89.38.96.110 Threat Intelligence and Host Information

Sep 06, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 89.38.96.110 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 43/100

Host and Network Information

Tags: cisco, conpot, cowrie, dionaea, email, heralding, honeytrap, LAMP, mailoney, malicious, sentrypeer, sftp, sip, ssh, tanner
View other sources: Spamhaus VirusTotal

Country: Netherlands
Network:
Noticed: 4 times
Protocols Attacked: Anonymous Proxy
Passive DNS Results: 6490065.ru mxx.sptql.com sptql.com www.sptql.com infoservice.site

Open Ports Detected

11000 11007 11065 11075 11112 11180 11210 11211 11288 11300 11371 11401 11434 11481 11601 11680 12000 12001 12019 12056 12106 12108 12110 12117 12125 12127 12128 12131 12137 12138 12142 12145 12147 12149 12152 12153 12155 12158 12159 12160 12167 12169 12175 12176 12177 12179 12182 12184 12191 12196 12199 12205 12213 12219 12220 12227 12232 12238 12249 12250 12251 12252 12254 12259 12266 12270 12273 12277 12280 12294 12296 12297 12299 12302 12306 12318 12319 12320 12321 12328 12342 12344 12345 12346 12348 12349 12350 12352 12355 12357 12358 12360 12361 12370 12377 12382 12385 12390 12392 12393 12397 12398 12399 12415 12421 12427 12430 12432 12433 12436 12438 12439 12440 12445 12446 12453 12463 12472 12473 12479 12480 12481 12484 12486 12487 12495 12497 12499 12502 12510 12516 12526 12530 12531 12533 12536 12538 12541 12545 12548 12560 12564 12566 12581 12582 12583 12590 12615 13000 13084 13333 13443 13579 14082 14104 14147 14184 14344 14400 14825 14873 14900 15038 15044 161 22 4150 80 8100

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2018-16845 CVE-2019-16905 CVE-2019-20372 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2020-14145 CVE-2020-15778 CVE-2021-23017 CVE-2021-3618 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-44487 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

inetnum: 89.38.96.0 - 89.38.96.255
netname: WORLDSTREAM
country: NL
admin-c: WS1670-RIPE
tech-c: WS1670-RIPE
status: ASSIGNED PA
mnt-by: MNT-WORLDSTREAM
mnt-domains: MNT-WORLDSTREAM
mnt-routes: MNT-WORLDSTREAM
created: 2018-12-18T10:24:18Z
last-modified: 2018-12-18T10:24:18Z
role: WORLDSTREAM DBM
address: Industriestraat 24
address: 2671CT NAALDWIJK
address: The Netherlands
phone: +31174712117
abuse-mailbox: abuse@worldstream.nl
admin-c: DV1495-RIPE
tech-c: DV1495-RIPE
nic-hdl: WS1670-RIPE
mnt-by: MNT-WORLDSTREAM
created: 2008-05-15T09:52:38Z
last-modified: 2013-08-20T11:17:59Z
route: 89.38.96.0/24
origin: AS49981
mnt-by: MNT-WORLDSTREAM
created: 2022-11-18T15:12:39Z
last-modified: 2022-11-18T15:12:39Z

Links to attack logs

Share on: