
remarks:        | But we do take care your report is dealt with!
remarks:        +-----------------------------------------------
mnt-by:         IPV
created:        2019-02-08T15:47:32Z
last-modified:  2019-02-08T15:47:32Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.96 (HEREFORD)


User comments

19 security incident(s) reported by users

BHD Honeypot
Port scan
2020-03-20

In the last 24h, the attacker (89.248.172.196) attempted to scan 40 ports.
The following ports have been scanned: 37348/tcp, 37341/tcp, 37351/tcp, 35260/tcp, 35261/tcp, 37355/tcp, 37340/tcp, 35274/tcp, 37344/tcp, 35267/tcp, 35277/tcp, 37357/tcp, 37352/tcp, 37353/tcp, 37342/tcp, 35262/tcp, 35275/tcp, 35269/tcp, 37343/tcp, 37350/tcp, 35266/tcp, 37359/tcp, 35279/tcp, 35270/tcp, 37347/tcp, 35265/tcp, 37345/tcp, 35263/tcp, 35273/tcp, 37358/tcp, 37354/tcp, 37346/tcp, 37349/tcp, 35268/tcp, 35264/tcp, 35271/tcp, 35278/tcp, 37356/tcp, 35276/tcp, 35272/tcp.
      
BHD Honeypot
Port scan
2020-03-17

In the last 24h, the attacker (89.248.172.196) attempted to scan 15 ports.
The following ports have been scanned: 1223/tcp (TrulyGlobal Protocol), 200/tcp (IBM System Resource Controller), 53393/tcp, 3390/tcp (Distributed Service Coordinator), 7788/tcp, 13029/tcp, 92/tcp (Network Printing Protocol), 13389/tcp, 10003/tcp (EMC-Documentum Content Server Product), 126/tcp (NXEdit), 10035/tcp, 3680/tcp (NPDS Tracker), 11011/tcp, 7002/tcp (users & groups database), 113/tcp (Authentication Service).
      
BHD Honeypot
Port scan
2020-03-17

Port scan from IP: 89.248.172.196 detected by psad.
BHD Honeypot
Port scan
2019-09-04

In the last 24h, the attacker (89.248.172.196) attempted to scan 20 ports.
The following ports have been scanned: 4052/tcp (VoiceConnect Interact), 4098/tcp (drmsfsd), 4086/tcp, 4041/tcp (Rocketeer-Houston), 4094/tcp (sysrq daemon), 4088/tcp (Noah Printing Service Protocol), 4044/tcp (Location Tracking Protocol), 4096/tcp (BRE (Bridge Relay Element)), 4054/tcp (CosmoCall Universe Communications Port 2), 4095/tcp (xtgui information service), 4093/tcp (Pvx Plus CS Host), 4084/tcp, 4091/tcp (EminentWare Installer), 4087/tcp (APplus Service), 4089/tcp (OpenCORE Remote Control Service), 4092/tcp (EminentWare DGS), 4082/tcp (Lorica outside facing), 4048/tcp, 4083/tcp (Lorica outside facing (SSL)), 4081/tcp (Lorica inside facing (SSL)).
      
BHD Honeypot
Port scan
2019-09-03

In the last 24h, the attacker (89.248.172.196) attempted to scan 55 ports.
The following ports have been scanned: 3980/tcp (Aircraft Cabin Management System), 3975/tcp (Air Shot), 3977/tcp (Opsware Manager), 4051/tcp (Cisco Peer to Peer Distribution Protocol), 4046/tcp (Accounting Protocol), 3978/tcp (Secured Configuration Server), 3976/tcp (Opsware Agent), 3927/tcp (ScsTsr), 4049/tcp (Wide Area File Services), 4059/tcp (DLMS/COSEM), 4045/tcp (Network Paging Protocol), 3938/tcp (Oracle dbControl Agent po), 3940/tcp (XeCP Node Service), 3931/tcp (MSR Plugin Port), 3965/tcp (Avanti IP to NCPE API), 4060/tcp (DSMETER Inter-Agent Transfer Channel), 3964/tcp (SASG GPRS), 4047/tcp (Context Transfer Protocol), 3979/tcp (Smith Micro Wide Area Network Service), 3936/tcp (Mailprox), 3939/tcp (Anti-virus Application Management Port), 3968/tcp (iAnywhere DBNS), 4058/tcp (Kingfisher protocol), 3925/tcp (Zoran Media Port), 4043/tcp (Neighbour Identity Resolution), 3961/tcp (ProAxess Server), 3963/tcp (Teran Hybrid Routing Protocol), 4057/tcp (Servigistics WFM server), 4053/tcp (CosmoCall Universe Communications Port 1), 3933/tcp (PL/B App Server User Port), 3929/tcp (AMS Port), 3973/tcp (ConnectShip Progistics), 4055/tcp (CosmoCall Universe Communications Port 3), 3966/tcp (BuildForge Lock Manager), 3926/tcp (WINPort), 3924/tcp (MPL_GPRS_PORT), 3974/tcp (Remote Applicant Tracking Service), 3962/tcp (SBI Agent Protocol), 3923/tcp (Symbian Service Broker), 3934/tcp (PL/B File Manager Port), 3930/tcp (Syam Web Server Port), 3972/tcp (ict-control Protocol), 3969/tcp (Landmark Messages), 3970/tcp (LANrev Agent), 3932/tcp (Dynamic Site System), 3971/tcp (LANrev Server), 3967/tcp (PPS Message Service), 4042/tcp (LDXP), 3935/tcp (SDP Port Mapper Protocol), 4056/tcp (Location Message Service), 3937/tcp (DVB Service Discovery), 4050/tcp (Wide Area File Services), 3928/tcp (PXE NetBoot Manager), 3922/tcp (Soronti Update Port), 3921/tcp (Herodotus Net).
      
BHD Honeypot
Port scan
2019-09-02

In the last 24h, the attacker (89.248.172.196) attempted to scan 50 ports.
The following ports have been scanned: 3846/tcp (Astare Network PCP), 3799/tcp (RADIUS Dynamic Authorization), 3851/tcp (SpectraTalk Port), 3847/tcp (MS Firewall Control), 3855/tcp (OpenTRAC), 3795/tcp (myBLAST Mekentosj port), 3853/tcp (SONY scanning protocol), 3859/tcp (Navini Port), 3856/tcp (INFORMER), 3783/tcp (Impact Mgr./PEM Gateway), 3883/tcp (VR Peripheral Network), 3792/tcp (e-Watch Corporation SiteWatch), 3848/tcp (IT Environmental Monitor), 3892/tcp (PCC-image-port), 3845/tcp (V-ONE Single Port Proxy), 3898/tcp (IAS, Inc. SmartEye NET Internet Protocol), 3800/tcp (Print Services Interface), 3886/tcp (NEI management port), 3882/tcp (DTS Service Port), 3784/tcp (BFD Control Protocol), 3797/tcp (idps), 3896/tcp (Simple Distributed Objects over TLS), 3842/tcp (NHCI status port), 3852/tcp (SSE App Configuration), 3794/tcp (JAUS Robots), 3900/tcp (Unidata UDT OS), 3850/tcp (QTMS Bootstrap Protocol), 3791/tcp (TV NetworkVideo Data port), 3858/tcp (Trap Port MOM), 3888/tcp (Ciphire Services), 3884/tcp (SofTrack Metering), 3894/tcp (SyAM Agent Port), 3785/tcp (BFD Echo Protocol), 3798/tcp (Minilock), 3849/tcp (SPACEWAY DNS Preload), 3843/tcp (Quest Common Agent), 3788/tcp (SPACEWAY Routing port), 3889/tcp (D and V Tester Control Port), 3790/tcp (QuickBooks RDS), 3786/tcp (VSW Upstrigger port), 3899/tcp (ITV Port), 3893/tcp (CGI StarAPI Server), 3860/tcp (Server/Application State Protocol (SASP)), 3891/tcp (Oracle RTC-PM port), 3789/tcp (RemoteDeploy Administration Port [July 2003]), 3841/tcp (Z-Firm ShipRush v3), 3796/tcp (Spaceway Dialer), 3881/tcp (Data Acquisition and Control), 3857/tcp (Trap Port), 3844/tcp (RNM).
      
BHD Honeypot
Port scan
2019-08-30

In the last 24h, the attacker (89.248.172.196) attempted to scan 59 ports.
The following ports have been scanned: 3670/tcp (SMILE TCP/UDP Interface), 3677/tcp (RoverLog IPC), 3685/tcp (DS Expert Agent), 3589/tcp (isomair), 3588/tcp (Sentinel Server), 3678/tcp (DataGuardianLT), 3700/tcp (LRS NetPage), 3688/tcp (simple-push Secure), 3697/tcp (NavisWorks License System), 3686/tcp (Trivial Network Management), 3673/tcp (Openview Media Vault GUI), 3699/tcp (Internet Call Waiting), 3694/tcp, 3663/tcp (DIRECWAY Tunnel Protocol), 3582/tcp (PEG PRESS Server), 3584/tcp (U-DBase Access Protocol), 3665/tcp (Enterprise Engine Port), 3597/tcp (A14 (AN-to-SC/MM)), 3676/tcp (VisualAge Pacbase server), 3693/tcp, 3596/tcp (Illusion Wireless MMOG), 3592/tcp (LOCANIS G-TRACK NE Port), 3581/tcp (Ascent Capture Licensing), 3583/tcp (CANEX Watch System), 3599/tcp (Quasar Accounting Server), 3671/tcp (e Field Control (EIBnet)), 3680/tcp (NPDS Tracker), 3669/tcp (CA SAN Switch Management), 3666/tcp (IBM eServer PAP), 3585/tcp (Emprise License Server), 3675/tcp (CallTrax Data Port), 3600/tcp (text relay-answer), 3586/tcp (License Server Console), 3667/tcp (IBM Information Exchange), 3681/tcp (BTS X73 Port), 3689/tcp (Digital Audio Access Protocol), 3683/tcp (BMC EDV/EA), 3687/tcp (simple-push), 3662/tcp (pserver), 3674/tcp (WinINSTALL IPC Port), 3696/tcp (Telnet Com Port Control), 3682/tcp (EMC SmartPackets-MAPI), 3593/tcp (BP Model Debugger), 3664/tcp (UPS Engine Port), 3695/tcp (BMC Data Collection), 3598/tcp (A15 (AN-to-AN)), 3679/tcp (Newton Dock), 3690/tcp (Subversion), 3691/tcp (Magaya Network Port), 3587/tcp (Peer to Peer Grouping), 3672/tcp (LispWorks ORB), 3595/tcp (ShareApp), 3590/tcp (WV CSP SMS Binding), 3594/tcp (MediaSpace), 3684/tcp (FAXstfX), 3661/tcp (IBM Tivoli Directory Service using SSL), 3698/tcp (SAGECTLPANEL), 3692/tcp (Brimstone IntelSync), 3591/tcp (LOCANIS G-TRACK Server).
      
BHD Honeypot
Port scan
2019-08-29

Port scan from IP: 89.248.172.196 detected by psad.
BHD Honeypot
Port scan
2019-08-28

In the last 24h, the attacker (89.248.172.196) attempted to scan 57 ports.
The following ports have been scanned: 3465/tcp (EDM MGR Cntrl), 3469/tcp (Pluribus), 3352/tcp (Scalable SQL), 3468/tcp (TTCM Remote Controll), 3398/tcp (Mercantile), 3396/tcp (Printer Agent), 3358/tcp (Mp Sys Rmsvr), 3359/tcp (WG NetForce), 3390/tcp (Distributed Service Coordinator), 3395/tcp (Dyna License Manager (Elam)), 3389/tcp (MS WBT Server), 3356/tcp (UPNOTIFYPS), 3345/tcp (Influence), 3344/tcp (BNT Manager), 3343/tcp (MS Cluster Net), 3383/tcp (Enterprise Software Products License Manager), 3463/tcp (EDM ADM Notify), 3387/tcp (Back Room Net), 3348/tcp (Pangolin Laser), 3349/tcp (Chevin Services), 3347/tcp (Phoenix RPC), 3476/tcp (NVIDIA Mgmt Protocol), 3386/tcp (GPRS Data), 3385/tcp (qnxnetman), 3480/tcp (Secure Virtual Workspace), 3384/tcp (Cluster Management Services), 3477/tcp (eComm link port), 3471/tcp (jt400-ssl), 3393/tcp (D2K Tapestry Client to Server), 3392/tcp (EFI License Management), 3351/tcp (Btrieve port), 3394/tcp (D2K Tapestry Server to Server), 3346/tcp (Trnsprnt Proxy), 3473/tcp (JAUGS N-G Remotec 2), 3353/tcp (FATPIPE), 3391/tcp (SAVANT), 3464/tcp (EDM MGR Sync), 3400/tcp (CSMS2), 3355/tcp (Ordinox Dbase), 3350/tcp (FINDVIATV), 3354/tcp (SUITJD), 3462/tcp (EDM STD Notify), 3381/tcp (Geneous), 3360/tcp (KV Server), 3474/tcp (TSP Automation), 3472/tcp (JAUGS N-G Remotec 1), 3357/tcp (Adtech Test IP), 3341/tcp (OMF data h), 3466/tcp (WORKFLOW), 3470/tcp (jt400), 3342/tcp (WebTIE), 3397/tcp (Cloanto License Manager), 3399/tcp (CSMS), 3382/tcp (Fujitsu Network Enhanced Antitheft function), 3388/tcp (CB Server), 3461/tcp (EDM Stager).
      
BHD Honeypot
Port scan
2019-08-25

In the last 24h, the attacker (89.248.172.196) attempted to scan 70 ports.
The following ports have been scanned: 3205/tcp (iSNS Server Port), 3219/tcp (WMS Messenger), 3204/tcp (Network Watcher DB Access), 3216/tcp (Ferrari electronic FOAM), 3156/tcp (Indura Collector), 3208/tcp (PFU PR Callback), 3248/tcp (PROCOS LM), 3256/tcp (Compaq RPM Agent Port), 3213/tcp (NEON 24X7 Mission Control), 3158/tcp (SmashTV Protocol), 3245/tcp (VIEO Fabric Executive), 3141/tcp (VMODEM), 3143/tcp (Sea View), 3144/tcp (Tarantella), 3202/tcp (IntraIntra), 3210/tcp (Flamenco Networks Proxy), 3215/tcp (JMQ Daemon Port 2), 3159/tcp (NavegaWeb Tarification), 3214/tcp (JMQ Daemon Port 1), 3254/tcp (PDA System), 3151/tcp (NetMike Assessor), 3142/tcp (RDC WH EOS), 3246/tcp (DVT SYSTEM PORT), 3155/tcp (JpegMpeg Port), 3251/tcp (Sys Scanner), 3160/tcp (TIP Application Server), 3212/tcp (Survey Instrument), 3146/tcp (bears-02), 3154/tcp (ON RMI Registry), 3243/tcp (Timelot Port), 3241/tcp (SysOrb Monitoring Server), 3253/tcp (PDA Data), 3148/tcp (NetMike Game Administrator), 3153/tcp (S8Cargo Client Port), 3242/tcp (Session Description ID), 3209/tcp (HP OpenView Network Path Engine Server), 3152/tcp (FeiTian Port), 3206/tcp (IronMail POP Proxy), 3218/tcp (EMC SmartPackets), 3255/tcp (Semaphore Connection Port), 3220/tcp (XML NM over SSL), 3147/tcp (RFIO), 3211/tcp (Avocent Secure Management), 3260/tcp (iSCSI port), 3157/tcp (CCC Listener Port), 3145/tcp (CSI-LFAP), 3217/tcp (Unified IP & Telecom Environment), 3203/tcp (Network Watcher Monitor), 3244/tcp (OneSAF), 3201/tcp (CPQ-TaskSmart), 3258/tcp (Ivecon Server Port), 3250/tcp (HMS hicp port), 3150/tcp (NetMike Assessor Administrator), 3149/tcp (NetMike Game Server), 3207/tcp (Veritas Authentication Port), 3249/tcp (State Sync Protocol).
      
BHD Honeypot
Port scan
2019-08-23

In the last 24h, the attacker (89.248.172.196) attempted to scan 76 ports.
The following ports have been scanned: 3092/tcp, 3019/tcp (Resource Manager), 3005/tcp (Genius License Manager), 2951/tcp (OTTP), 2960/tcp (DFOXSERVER), 3096/tcp (Active Print Server Port), 3012/tcp (Trusted Web Client), 3017/tcp (Event Listener), 2944/tcp (Megaco H-248), 3050/tcp (gds_db), 3044/tcp (EndPoint Protocol), 3100/tcp (OpCon/xps), 2952/tcp (MPFWSAS), 3013/tcp (Gilat Sky Surfer), 3091/tcp (1Ci Server Management), 3008/tcp (Midnight Technologies), 2958/tcp (JAMCT6), 2953/tcp (OVALARMSRV), 3045/tcp (ResponseNet), 3060/tcp (interserver), 3054/tcp (AMT CNF PROT), 3097/tcp, 3098/tcp (Universal Message Manager), 3046/tcp (di-ase), 2955/tcp (CSNOTIFY), 2954/tcp (OVALARMSRV-CMD), 3018/tcp (Service Registry), 2948/tcp (WAP PUSH), 2941/tcp (SM-PAS-4), 3052/tcp (APC 3052), 3043/tcp (Broadcast Routing Protocol), 2947/tcp (GPS Daemon request/response protocol), 2950/tcp (ESIP), 3055/tcp (Policy Server), 3083/tcp (TL1-TELNET), 3056/tcp (CDL Server), 3001/tcp, 3053/tcp (dsom-server), 2946/tcp (FJSVmpor), 3099/tcp (CHIPSY Machine Daemon), 3009/tcp (PXC-NTFY), 3016/tcp (Notify Server), 3010/tcp (Telerate Workstation), 2943/tcp (TTNRepository), 3011/tcp (Trusted Web), 3082/tcp (TL1-RAW), 3042/tcp (journee), 3093/tcp (Jiiva RapidMQ Center), 3057/tcp (GoAhead FldUp), 3047/tcp (Fast Security HL Server), 3041/tcp (di-traceware), 3085/tcp (PCIHReq), 3003/tcp (CGMS), 3020/tcp (CIFS), 3095/tcp (Panasas rendevous port), 3006/tcp (Instant Internet Admin), 3084/tcp (ITM-MCCS), 3049/tcp (NSWS), 3089/tcp (ParaTek Agent Linking), 3090/tcp (Senforce Session Services), 2942/tcp (SM-PAS-5), 3094/tcp (Jiiva RapidMQ Registry), 3087/tcp (Asoki SMA), 3048/tcp (Sierra Net PC Trader), 2959/tcp (RMOPAGT), 3058/tcp (videobeans), 3014/tcp (Broker Service), 3015/tcp (NATI DSTP), 2956/tcp (OVRIMOSDBMAN), 3007/tcp (Lotus Mail Tracking Agent Protocol), 2957/tcp (JAMCT5), 3059/tcp (qsoft), 3004/tcp (Csoft Agent), 3002/tcp (RemoteWare Server), 2945/tcp (H248 Binary), 3088/tcp (eXtensible Data Transfer Protocol).
      
BHD Honeypot
Port scan
2019-08-23

Port scan from IP: 89.248.172.196 detected by psad.
BHD Honeypot
Port scan
2019-08-21

In the last 24h, the attacker (89.248.172.196) attempted to scan 77 ports.
The following ports have been scanned: 2848/tcp (AMT-BLC-PORT), 2817/tcp (NMSig Port), 2852/tcp (bears-01), 2854/tcp (InfoMover), 2815/tcp (LBC Measurement), 2896/tcp (ECOVISIONG6-1), 2884/tcp (Flash Msg), 2883/tcp (NDNP), 2855/tcp (MSRP over TCP), 2754/tcp (APOLLO CC), 2858/tcp (ECNP), 2851/tcp (webemshttp), 2801/tcp (IGCP), 2843/tcp (PDnet), 2841/tcp (l3-ranger), 2812/tcp (atmtcp), 2752/tcp (RSISYS ACCESS), 2853/tcp (ISPipes), 2748/tcp (fjippol-polsvr), 2849/tcp (FXP), 2758/tcp (APOLLO Status), 2813/tcp (llm-pass), 2755/tcp (Express Pay), 2891/tcp (CINEGRFX-ELMD License Manager), 2803/tcp (btprjctrl), 2808/tcp (J-LAN-P), 2807/tcp (cspmulti), 2894/tcp (ABACUS-REMOTE), 2859/tcp (Active Memory), 2893/tcp (VSECONNECTOR), 2881/tcp (NDSP), 2810/tcp (Active Net Steward), 2756/tcp (simplement-tie), 2847/tcp (AIMPP Port Req), 2806/tcp (cspuni), 2820/tcp (UniVision), 2844/tcp (BPCP POLL), 2898/tcp (APPLIANCE-CFG), 2751/tcp (fjippol-port2), 2892/tcp (SNIFFERDATA), 2750/tcp (fjippol-port1), 2846/tcp (AIMPP Hello), 2845/tcp (BPCP TRAP), 2890/tcp (CSPCLMULTI), 2860/tcp (Dialpad Voice 1), 2886/tcp (RESPONSELOGIC), 2819/tcp (FC Fault Notification), 2888/tcp (SPCSDLOBBY), 2747/tcp (fjippol-swrly), 2882/tcp (NDTP), 2741/tcp (TSB), 2759/tcp (APOLLO GMS), 2842/tcp (l3-hawk), 2814/tcp (llm-csv), 2895/tcp (NATUS LINK), 2746/tcp (CPUDPENCAP), 2805/tcp (WTA WSP-S), 2749/tcp (fjippol-cnsl), 2856/tcp (cesdinv), 2753/tcp (de-spot), 2811/tcp (GSI FTP), 2742/tcp (TSB2), 2744/tcp (honyaku), 2897/tcp (Citrix RTMP), 2760/tcp (Saba MS), 2887/tcp (aironet), 2743/tcp (murx), 2818/tcp (rmlnk), 2850/tcp (MetaConsole), 2889/tcp (RSOM), 2857/tcp (SimCtIP), 2816/tcp (LBC Watchdog), 2745/tcp (URBISNET), 2804/tcp (March Networks Digital Video Recorders and Enterprise Service Manager products), 2809/tcp (CORBA LOC), 2757/tcp (CNRP), 2802/tcp (Veritas TCP1).
      
