89.38.96.16 Threat Intelligence and Host Information

Aug 13, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 89.38.96.16 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 39/100

Host and Network Information

Tags: cisco, cowrie, dionaea, email, heralding, honeytrap, LAMP, mailoney, malicious, sentrypeer, sftp, sip, ssh, tanner
View other sources: Spamhaus VirusTotal
Contained within other IP sets: socks_proxy_30d

Country: Netherlands
Network:
Noticed: 2 times
Protocols Attacked: Anonymous Proxy

Open Ports Detected

10050 11000 11002 11065 11082 11112 11184 11210 11211 11288 11300 11371 11434 11601 11602 11680 11688 11701 12000 12016 12082 12084 12103 12106 12107 12110 12112 12114 12115 12120 12123 12124 12126 12129 12132 12136 12137 12139 12142 12155 12157 12159 12160 12162 12165 12169 12170 12172 12174 12180 12181 12185 12189 12191 12194 12200 12208 12224 12230 12231 12234 12235 12244 12245 12248 12251 12255 12261 12263 12267 12270 12273 12281 12282 12299 12303 12304 12308 12309 12319 12320 12322 12326 12332 12335 12339 12340 12341 12345 12346 12347 12351 12354 12355 12357 12359 12365 12367 12368 12373 12380 12392 12393 12397 12399 12402 12408 12410 12411 12417 12419 12426 12431 12446 12448 12451 12457 12458 12463 12464 12469 12472 12475 12478 12480 12485 12487 12488 12497 12500 12505 12506 12511 12517 12530 12544 12548 12549 12551 12553 12555 12556 12561 12563 12565 12567 12569 12570 12571 12576 12580 12582 12586 13228 13333 13380 13443 13579 14006 14147 14182 14184 14265 14344 15042 161 22 4150 8101

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

inetnum: 89.38.96.0 - 89.38.96.255
netname: WORLDSTREAM
country: NL
admin-c: WS1670-RIPE
tech-c: WS1670-RIPE
status: ASSIGNED PA
mnt-by: MNT-WORLDSTREAM
mnt-domains: MNT-WORLDSTREAM
mnt-routes: MNT-WORLDSTREAM
created: 2018-12-18T10:24:18Z
last-modified: 2018-12-18T10:24:18Z
role: WORLDSTREAM DBM
address: Industriestraat 24
address: 2671CT NAALDWIJK
address: The Netherlands
phone: +31174712117
abuse-mailbox: abuse@worldstream.nl
admin-c: DV1495-RIPE
tech-c: DV1495-RIPE
nic-hdl: WS1670-RIPE
mnt-by: MNT-WORLDSTREAM
created: 2008-05-15T09:52:38Z
last-modified: 2013-08-20T11:17:59Z
route: 89.38.96.0/24
origin: AS49981
mnt-by: MNT-WORLDSTREAM
created: 2022-11-18T15:12:39Z
last-modified: 2022-11-18T15:12:39Z

Links to attack logs

Share on: