159.89.139.46 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
159.89.139.110	attackspam	159.89.139.110 - - [05/Sep/2020:15:10:24 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [05/Sep/2020:15:10:25 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [05/Sep/2020:15:10:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-05 22:31:57
159.89.139.110	attackbotsspam	159.89.139.110 - - [04/Sep/2020:17:50:59 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1949 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-05 14:09:05
159.89.139.110	attackbots	159.89.139.110 - - [04/Sep/2020:17:50:59 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [04/Sep/2020:17:51:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1949 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-05 06:52:10
159.89.139.110	attackbotsspam	159.89.139.110 - - [31/Aug/2020:09:41:41 +0200] "GET /wp-login.php HTTP/1.1" 200 8537 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [31/Aug/2020:09:41:44 +0200] "POST /wp-login.php HTTP/1.1" 200 8788 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [31/Aug/2020:09:41:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-31 18:11:40
159.89.139.110	attack	159.89.139.110 - - [25/Jul/2020:05:00:08 +0100] "POST /wp-login.php HTTP/1.1" 200 1967 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [25/Jul/2020:05:00:10 +0100] "POST /wp-login.php HTTP/1.1" 200 1994 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [25/Jul/2020:05:00:10 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-25 12:26:34
159.89.139.110	attackspam	159.89.139.110 - - [24/Jul/2020:07:36:57 +0100] "POST /wp-login.php HTTP/1.1" 200 4437 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [24/Jul/2020:07:36:58 +0100] "POST /xmlrpc.php HTTP/1.1" 200 271 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.139.110 - - [24/Jul/2020:07:53:08 +0100] "POST /wp-login.php HTTP/1.1" 200 4475 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-24 19:16:29
159.89.139.149	attackspam	Attacks websites by trying to access known vulnerables of plugins, brute-force of backends or probing of administrative tools	2020-06-14 22:35:15
159.89.139.149	attackspam	C1,WP GET /conni-club/home/wp-includes/wlwmanifest.xml GET /kramkiste/home/wp-includes/wlwmanifest.xml	2020-06-08 22:49:30
159.89.139.220	attack	firewall-block, port(s): 22703/tcp	2020-04-19 05:19:25
159.89.139.228	attackspambots	Mar 10 05:56:07 * sshd[32388]: Failed password for root from 159.89.139.228 port 38032 ssh2	2020-03-10 13:50:11
159.89.139.220	attackbotsspam	Jan 23 13:55:23 odroid64 sshd\[4802\]: Invalid user tester from 159.89.139.220 Jan 23 13:55:23 odroid64 sshd\[4802\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.220 ...	2020-03-06 05:54:58
159.89.139.228	attack	2020-03-01T14:22:42.769477shield sshd\[25151\]: Invalid user test from 159.89.139.228 port 58302 2020-03-01T14:22:42.774383shield sshd\[25151\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228 2020-03-01T14:22:45.350259shield sshd\[25151\]: Failed password for invalid user test from 159.89.139.228 port 58302 ssh2 2020-03-01T14:28:00.054019shield sshd\[26046\]: Invalid user sinus from 159.89.139.228 port 54494 2020-03-01T14:28:00.057971shield sshd\[26046\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228	2020-03-01 22:38:19
159.89.139.228	attackspambots	DATE:2020-02-29 01:06:10, IP:159.89.139.228, PORT:ssh SSH brute force auth (docker-dc)	2020-02-29 08:51:20
159.89.139.228	attack	Feb 20 13:30:37 ws26vmsma01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.139.228 Feb 20 13:30:39 ws26vmsma01 sshd[8080]: Failed password for invalid user ftp from 159.89.139.228 port 59200 ssh2 ...	2020-02-20 21:33:38
159.89.139.149	attack	Automatic report - XMLRPC Attack	2020-02-19 00:02:10

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.139.46
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26422
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;159.89.139.46.			IN	A

;; AUTHORITY SECTION:
.			157	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021800 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 13:42:55 CST 2022
;; MSG SIZE  rcvd: 106