BHD Honeypot
Port scan
2019-08-17

In the last 24h, the attacker (89.248.172.196) attempted to scan 76 ports.
The following ports have been scanned: 2444/tcp (BT PP2 Sectrans), 2314/tcp (CR WebSystems), 2420/tcp (DSL Remote Management), 2306/tcp (TAPPI BoxNet), 2457/tcp (Rapido_IP), 2446/tcp (bues_service), 2338/tcp (Norton Lambert), 2450/tcp (netadmin), 2312/tcp (WANScaler Communication Service), 2319/tcp (InfoLibria), 2303/tcp (Proxy Gateway), 2417/tcp (Composit Server), 2460/tcp (ms-theater), 2332/tcp (RCC Host), 2403/tcp (TaskMaster 2000 Web), 2447/tcp (OpenView NNM daemon), 2302/tcp (Bindery Support), 2411/tcp (Netwave AP Management), 2451/tcp (netchat), 2321/tcp (RDLAP), 2416/tcp (RMT Server), 2340/tcp (WRS Registry), 2410/tcp (VRTS Registry), 2448/tcp (hpppsvr), 2453/tcp (madge ltd), 2408/tcp (OptimaNet), 2313/tcp (IAPP (Inter Access Point Protocol)), 2336/tcp (Apple UG Control), 2415/tcp (Codima Remote Transaction Protocol), 2456/tcp (altav-remmgt), 2442/tcp (Netangel), 2305/tcp (MT ScaleServer), 2449/tcp (RATL), 2322/tcp (ofsd), 2335/tcp (ACE Proxy), 2418/tcp (cas), 2329/tcp (NVD), 2407/tcp (Orion), 2409/tcp (SNS Protocol), 2412/tcp (CDN), 2401/tcp (cvspserver), 2455/tcp (WAGO-IO-SYSTEM), 2309/tcp (SD Server), 2327/tcp (xingcsm), 2304/tcp (Attachmate UTS), 2339/tcp (3Com WebView), 2405/tcp (TRC Netpoll), 2459/tcp (Community), 2323/tcp (3d-nfsd), 2441/tcp (Pervasive I*net Data Server), 2320/tcp (Siebel NS), 2445/tcp (DTN1), 2326/tcp (IDCP), 2413/tcp (orion-rmi-reg), 2301/tcp (Compaq HTTP), 2404/tcp (IEC 60870-5-104 process control over IP), 2328/tcp (Netrix SFTM), 2333/tcp (SNAPP), 2316/tcp (SENT License Manager), 2318/tcp (Cadence Control), 2331/tcp (AGENTVIEW), 2452/tcp (SnifferClient), 2308/tcp (sdhelp), 2419/tcp (Attachmate S2S), 2454/tcp (IndX-DDS), 2414/tcp (Beeyond), 2337/tcp (ideesrv), 2311/tcp (Message Service), 2334/tcp (ACE Client Auth), 2402/tcp (TaskMaster 2000 Server), 2325/tcp (ANSYS Licensing Interconnect), 2443/tcp (PowerClient Central Storage Facility), 2324/tcp (Cosmocall), 2458/tcp (griffin), 2406/tcp (JediServer), 2330/tcp (TSCCHAT).
      
