159.89.139.220

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	firewall-block, port(s): 22703/tcp	2020-04-19 05:19:25
attackbotsspam	Jan 23 13:55:23 odroid64 sshd\[4802\]: Invalid user tester from 159.89.139.220 Jan 23 13:55:23 odroid64 sshd\[4802\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.220 ...	2020-03-06 05:54:58
attackbotsspam	Unauthorized connection attempt detected from IP address 159.89.139.220 to port 2220 [J]	2020-01-24 13:27:54

Type

Details

Datetime

attack

firewall-block, port(s): 22703/tcp

2020-04-19 05:19:25

attackbotsspam

Jan 23 13:55:23 odroid64 sshd\[4802\]: Invalid user tester from 159.89.139.220
Jan 23 13:55:23 odroid64 sshd\[4802\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.220
...

2020-03-06 05:54:58

attackbotsspam

Unauthorized connection attempt detected from IP address 159.89.139.220 to port 2220 [J]

2020-01-24 13:27:54

Comments on same subnet:

IP	Type	Details	Datetime
159.89.139.110	attackspam	159.89.139.110 - - [05/Sep/2020:15:10:24 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [05/Sep/2020:15:10:25 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [05/Sep/2020:15:10:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-05 22:31:57
159.89.139.110	attackbotsspam	159.89.139.110 - - [04/Sep/2020:17:50:59 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1949 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-05 14:09:05
159.89.139.110	attackbots	159.89.139.110 - - [04/Sep/2020:17:50:59 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1949 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-05 06:52:10
159.89.139.110	attackbotsspam	159.89.139.110 - - [31/Aug/2020:09:41:41 +0200] "GET /wp-login.php HTTP/1.1" 200 8537 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [31/Aug/2020:09:41:44 +0200] "POST /wp-login.php HTTP/1.1" 200 8788 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [31/Aug/2020:09:41:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-31 18:11:40
159.89.139.110	attack	159.89.139.110 - - [25/Jul/2020:05:00:08 +0100] "POST /wp-login.php HTTP/1.1" 200 1967 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [25/Jul/2020:05:00:10 +0100] "POST /wp-login.php HTTP/1.1" 200 1994 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [25/Jul/2020:05:00:10 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-25 12:26:34
159.89.139.110	attackspam	159.89.139.110 - - [24/Jul/2020:07:36:57 +0100] "POST /wp-login.php HTTP/1.1" 200 4437 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [24/Jul/2020:07:36:58 +0100] "POST /xmlrpc.php HTTP/1.1" 200 271 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [24/Jul/2020:07:53:08 +0100] "POST /wp-login.php HTTP/1.1" 200 4475 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-24 19:16:29
159.89.139.149	attackspam	Attacks websites by trying to access known vulnerables of plugins, brute-force of backends or probing of administrative tools	2020-06-14 22:35:15
159.89.139.149	attackspam	C1,WP GET /conni-club/home/wp-includes/wlwmanifest.xml GET /kramkiste/home/wp-includes/wlwmanifest.xml	2020-06-08 22:49:30
159.89.139.228	attackspambots	Mar 10 05:56:07 * sshd[32388]: Failed password for root from 159.89.139.228 port 38032 ssh2	2020-03-10 13:50:11
159.89.139.228	attack	2020-03-01T14:22:42.769477shield sshd\[25151\]: Invalid user test from 159.89.139.228 port 58302 2020-03-01T14:22:42.774383shield sshd\[25151\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228 2020-03-01T14:22:45.350259shield sshd\[25151\]: Failed password for invalid user test from 159.89.139.228 port 58302 ssh2 2020-03-01T14:28:00.054019shield sshd\[26046\]: Invalid user sinus from 159.89.139.228 port 54494 2020-03-01T14:28:00.057971shield sshd\[26046\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228	2020-03-01 22:38:19
159.89.139.228	attackspambots	DATE:2020-02-29 01:06:10, IP:159.89.139.228, PORT:ssh SSH brute force auth (docker-dc)	2020-02-29 08:51:20
159.89.139.228	attack	Feb 20 13:30:37 ws26vmsma01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228 Feb 20 13:30:39 ws26vmsma01 sshd[8080]: Failed password for invalid user ftp from 159.89.139.228 port 59200 ssh2 ...	2020-02-20 21:33:38
159.89.139.149	attack	Automatic report - XMLRPC Attack	2020-02-19 00:02:10
159.89.139.228	attackspam	Invalid user nok from 159.89.139.228 port 33982	2020-02-11 15:21:33
159.89.139.228	attackbotsspam	Feb 9 05:48:06 ks10 sshd[3263826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228 Feb 9 05:48:08 ks10 sshd[3263826]: Failed password for invalid user bff from 159.89.139.228 port 52078 ssh2 ...	2020-02-09 20:46:31