Host info

46.139.89.159.in-addr.arpa domain name pointer 178404.cloudwaysapps.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
46.139.89.159.in-addr.arpa	name = 178404.cloudwaysapps.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
125.212.202.179	attackspam	Lines containing failures of 125.212.202.179 Mar 8 11:23:24 neweola sshd[31022]: Invalid user alexisrudd from 125.212.202.179 port 32864 Mar 8 11:23:24 neweola sshd[31022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.202.179 Mar 8 11:23:25 neweola sshd[31022]: Failed password for invalid user alexisrudd from 125.212.202.179 port 32864 ssh2 Mar 8 11:23:26 neweola sshd[31022]: Received disconnect from 125.212.202.179 port 32864:11: Normal Shutdown [preauth] Mar 8 11:23:26 neweola sshd[31022]: Disconnected from invalid user alexisrudd 125.212.202.179 port 32864 [preauth] Mar 8 11:28:57 neweola sshd[31170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.202.179 user=r.r Mar 8 11:29:00 neweola sshd[31170]: Failed password for r.r from 125.212.202.179 port 45858 ssh2 Mar x@x Mar 9 20:06:59 neweola sshd[5223]: pam_unix(sshd:auth): authentication failure; logname= uid=0........ ------------------------------	2020-03-10 18:32:17
157.230.188.53	attack	$f2bV_matches	2020-03-10 18:43:40
106.52.93.51	attackspam	Mar 10 10:22:08 sd-53420 sshd\[19539\]: Invalid user tomcat from 106.52.93.51 Mar 10 10:22:08 sd-53420 sshd\[19539\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.93.51 Mar 10 10:22:10 sd-53420 sshd\[19539\]: Failed password for invalid user tomcat from 106.52.93.51 port 39166 ssh2 Mar 10 10:27:38 sd-53420 sshd\[20079\]: Invalid user sonarUser from 106.52.93.51 Mar 10 10:27:38 sd-53420 sshd\[20079\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.93.51 ...	2020-03-10 18:27:22
192.99.70.208	attack	Mar 10 10:51:50 vserver sshd\[22691\]: Invalid user 123456 from 192.99.70.208Mar 10 10:51:52 vserver sshd\[22691\]: Failed password for invalid user 123456 from 192.99.70.208 port 51876 ssh2Mar 10 10:59:43 vserver sshd\[22764\]: Invalid user mancheste from 192.99.70.208Mar 10 10:59:45 vserver sshd\[22764\]: Failed password for invalid user mancheste from 192.99.70.208 port 55272 ssh2 ...	2020-03-10 18:31:07
79.113.143.208	attackbotsspam	RO_AS8708-MNT_<177>1583832489 [1:2403430:55877] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 [Classification: Misc Attack] [Priority: 2]: {TCP} 79.113.143.208:9519	2020-03-10 18:06:27
149.202.164.82	attackbotsspam	k+ssh-bruteforce	2020-03-10 18:31:45
192.169.190.48	attack	Mar 10 09:02:44 ws26vmsma01 sshd[241375]: Failed none for invalid user alok from 192.169.190.48 port 20744 ssh2 ...	2020-03-10 18:15:50
112.85.42.174	attack	Mar 10 11:12:42 SilenceServices sshd[3435]: Failed password for root from 112.85.42.174 port 37388 ssh2 Mar 10 11:12:56 SilenceServices sshd[3435]: error: maximum authentication attempts exceeded for root from 112.85.42.174 port 37388 ssh2 [preauth] Mar 10 11:13:03 SilenceServices sshd[3523]: Failed password for root from 112.85.42.174 port 1721 ssh2	2020-03-10 18:18:44
85.117.56.73	attackbots	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-03-10 18:38:50
221.215.154.73	attackspambots	''	2020-03-10 18:27:47
120.55.240.188	attackspambots	120.55.240.188 - - [10/Mar/2020:06:45:24 +0200] "GET /web.config.txt HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-10 18:06:58
178.62.0.215	attackspam	SSH Brute-Force reported by Fail2Ban	2020-03-10 18:04:06
123.206.67.160	attackspam	Mar 10 10:40:49 vps691689 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.206.67.160 Mar 10 10:40:52 vps691689 sshd[10453]: Failed password for invalid user harry from 123.206.67.160 port 59140 ssh2 ...	2020-03-10 18:29:42
222.122.179.208	attackspam	(sshd) Failed SSH login from 222.122.179.208 (KR/South Korea/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 10 10:47:21 ubnt-55d23 sshd[28655]: Invalid user monitor.schorelweb from 222.122.179.208 port 60036 Mar 10 10:47:23 ubnt-55d23 sshd[28655]: Failed password for invalid user monitor.schorelweb from 222.122.179.208 port 60036 ssh2	2020-03-10 18:34:10
121.128.198.188	attackbots	[portscan] Port scan	2020-03-10 18:20:27

Recently Reported IPs

159.89.144.159	159.89.146.131	159.89.144.252	159.89.144.50
159.89.144.213	159.89.148.163	159.89.147.6	159.89.148.105
159.89.144.229	159.89.148.139	159.89.146.217	159.89.144.195
159.89.15.153	159.89.152.193	159.89.151.91	159.89.149.154
159.89.152.238	159.89.152.93	159.89.154.79	159.89.150.234