Maximum Danger
The IP address 144.172.89.108 is a critical-risk address associated with aggressive web application probing, having generated 555 abuse reports with a maximum threat level of 10/10 and a 94% confidence score. This United States-hosted IP, operating through AS14956 under the network operator ROUTERHOSTING, demonstrates sustained malicious activity that warrants immediate defensive action from any organization running internet-facing web services.
Automated honeypot sensors detected 20 distinct instances of web application attack activity originating from 144.172.89.108 during December 2025, with the IP exhibiting an activity frequency rating of 8/10. The concentration of reports across multiple independent detection points confirms this is sustained, systematic reconnaissance rather than isolated scanning. The presence of such a high report volume within a compressed timeframe indicates the address is actively engaged in vulnerability discovery across exposed web applications, likely as part of automated scanning infrastructure designed to identify exploitable targets for subsequent intrusion attempts.
Web application attacks target the application layer of internet-facing services, probing for vulnerabilities such as injection flaws, authentication weaknesses, and other OWASP Top 10 exposure patterns. The concrete real-world risk posed by an IP engaged in such probing is that successful vulnerability identification can lead to data exfiltration, service compromise, or pivoting into internal networks. An address with this level of reported activity represents a direct pathway for attackers seeking to exploit unpatched or misconfigured web applications, making exposure to this IP a significant and immediate security concern.
Site operators should deploy web application firewall rules capable of detecting and blocking known web app probe patterns associated with this address, enforce strong authentication controls on all exposed services, and implement rate-limiting to disrupt automated scanning workflows. Reviewing access logs for connection attempts matching the observed probe activity can help identify whether the address has interacted with production systems. Automated threat-blocking tools and threat-intelligence-driven blocking lists offer additional layers of defense against continued reconnaissance originating from this critical-risk source.
CH 
RO 
FR 
SE 
TR