BHD Honeypot
Port scan
2019-08-17

Port scan from IP: 89.248.172.196 detected by psad.
BHD Honeypot
Port scan
2019-08-15

In the last 24h, the attacker (89.248.172.196) attempted to scan 56 ports.
The following ports have been scanned: 2185/tcp (OnBase Distributed Disk Services), 2131/tcp (Avantageb2b), 2260/tcp (APC 2260), 2254/tcp (Seismic P.O.C. Port), 2123/tcp (GTP-Control Plane (3GPP)), 2245/tcp (HaO), 2136/tcp (APPWORXSRV), 2183/tcp (Code Green configuration), 2259/tcp (Accedian Performance Measurement), 2198/tcp (OneHome Remote Access), 2122/tcp (CauPC Remote Control), 2125/tcp (LOCKSTEP), 2124/tcp (ELATELINK), 2189/tcp, 2197/tcp (MNP data exchange), 2258/tcp (Rotorcraft Communications Test System), 2127/tcp (INDEX-PC-WB), 2241/tcp (IVS Daemon), 2133/tcp (ZYMED-ZPP), 2130/tcp (XDS), 2252/tcp (NJENET using SSL), 2199/tcp (OneHome Service Port), 2250/tcp (remote-collab), 2140/tcp (IAS-REG), 2186/tcp (Guy-Tek Automated Update Applications), 2188/tcp, 2200/tcp (ICI), 2251/tcp (Distributed Framework Port), 2187/tcp (Sepehr System Management Control), 2137/tcp (CONNECT), 2132/tcp (SoleraTec End Point Map), 2194/tcp, 2126/tcp (PktCable-COPS), 2249/tcp (RISO File Manager Protocol), 2134/tcp (AVENUE), 2139/tcp (IAS-AUTH), 2192/tcp (ASDIS software management), 2128/tcp (Net Steward Control), 2253/tcp (DTV Channel Request), 2190/tcp (TiVoConnect Beacon), 2243/tcp (Magicom Protocol), 2181/tcp (eforward), 2129/tcp (cs-live.com), 2121/tcp (SCIENTIA-SSDB), 2135/tcp (Grid Resource Information Server), 2242/tcp (Folio Remote Server), 2193/tcp (Dr.Web Enterprise Management Service), 2195/tcp, 2257/tcp (simple text/file transfer), 2138/tcp (UNBIND-CLUSTER), 2182/tcp (CGN status), 2248/tcp (User Management Service), 2196/tcp, 2184/tcp (NVD User), 2244/tcp (NMS Server), 2191/tcp (TvBus Messaging).
      
BHD Honeypot
Port scan
2019-08-12

In the last 24h, the attacker (89.248.172.196) attempted to scan 75 ports.
The following ports have been scanned: 1934/tcp (IBM LM Appl Agent), 1993/tcp (cisco SNMP TCP port), 2035/tcp (imsldoc), 1999/tcp (cisco identification port), 1932/tcp (CTT Broker), 1991/tcp (cisco STUN Priority 2 port), 2067/tcp (Data Link Switch Write Port Number), 1933/tcp (IBM LM MT Agent), 2034/tcp (scoremgr), 1931/tcp (AMD SCHED), 1936/tcp (JetCmeServer Server Port), 1927/tcp (Videte CIPC Port), 2036/tcp (Ethernet WS DP network), 2072/tcp (GlobeCast mSync), 1938/tcp (JetVWay Client Port), 1930/tcp (Drive AppServer), 2069/tcp (HTTP Event Port), 1923/tcp (SPICE), 2030/tcp (device2), 1937/tcp (JetVWay Server Port), 1994/tcp (cisco serial tunnel port), 1995/tcp (cisco perf port), 2023/tcp (xinuexpansion3), 2031/tcp (mobrien-chat), 1985/tcp (Hot Standby Router Protocol), 2075/tcp (Newlix ServerWare Engine), 1940/tcp (JetVision Client Port), 1988/tcp (cisco RSRB Priority 2 port), 2025/tcp (ellpack), 2063/tcp (ICG Bridge Port), 2066/tcp (AVM USB Remote Architecture), 1998/tcp (cisco X.25 service (XOT)), 1982/tcp (Evidentiary Timestamp), 1997/tcp (cisco Gateway Discovery Protocol), 2078/tcp (IBM Total Productivity Center Server), 2068/tcp (Avocent AuthSrv Protocol), 2080/tcp (Autodesk NLM (FLEXlm)), 2027/tcp (shadowserver), 1990/tcp (cisco STUN Priority 1 port), 2024/tcp (xinuexpansion4), 2064/tcp (ICG IP Relay Port), 2073/tcp (DataReel Database Socket), 2032/tcp (blackboard), 2028/tcp (submitserver), 2040/tcp (lam), 2038/tcp (objectmanager), 1981/tcp (p2pQ), 2077/tcp (Old Tivoli Storage Manager), 2074/tcp (Vertel VMF SA), 1921/tcp (NoAdmin), 2061/tcp (NetMount), 2070/tcp (AH and ESP Encapsulated in UDP packet), 1992/tcp (IPsendmsg), 2029/tcp (Hot Standby Router Protocol IPv6), 2022/tcp (down), 2062/tcp (ICG SWP Port), 2079/tcp (IDWARE Router Port), 2033/tcp (glogger), 1984/tcp (BB), 2065/tcp (Data Link Switch Read Port Number), 1996/tcp (cisco Remote SRB port), 1926/tcp (Evolution Game Server), 1989/tcp (MHSnet system), 1928/tcp (Expnd Maui Srvr Dscovr), 2071/tcp (Axon Control Protocol), 2026/tcp (scrabble), 1987/tcp (cisco RSRB Priority 1 port), 2039/tcp (Prizma Monitoring Service), 2076/tcp (Newlix JSPConfig), 1935/tcp (Macromedia Flash Communications Server MX), 1983/tcp (Loophole Test Protocol), 1924/tcp (XIIP), 2000/tcp (Cisco SCCP), 1986/tcp (cisco license management), 2021/tcp (servexec).
      
