159.89.12.105 - IPInfo

Basic Info

City: Frankfurt am Main

Region: Hessen

Country: Germany

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
159.89.125.16	attackbots	Oct 4 22:50:23 mail.srvfarm.net postfix/smtpd[1160735]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:50:23 mail.srvfarm.net postfix/smtpd[1160735]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 22:53:44 mail.srvfarm.net postfix/smtpd[1166868]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:53:44 mail.srvfarm.net postfix/smtpd[1166868]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 22:53:48 mail.srvfarm.net postfix/smtpd[1166869]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 22:53:48 mail.srvfarm.net postfix/smtpd[1161505]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-10-05 05:31:02
159.89.125.16	attack	Oct 4 05:33:33 mail.srvfarm.net postfix/smtpd[727581]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:33:33 mail.srvfarm.net postfix/smtpd[727581]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:55 mail.srvfarm.net postfix/smtpd[727422]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:55 mail.srvfarm.net postfix/smtpd[727422]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731567]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731585]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731567]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731585]: lost connection after AUTH from unknown[159.89.125.16]	2020-10-04 21:25:20
159.89.125.16	attackbotsspam	Oct 4 05:33:33 mail.srvfarm.net postfix/smtpd[727581]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:33:33 mail.srvfarm.net postfix/smtpd[727581]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:55 mail.srvfarm.net postfix/smtpd[727422]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:55 mail.srvfarm.net postfix/smtpd[727422]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731567]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731585]: warning: unknown[159.89.125.16]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731567]: lost connection after AUTH from unknown[159.89.125.16] Oct 4 05:36:59 mail.srvfarm.net postfix/smtpd[731585]: lost connection after AUTH from unknown[159.89.125.16]	2020-10-04 13:13:00
159.89.123.66	attackspambots	/wp-login.php	2020-10-03 06:24:53
159.89.123.66	attackbotsspam	REQUESTED PAGE: /wp-login.php	2020-10-03 01:52:31
159.89.123.66	attack	159.89.123.66 - - [02/Oct/2020:09:17:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2307 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:09:18:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2262 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:09:18:12 +0100] "POST /wp-login.php HTTP/1.1" 200 2259 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 22:20:42
159.89.123.66	attack	159.89.123.66 - - [02/Oct/2020:09:17:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2307 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:09:18:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2262 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:09:18:12 +0100] "POST /wp-login.php HTTP/1.1" 200 2259 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 18:52:59
159.89.123.66	attackspam	159.89.123.66 - - [02/Oct/2020:07:53:22 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:07:53:24 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.123.66 - - [02/Oct/2020:07:53:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-02 15:27:36
159.89.121.102	attack	Sep 26 14:16:43 ny01 sshd[12195]: Failed password for root from 159.89.121.102 port 55452 ssh2 Sep 26 14:16:53 ny01 sshd[12195]: error: maximum authentication attempts exceeded for root from 159.89.121.102 port 55452 ssh2 [preauth] Sep 26 14:16:55 ny01 sshd[12216]: Failed password for root from 159.89.121.102 port 56470 ssh2	2020-09-27 04:26:06
159.89.121.102	attackspambots	$f2bV_matches	2020-09-26 20:33:38
159.89.121.102	attackspam	$f2bV_matches	2020-09-26 12:17:37
159.89.129.36	attackbotsspam	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-09-19 02:49:14
159.89.129.36	attack	Found on Github Combined on 5 lists / proto=6 . srcport=52728 . dstport=7540 . (928)	2020-09-18 18:50:21
159.89.129.36	attackspam	firewall-block, port(s): 5806/tcp	2020-09-04 21:51:03
159.89.129.36	attackbots	TCP (SYN) 159.89.129.36:44410 -> port 5806, len 44	2020-09-04 13:30:08

Whois info:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#


NetRange:       159.89.0.0 - 159.89.255.255
CIDR:           159.89.0.0/16
NetName:        DIGITALOCEAN-159-89-0-0
NetHandle:      NET-159-89-0-0-1
Parent:         NET159 (NET-159-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   DigitalOcean, LLC (DO-13)
RegDate:        2017-07-07
Updated:        2020-04-03
Comment:        Routing and Peering Policy can be found at https://www.as14061.net
Comment:        
Comment:        Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref:            https://rdap.arin.net/registry/ip/159.89.0.0



OrgName:        DigitalOcean, LLC
OrgId:          DO-13
Address:        105 Edgeview Drive, Suite 425
City:           Broomfield
StateProv:      CO
PostalCode:     80021
Country:        US
RegDate:        2012-05-14
Updated:        2025-04-11
Ref:            https://rdap.arin.net/registry/entity/DO-13


OrgNOCHandle: NOC32014-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-646-827-4366 
OrgNOCEmail:  noc@digitalocean.com
OrgNOCRef:    https://rdap.arin.net/registry/entity/NOC32014-ARIN

OrgAbuseHandle: DIGIT19-ARIN
OrgAbuseName:   DigitalOcean Abuse
OrgAbusePhone:  +1-646-827-4366 
OrgAbuseEmail:  abuse@digitalocean.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/DIGIT19-ARIN

