159.89.48.56 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Trolling for resource vulnerabilities	2020-10-05 03:34:45
attackbots	159.89.48.56 - - [04/Oct/2020:09:05:52 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [04/Oct/2020:09:05:54 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [04/Oct/2020:09:05:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-04 19:22:50
attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-27 03:26:45
attackbotsspam	(PERMBLOCK) 159.89.48.56 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs:	2020-09-26 19:24:10
attackspam	Website login hacking attempts.	2020-08-28 14:20:49
attack	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-28 03:34:35
attack	www.goldgier.de 159.89.48.56 [27/Jul/2020:08:19:53 +0200] "POST /wp-login.php HTTP/1.1" 200 8762 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.goldgier.de 159.89.48.56 [27/Jul/2020:08:19:55 +0200] "POST /wp-login.php HTTP/1.1" 200 8762 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-27 17:22:47
attack	159.89.48.56 - - [19/Jul/2020:08:08:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2046 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [19/Jul/2020:08:08:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2020 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [19/Jul/2020:08:08:08 +0100] "POST /wp-login.php HTTP/1.1" 200 2019 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-19 15:32:47
attackspam	Wordpress malicious attack:[octaxmlrpc]	2020-07-15 17:10:22
attackbots	159.89.48.56 - - [11/Jul/2020:14:02:08 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [11/Jul/2020:14:02:10 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.56 - - [11/Jul/2020:14:02:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-11 20:09:21

Comments on same subnet:

IP	Type	Details	Datetime
159.89.48.237	attackbots	Oct 11 20:11:13 10.23.102.230 wordpress(www.ruhnke.cloud)[22544]: Blocked authentication attempt for admin from 159.89.48.237 ...	2020-10-12 03:04:44
159.89.48.237	attackspambots	159.89.48.237 - - [11/Oct/2020:11:22:13 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [11/Oct/2020:11:22:21 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [11/Oct/2020:11:22:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-11 18:56:42
159.89.48.237	attackspam	159.89.48.237 - - [01/Oct/2020:22:36:51 +0100] "POST /wp-login.php HTTP/1.1" 200 2426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [01/Oct/2020:22:36:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2429 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [01/Oct/2020:22:36:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 07:02:21
159.89.48.237	attackspam	xmlrpc attack	2020-10-01 23:34:27
159.89.48.237	attack	xmlrpc attack	2020-10-01 15:39:43
159.89.48.237	attackbots	159.89.48.237 - - [27/Aug/2020:13:58:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2488 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [27/Aug/2020:13:58:01 +0100] "POST /wp-login.php HTTP/1.1" 200 2449 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [27/Aug/2020:13:58:08 +0100] "POST /wp-login.php HTTP/1.1" 200 2450 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-28 02:58:22
159.89.48.237	attackbotsspam	159.89.48.237 - - [22/Aug/2020:04:46:55 +0100] "POST /wp-login.php HTTP/1.1" 200 1792 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [22/Aug/2020:04:46:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1768 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.237 - - [22/Aug/2020:04:47:08 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-22 18:53:28
159.89.48.222	attackbots	159.89.48.222 - - [11/Aug/2020:14:13:22 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [11/Aug/2020:14:13:23 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [11/Aug/2020:14:13:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-11 21:29:37
159.89.48.222	attackspam	159.89.48.222 - - [04/Aug/2020:14:19:41 +0200] "GET /wp-login.php HTTP/1.1" 200 6398 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [04/Aug/2020:14:19:48 +0200] "POST /wp-login.php HTTP/1.1" 200 6649 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [04/Aug/2020:14:19:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-05 01:09:15
159.89.48.237	attack	CMS (WordPress or Joomla) login attempt.	2020-08-04 14:36:37
159.89.48.237	attackspam	CMS (WordPress or Joomla) login attempt.	2020-07-25 13:54:48
159.89.48.222	attackspam	159.89.48.222 - - [12/Jul/2020:14:39:23 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [12/Jul/2020:14:39:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.48.222 - - [12/Jul/2020:14:39:30 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-12 21:59:06
159.89.48.222	attackspambots	xmlrpc attack	2020-06-03 22:39:42
159.89.48.63	attack	Jun 3 07:09:45 buvik sshd[25636]: Failed password for root from 159.89.48.63 port 54220 ssh2 Jun 3 07:13:09 buvik sshd[26186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.48.63 user=root Jun 3 07:13:12 buvik sshd[26186]: Failed password for root from 159.89.48.63 port 58072 ssh2 ...	2020-06-03 13:27:48
159.89.48.63	attackspam	2020-05-26T11:57:32.633277mail.thespaminator.com sshd[23401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.48.63 user=root 2020-05-26T11:57:34.855625mail.thespaminator.com sshd[23401]: Failed password for root from 159.89.48.63 port 53086 ssh2 ...	2020-05-27 00:21:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.48.56
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47059
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.89.48.56.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071100 1800 900 604800 86400

;; Query time: 81 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jul 11 20:09:17 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 56.48.89.159.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 56.48.89.159.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.233.134.31	attackspam	(sshd) Failed SSH login from 49.233.134.31 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 25 22:22:14 amsweb01 sshd[17479]: Invalid user help from 49.233.134.31 port 57448 Mar 25 22:22:16 amsweb01 sshd[17479]: Failed password for invalid user help from 49.233.134.31 port 57448 ssh2 Mar 25 22:36:18 amsweb01 sshd[18882]: Invalid user ja from 49.233.134.31 port 41582 Mar 25 22:36:20 amsweb01 sshd[18882]: Failed password for invalid user ja from 49.233.134.31 port 41582 ssh2 Mar 25 22:44:41 amsweb01 sshd[19701]: Invalid user silva from 49.233.134.31 port 42886	2020-03-26 05:54:37
37.139.9.23	attackbotsspam	Invalid user admin from 37.139.9.23 port 60440	2020-03-26 06:05:37
80.82.64.127	attackbots	(PERMBLOCK) 80.82.64.127 (NL/Netherlands/-) has had more than 4 temp blocks in the last 86400 secs	2020-03-26 05:36:05
106.13.86.199	attack	Invalid user vicente from 106.13.86.199 port 42784	2020-03-26 05:38:52
35.189.172.158	attackbots	Mar 25 22:47:31 Ubuntu-1404-trusty-64-minimal sshd\[30851\]: Invalid user fabiana from 35.189.172.158 Mar 25 22:47:31 Ubuntu-1404-trusty-64-minimal sshd\[30851\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.189.172.158 Mar 25 22:47:33 Ubuntu-1404-trusty-64-minimal sshd\[30851\]: Failed password for invalid user fabiana from 35.189.172.158 port 55278 ssh2 Mar 25 22:59:46 Ubuntu-1404-trusty-64-minimal sshd\[4555\]: Invalid user oracle from 35.189.172.158 Mar 25 22:59:46 Ubuntu-1404-trusty-64-minimal sshd\[4555\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.189.172.158	2020-03-26 06:04:45
103.126.169.68	attackbots	Automatic report - Port Scan Attack	2020-03-26 05:52:20
220.180.193.166	attackspambots	Unauthorised access (Mar 25) SRC=220.180.193.166 LEN=44 TTL=243 ID=42988 TCP DPT=1433 WINDOW=1024 SYN	2020-03-26 05:42:46
115.159.86.75	attackbotsspam	SSH brute force attempt	2020-03-26 06:15:34
190.90.24.140	attack	Mar 25 22:44:32 vpn01 sshd[23066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.90.24.140 Mar 25 22:44:34 vpn01 sshd[23066]: Failed password for invalid user test from 190.90.24.140 port 54982 ssh2 ...	2020-03-26 06:00:50
147.0.184.54	attack	Honeypot attack, port: 5555, PTR: rrcs-147-0-184-54.central.biz.rr.com.	2020-03-26 05:37:50
198.98.59.29	attack	Mar 25 19:39:13 * sshd[15778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.98.59.29 Mar 25 19:39:16 * sshd[15778]: Failed password for invalid user support from 198.98.59.29 port 51886 ssh2	2020-03-26 05:45:02
193.112.127.192	attackbots	Mar 25 15:26:19 OPSO sshd\[2278\]: Invalid user investor from 193.112.127.192 port 39766 Mar 25 15:26:19 OPSO sshd\[2278\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.192 Mar 25 15:26:21 OPSO sshd\[2278\]: Failed password for invalid user investor from 193.112.127.192 port 39766 ssh2 Mar 25 15:30:06 OPSO sshd\[2973\]: Invalid user cod from 193.112.127.192 port 57244 Mar 25 15:30:06 OPSO sshd\[2973\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.192	2020-03-26 05:43:30
212.47.238.207	attack	Mar 25 21:43:19 ks10 sshd[648673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.47.238.207 Mar 25 21:43:21 ks10 sshd[648673]: Failed password for invalid user px from 212.47.238.207 port 51514 ssh2 ...	2020-03-26 05:43:06
51.91.127.201	attackbotsspam	Mar 25 22:44:46 ns381471 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.127.201 Mar 25 22:44:49 ns381471 sshd[2562]: Failed password for invalid user cw from 51.91.127.201 port 48520 ssh2	2020-03-26 05:49:38
180.151.56.103	attack	Mar 25 22:38:46 DAAP sshd[12435]: Invalid user postfix from 180.151.56.103 port 33854 Mar 25 22:38:46 DAAP sshd[12435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.151.56.103 Mar 25 22:38:46 DAAP sshd[12435]: Invalid user postfix from 180.151.56.103 port 33854 Mar 25 22:38:48 DAAP sshd[12435]: Failed password for invalid user postfix from 180.151.56.103 port 33854 ssh2 Mar 25 22:44:31 DAAP sshd[12613]: Invalid user ubuntu from 180.151.56.103 port 50826 ...	2020-03-26 06:03:40

Recently Reported IPs

219.91.153.16	35.220.220.94	49.206.222.126	189.1.140.131
95.95.0.228	154.0.206.99	245.100.207.170	64.225.53.232
122.165.231.238	87.123.1.206	45.78.33.46	188.112.8.253
239.171.64.109	105.112.61.194	44.207.83.47	202.155.211.226
5.179.112.90	106.53.220.55	182.190.211.90	109.106.195.195