BHD Honeypot
Port scan
2019-08-10

In the last 24h, the attacker (89.248.172.196) attempted to scan 60 ports.
The following ports have been scanned: 1741/tcp (cisco-net-mgmt), 1814/tcp (TDP Suite), 1804/tcp (ENL), 1846/tcp (Tunstall PNC), 1851/tcp (ctcd), 1748/tcp (oracle-em1), 1756/tcp (capfast-lmd), 1752/tcp (Leap of Faith Research License Manager), 1819/tcp (Plato License Manager), 1853/tcp (VIDS-AVTP), 1755/tcp (ms-streaming), 1859/tcp (Gamma Fetcher Server), 1803/tcp (HP-HCIP-GWY), 1848/tcp (fjdocdist), 1857/tcp (DataCaptor), 1849/tcp (ALPHA-SMS), 1807/tcp (Fujitsu Hot Standby Protocol), 1744/tcp (ncpm-ft), 1818/tcp (Enhanced Trivial File Transfer Protocol), 1852/tcp (Virtual Time), 1805/tcp (ENL-Name), 1745/tcp (remote-winsock), 1811/tcp (Scientia-SDB), 1757/tcp (cnhrp), 1841/tcp (netopia-vo3), 1753/tcp, 1758/tcp (tftp-mcast), 1856/tcp (Fiorano MsgSvc), 1815/tcp (MMPFT), 1746/tcp (ftrapid-1), 1802/tcp (ConComp1), 1812/tcp (RADIUS), 1850/tcp (GSI), 1860/tcp (SunSCALAR Services), 1810/tcp (Jerand License Manager), 1809/tcp (Oracle-VP1), 1816/tcp (HARP), 1858/tcp (PrivateArk), 1817/tcp (RKB-OSCS), 1760/tcp (www-ldap-gw), 1747/tcp (ftrapid-2), 1743/tcp (Cinema Graphics License Manager), 1845/tcp (altalink), 1820/tcp (mcagent), 1801/tcp (Microsoft Message Que), 1749/tcp (aspen-services), 1759/tcp (SPSS License Manager), 1751/tcp (SwiftNet), 1806/tcp (Musiconline), 1813/tcp (RADIUS Accounting), 1844/tcp (DirecPC-DLL), 1742/tcp (3Com-nsd), 1842/tcp (netopia-vo4), 1854/tcp (Buddy Draw), 1847/tcp (SLP Notification), 1808/tcp (Oracle-VP2), 1750/tcp (Simple Socket Library's PortMaster), 1754/tcp (oracle-em2), 1843/tcp (netopia-vo5), 1855/tcp (Fiorano RtrSvc).
      
BHD Honeypot
Port scan
2019-08-10

Port scan from IP: 89.248.172.196 detected by psad.

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Similar hosts

Hosts with the same ASN

Report breach!

Rate host 89.248.172.196