OrgTechHandle: NOC32014-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-646-827-4366 
OrgTechEmail:  noc@digitalocean.com
OrgTechRef:    https://rdap.arin.net/registry/entity/NOC32014-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.12.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56764
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;159.89.12.105.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025100700 1800 900 604800 86400

;; Query time: 829 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 07 22:09:40 CST 2025
;; MSG SIZE  rcvd: 106

Host info

Host 105.12.89.159.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 105.12.89.159.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
144.217.183.134	attack	144.217.183.134 - - [09/Aug/2020:07:18:36 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.183.134 - - [09/Aug/2020:07:18:38 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.183.134 - - [09/Aug/2020:07:18:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-09 13:43:27
187.131.250.203	attackbotsspam	Telnet Server BruteForce Attack	2020-08-09 14:03:46
190.215.112.122	attackbotsspam	Aug 9 05:11:32 ip-172-31-61-156 sshd[2010]: Failed password for root from 190.215.112.122 port 50072 ssh2 Aug 9 05:11:31 ip-172-31-61-156 sshd[2010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.215.112.122 user=root Aug 9 05:11:32 ip-172-31-61-156 sshd[2010]: Failed password for root from 190.215.112.122 port 50072 ssh2 Aug 9 05:16:29 ip-172-31-61-156 sshd[2248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.215.112.122 user=root Aug 9 05:16:31 ip-172-31-61-156 sshd[2248]: Failed password for root from 190.215.112.122 port 55594 ssh2 ...	2020-08-09 13:37:37
80.82.70.118	attack	TCP (SYN) 80.82.70.118:60000 -> port 5001, len 44	2020-08-09 13:55:25
196.27.127.61	attackbots	Aug 9 12:33:01 itv-usvr-01 sshd[31064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61 user=root Aug 9 12:33:04 itv-usvr-01 sshd[31064]: Failed password for root from 196.27.127.61 port 42748 ssh2 Aug 9 12:37:43 itv-usvr-01 sshd[31243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61 user=root Aug 9 12:37:45 itv-usvr-01 sshd[31243]: Failed password for root from 196.27.127.61 port 42196 ssh2 Aug 9 12:37:43 itv-usvr-01 sshd[31243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.27.127.61 user=root Aug 9 12:37:45 itv-usvr-01 sshd[31243]: Failed password for root from 196.27.127.61 port 42196 ssh2	2020-08-09 13:59:15
87.242.234.181	attack	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-09T03:45:12Z and 2020-08-09T03:54:10Z	2020-08-09 13:48:58
64.225.44.134	attackbots	US - - [08/Aug/2020:17:20:35 +0300] POST /xmlrpc.php HTTP/1.1 200 408 - Mozilla/5.0 X11; Ubuntu; Linux x86_64; rv:62.0 Gecko/20100101 Firefox/62.0	2020-08-09 13:37:16
222.186.15.62	attackbotsspam	2020-08-09T05:27:55.916504vps1033 sshd[7974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.62 user=root 2020-08-09T05:27:57.820308vps1033 sshd[7974]: Failed password for root from 222.186.15.62 port 31350 ssh2 2020-08-09T05:27:55.916504vps1033 sshd[7974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.62 user=root 2020-08-09T05:27:57.820308vps1033 sshd[7974]: Failed password for root from 222.186.15.62 port 31350 ssh2 2020-08-09T05:27:59.704942vps1033 sshd[7974]: Failed password for root from 222.186.15.62 port 31350 ssh2 ...	2020-08-09 13:34:57
93.56.47.242	attackspambots	93.56.47.242 - - [09/Aug/2020:04:53:56 +0100] "POST /wp-login.php HTTP/1.1" 200 4433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 93.56.47.242 - - [09/Aug/2020:04:53:57 +0100] "POST /wp-login.php HTTP/1.1" 200 4433 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 93.56.47.242 - - [09/Aug/2020:04:53:57 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-09 14:02:22
159.89.237.235	attackbots	159.89.237.235 - - [09/Aug/2020:05:53:50 +0200] "GET /wp-login.php HTTP/1.1" 200 5738 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.237.235 - - [09/Aug/2020:05:53:51 +0200] "POST /wp-login.php HTTP/1.1" 200 5989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.237.235 - - [09/Aug/2020:05:53:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-09 14:05:06
45.129.33.151	attackbots	TCP (SYN) 45.129.33.151:54685 -> port 25694, len 44	2020-08-09 13:47:15
222.186.52.78	attackspambots	Brute-force attempt banned	2020-08-09 13:40:53
152.32.229.54	attackspambots	$f2bV_matches	2020-08-09 13:43:10
5.9.155.37	attackbotsspam	20 attempts against mh-misbehave-ban on flare	2020-08-09 13:53:03
121.65.173.82	attack	Dovecot Invalid User Login Attempt.	2020-08-09 13:54:39

Recently Reported IPs

209.38.237.181	167.71.42.213	164.90.177.25	159.223.26.129
138.197.177.250	64.227.116.108	209.38.203.91	134.122.90.165
112.32.57.228	38.244.7.45	38.244.21.56	13.84.40.215
138.68.134.113	54.236.230.158	206.189.88.164	3.90.110.48
207.154.239.196	139.59.153.117	207.154.206.121	46.101.106.240