JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.89.96.253

41.89.96.253 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 100%: ?

100%

ISP	Egerton University Njoro campus
Usage Type	University/College/School
ASN	AS36914
Domain Name	eunccu.org
Country	🇰🇪 Kenya
City	Njoro, Nakuru County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.89.96.253

Whois 41.89.96.253

IP Abuse Reports for 41.89.96.253:

This IP address has been reported a total of 149 times from 45 distinct sources. 41.89.96.253 was first reported on May 4th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-13 22:45:00 (2 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 guldkage	2026-06-13 19:57:02 (5 hours ago)	Unauthorized connection attempt detected from IP address 41.89.96.253 to port 445 (ger-02) [SMB]	Exploited Host
🇺🇸 drewf.ink	2026-06-13 13:55:41 (11 hours ago)	[13:55] Triggered SMB honeypot on port 445. Type: NetBIOS + SMB1. Dialect(s): LANMAN1.0, LM1.2X002, ... show more [13:55] Triggered SMB honeypot on port 445. Type: NetBIOS + SMB1. Dialect(s): LANMAN1.0, LM1.2X002, NT LANMAN 1.0, NT LM 0.12 show less	Hacking Exploited Host
🇩🇪 IP Analyzer	2026-06-12 09:00:44 (1 day ago)	Unauthorized connection attempt from IP address 41.89.96.253 on Port 445(SMB)	Port Scan
🇩🇪 Luhte	2026-06-12 08:51:11 (1 day ago)	Unsolicited TCP connection from 41.89.96.253 to port 0 at 2026-06-12T08:51:11Z. Source IP completed ... show more Unsolicited TCP connection from 41.89.96.253 to port 0 at 2026-06-12T08:51:11Z. Source IP completed three-way handshake to non-public service on this host. Detected by automated intrusion monitoring. show less	Port Scan Hacking
🇺🇸 drewf.ink	2026-06-12 06:35:18 (1 day ago)	[06:35] Triggered SMB honeypot on port 445. Type: NetBIOS + SMB1. Dialect(s): LANMAN1.0, LM1.2X002, ... show more [06:35] Triggered SMB honeypot on port 445. Type: NetBIOS + SMB1. Dialect(s): LANMAN1.0, LM1.2X002, NT LANMAN 1.0, NT LM 0.12 show less	Hacking Exploited Host
🇺🇸 cwytech	2026-06-11 17:29:02 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/global-exclusion-high.	Hacking
🇩🇪 guldkage	2026-06-11 16:54:22 (2 days ago)	Unauthorized connection attempt detected from IP address 41.89.96.253 to port 445 (ger-02) [SMB]	Exploited Host
🇩🇪 KPS	2026-06-11 07:47:44 (2 days ago)	PortscanM	Port Scan
🇺🇸 MPL	2026-06-11 07:37:56 (2 days ago)	tcp/445 (2 or more attempts)	Port Scan
🇫🇷 zulzeen	2026-06-11 04:37:16 (2 days ago)	[incypit-web] Blocked by SysWarden Firewall [BLOCK] (SMB/Possible Ransomware Attack)	Hacking Brute-Force
Anonymous	2026-06-11 02:56:03 (2 days ago)	Unauthorized access (tcp/445/smb)	Port Scan
🇦🇹 Pingger Shikkoken	2026-06-10 13:40:53 (3 days ago)	2026-06-10T13:40:53+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT= MAC=b6:ab:74:e6 ... show more 2026-06-10T13:40:53+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT= MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=41.89.96.253 DST=152.53.50.28 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=5151 DF PROTO=TCP SPT=16572 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 show less	Hacking
🇬🇧 PeravixGroup	2026-06-10 09:38:54 (3 days ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-06-09 19:13:40 (4 days ago)	Try to connect to Port_Scan_445_stealth	Port Scan

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇪 213.35.128.24

🇺🇸 205.210.31.56

🇺🇸 205.210.31.22

🇬🇧 185.216.145.187

🇰🇷 175.118.127.138

🇺🇸 172.190.13.234

🇸🇪 138.124.29.146

🇹🇭 119.110.239.76

🇨🇳 118.89.62.11

🇧🇭 109.63.118.194

🇷🇺 91.237.183.81

🇧🇷 45.205.1.68

🇳🇱 45.156.128.59

🇳🇱 45.148.10.157

🇺🇸 20.118.232.75

🇨🇴 8.242.151.245

🇹🇼 198.235.24.87

🇳🇱 195.178.110.42

🇳🇱 185.226.197.59

🇮🇩 182.8.130.191