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.139.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23993
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.89.139.220.			IN	A

;; AUTHORITY SECTION:
.			510	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020012302 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jan 24 13:27:50 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 220.139.89.159.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 220.139.89.159.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.30.112	attackbots	2020-08-20T04:15:12.161483shield sshd\[5674\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.112 user=root 2020-08-20T04:15:14.803981shield sshd\[5674\]: Failed password for root from 222.186.30.112 port 28344 ssh2 2020-08-20T04:15:17.317329shield sshd\[5674\]: Failed password for root from 222.186.30.112 port 28344 ssh2 2020-08-20T04:15:20.396450shield sshd\[5674\]: Failed password for root from 222.186.30.112 port 28344 ssh2 2020-08-20T04:15:25.086615shield sshd\[5702\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.112 user=root	2020-08-20 12:16:35
51.75.121.252	attackbotsspam	Aug 20 04:10:30 game-panel sshd[12743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.121.252 Aug 20 04:10:32 game-panel sshd[12743]: Failed password for invalid user edward from 51.75.121.252 port 42842 ssh2 Aug 20 04:17:39 game-panel sshd[13188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.121.252	2020-08-20 12:17:54
218.92.0.168	attackbotsspam	Aug 20 06:32:28 cosmoit sshd[6188]: Failed password for root from 218.92.0.168 port 53669 ssh2	2020-08-20 12:32:39
222.186.180.223	attackbotsspam	Aug 20 07:40:48 ift sshd\[40761\]: Failed password for root from 222.186.180.223 port 38688 ssh2Aug 20 07:40:51 ift sshd\[40761\]: Failed password for root from 222.186.180.223 port 38688 ssh2Aug 20 07:40:55 ift sshd\[40761\]: Failed password for root from 222.186.180.223 port 38688 ssh2Aug 20 07:41:09 ift sshd\[40768\]: Failed password for root from 222.186.180.223 port 50724 ssh2Aug 20 07:41:12 ift sshd\[40768\]: Failed password for root from 222.186.180.223 port 50724 ssh2 ...	2020-08-20 12:41:37
213.155.116.179	attackspambots	Aug 20 06:41:24 vps639187 sshd\[18511\]: Invalid user admin from 213.155.116.179 port 36681 Aug 20 06:41:25 vps639187 sshd\[18511\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.155.116.179 Aug 20 06:41:26 vps639187 sshd\[18511\]: Failed password for invalid user admin from 213.155.116.179 port 36681 ssh2 ...	2020-08-20 12:43:26
77.107.41.121	attack	Fail2Ban Ban Triggered	2020-08-20 12:45:30
195.54.160.183	attack	$f2bV_matches	2020-08-20 12:13:17
176.113.115.53	attackbots	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-08-20 12:31:09
129.211.187.67	attackspambots	Aug 20 06:18:57 sticky sshd\[30521\]: Invalid user app from 129.211.187.67 port 39052 Aug 20 06:18:57 sticky sshd\[30521\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.187.67 Aug 20 06:18:58 sticky sshd\[30521\]: Failed password for invalid user app from 129.211.187.67 port 39052 ssh2 Aug 20 06:22:01 sticky sshd\[30555\]: Invalid user esr from 129.211.187.67 port 49078 Aug 20 06:22:01 sticky sshd\[30555\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.187.67	2020-08-20 12:35:27
91.121.89.189	attackbots	91.121.89.189 - - [20/Aug/2020:05:55:50 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.121.89.189 - - [20/Aug/2020:05:55:51 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.121.89.189 - - [20/Aug/2020:05:55:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-20 12:19:41
23.94.150.186	attackbots	(From eric@talkwithwebvisitor.com) Hi, Eric here with a quick thought about your website brombergchiropractic.com... I’m on the internet a lot and I look at a lot of business websites. Like yours, many of them have great content. But all too often, they come up short when it comes to engaging and connecting with anyone who visits. I get it – it’s hard. Studies show 7 out of 10 people who land on a site, abandon it in moments without leaving even a trace. You got the eyeball, but nothing else. Here’s a solution for you… Talk With Web Visitor is a software widget that’s works on your site, ready to capture any visitor’s Name, Email address and Phone Number. You’ll know immediately they’re interested and you can call them directly to talk with them literally while they’re still on the web looking at your site. CLICK HERE http://www.talkwithwebvisitors.com to try out a Live Demo with Talk With Web Visitor now to see exactly how it works. It could be huge for your business – and because	2020-08-20 12:12:31
222.186.175.154	attackbots	Aug 20 06:47:09 vm1 sshd[1002]: Failed password for root from 222.186.175.154 port 6372 ssh2 Aug 20 06:47:24 vm1 sshd[1002]: error: maximum authentication attempts exceeded for root from 222.186.175.154 port 6372 ssh2 [preauth] ...	2020-08-20 12:48:45
106.52.12.21	attackbots	2020-08-20T07:25:25.015944lavrinenko.info sshd[22372]: Invalid user zhangxd from 106.52.12.21 port 35692 2020-08-20T07:25:25.023413lavrinenko.info sshd[22372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.12.21 2020-08-20T07:25:25.015944lavrinenko.info sshd[22372]: Invalid user zhangxd from 106.52.12.21 port 35692 2020-08-20T07:25:27.152195lavrinenko.info sshd[22372]: Failed password for invalid user zhangxd from 106.52.12.21 port 35692 ssh2 2020-08-20T07:27:29.184867lavrinenko.info sshd[22520]: Invalid user joana from 106.52.12.21 port 57232 ...	2020-08-20 12:38:09
134.17.94.158	attackbots	Aug 20 06:55:42 hosting sshd[31752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.94.158 user=root Aug 20 06:55:44 hosting sshd[31752]: Failed password for root from 134.17.94.158 port 12874 ssh2 ...	2020-08-20 12:25:13
61.177.172.168	attack	Aug 20 04:20:46 ip-172-31-16-56 sshd\[19184\]: Failed password for root from 61.177.172.168 port 23703 ssh2\ Aug 20 04:21:06 ip-172-31-16-56 sshd\[19186\]: Failed password for root from 61.177.172.168 port 53138 ssh2\ Aug 20 04:21:20 ip-172-31-16-56 sshd\[19186\]: Failed password for root from 61.177.172.168 port 53138 ssh2\ Aug 20 04:21:23 ip-172-31-16-56 sshd\[19186\]: Failed password for root from 61.177.172.168 port 53138 ssh2\ Aug 20 04:21:29 ip-172-31-16-56 sshd\[19190\]: Failed password for root from 61.177.172.168 port 20469 ssh2\	2020-08-20 12:22:07

Recently Reported IPs

191.222.251.68	29.130.117.20	187.95.236.245	132.166.79.21
34.249.18.114	217.9.12.172	207.8.76.40	185.206.214.185
168.216.210.253	166.239.120.227	146.55.233.0	38.127.36.244
240.46.166.153	178.160.83.87	1.234.219.255	101.1.156.101
48.246.28.73	154.160.24.221	92.153.113.4	69.16.53.254