JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.89.111.189

159.89.111.189 was found in our database!

This IP was reported 306 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.89.111.189

Whois 159.89.111.189

IP Abuse Reports for 159.89.111.189:

This IP address has been reported a total of 306 times from 195 distinct sources. 159.89.111.189 was first reported on October 12th 2022, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-06-18 09:23:29 (7 hours ago)	Brute force	Brute-Force
🇺🇸 wristhulk	2026-06-17 22:16:13 (18 hours ago)	Honeypot: credential brute-force on Cowrie Telnet honeypot (port 23). Username: 'GET /cgi-bin/authLo ... show more Honeypot: credential brute-force on Cowrie Telnet honeypot (port 23). Username: 'GET /cgi-bin/authLogin.cgi HTTP/1.1' Password: 'Host: 173.173.226.4:23'. show less	Brute-Force IoT Targeted
Anonymous	2026-06-17 21:54:11 (19 hours ago)	Reported from Nginx log analysis 19. Log: 159.89.111.189 - - [17/Jun/2026:xx:xx:xx 0200] "GET /solr ... show more Reported from Nginx log analysis 19. Log: 159.89.111.189 - - [17/Jun/2026:xx:xx:xx 0200] "GET /solr/admin/info/system HTTP/1.1" xxx xxx "-" "Go-http-client/1.1" "-" "DE Germany Frankfurt am Main" "AS14061" "DigitalOcean, LLC" \| 159.89.111.189 - - [17/Jun/2026:xx:xx:xx 0200] "GET /solr/admin/cores?action=STATUS show less	Port Scan Brute-Force SSH
🇸🇰 Eurofluid	2026-06-17 21:01:07 (20 hours ago)	You shall not pass ! Abusive behavior blocked by EF firewall.	Port Scan Hacking Brute-Force
🇫🇷 Guardian	2026-06-17 20:38:27 (20 hours ago)	Unauthorized connection attempt / Port scanning (x2) 159.89.111.189 [17/Jun/2026:12:38:22] "GET / HT ... show more Unauthorized connection attempt / Port scanning (x2) 159.89.111.189 [17/Jun/2026:12:38:22] "GET / HTTP/1.1" 159.89.111.189 [17/Jun/2026:12:38:22] "GET / HTTP/1.1" 159.89.111.189 [17/Jun/2026:20:38:27] "GET /solr/admin/info/system HTTP/1.1" show less	Port Scan Web App Attack
🇩🇪 Justin F. \| AS204464	2026-06-17 19:40:35 (21 hours ago)	Honeypot [nx-infrastructure]: HTTP/1.1 request on 6000 GET /v2/_catalog User-Agent: Go-http-client/ ... show more Honeypot [nx-infrastructure]: HTTP/1.1 request on 6000 GET /v2/_catalog User-Agent: Go-http-client/1.1; 6000 [3] TCP Reported by: Justin F. show less	Hacking Bad Web Bot
🇸🇰 HILKA	2026-06-17 18:30:05 (22 hours ago)	Automatic report from HLK firewall log.	Port Scan Hacking Brute-Force
🇵🇾 armandosaucedo.me	2026-06-17 17:35:56 (23 hours ago)	Threat Intelligence via ARMTI, Web Attack: GET /	Web App Attack
🇺🇸 anon333	2026-06-17 16:36:07 (1 day ago)	Invalid HTTP port 80 probes to server T1236	Hacking Exploited Host
Anonymous	2026-06-17 16:19:30 (1 day ago)	Honeypot hit: HTTP/1.1 request on 18789 GET /query?q=SHOW+DIAGNOSTICS User-Agent: Go-http-client/1. ... show more Honeypot hit: HTTP/1.1 request on 18789 GET /query?q=SHOW+DIAGNOSTICS User-Agent: Go-http-client/1.1; 18789 [4] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇩🇪 dispaisyenterprises	2026-06-17 16:09:50 (1 day ago)	Honeypot [fra-de-honeypot]: HTTP/1.1 request on 8086 GET / User-Agent: Mozilla/5.0 (compatible; Odi ... show more Honeypot [fra-de-honeypot]: HTTP/1.1 request on 8086 GET / User-Agent: Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/) Accept: / Accept-Encoding: gzip; 8086 [4] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇩🇪 D3RP4UL	2026-06-17 16:01:42 (1 day ago)	Brute-force attack detected on 23/TELNET • Credentials: GET /solr/admin/info/system HTTP/1.1:Host: 9 ... show more Brute-force attack detected on 23/TELNET • Credentials: GET /solr/admin/info/system HTTP/1.1:Host: 91.40.237.124:23, User-Agent: Go-http-client/1.1:Connection: close, GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1:Host: 91.40.237.124:23 • Number of login attempts: 3 show less	Brute-Force Hacking
🇧🇪 boxed-it	2026-06-17 15:25:54 (1 day ago)	GET /solr/admin/info/system (Tarpitted for 1m4s, wasted 3.87kB)	Web App Attack
🇵🇹 nuno	2026-06-17 14:46:12 (1 day ago)	159.89.111.189 - - [17/Jun/2026:15:46:11 +0100] host:443 "GET /solr/admin/info/system HTTP/1.1" 400 ... show more 159.89.111.189 - - [17/Jun/2026:15:46:11 +0100] host:443 "GET /solr/admin/info/system HTTP/1.1" 400 482 "-" "Go-http-client/1.1" "-" 0.000 - 159.89.111.189 - - [17/Jun/2026:15:46:11 +0100] host:443 "GET /solr/admin/cores?action=STATUS&wt=json HTTP/1.1" 400 482 "-" "Go-http-client/1.1" "-" 0.000 - ... show less	Web App Attack
🇨🇿 G3NETIC	2026-06-17 14:42:12 (1 day ago)	2026-06-17T16:42:11.967480+02:00 behemoth postfix/smtpd[2437848]: improper command pipelining after ... show more 2026-06-17T16:42:11.967480+02:00 behemoth postfix/smtpd[2437848]: improper command pipelining after CONNECT from unknown[159.89.111.189]: \026\003\003\001\245\001\000\001\241\003\003\2573\260]\257\324/\3249k\216\000}\axm\t\2704\311J/\202\330\212q\262\246\372+0 \375\206F\257\371\210\222\351)f\231?b){l\271\024>\265Qw\3528\177\353T,\v\031\001\363\000\212\000\026\0003\000g\300\236\300\242\000\236\0009\000k\300\237\300\243\000\237 2026-06-17T16:42:12.016475+02:00 behemoth postfix/smtpd[2437848]: improper command pipelining after CONNECT from unknown[159.89.111.189]: \026\003\003\001\245\001\000\001\241\003\003\375\377/\215\260\000wSh\241QyH\220\273-\242\254\374Cb\373\037\227\342\000\201l\275\206af \373W7\036M\315\211\241\362\345r\370\355+\316\313\213\016-\347\213\3019\302\337\246\271U\262Sb\000\212\000\005\000\004\000\a\000\300\000\204\000\272\000A\000\235\300\241\300\235\000= 2026-06-17T16:42:12.065012+02:00 behemoth postfix/smtpd[2438796]: improper command pipelining after CONNECT from ... show less	Spoofing Email Spam

Showing 1 to 15 of 306 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 185.147.26.126

🇩🇪 156.236.31.85

🇨🇳 111.26.6.111

🇫🇷 91.196.152.217

🇨🇦 85.217.149.56

🇳🇱 185.242.226.87

🇦🇷 181.116.220.252

🇯🇵 160.251.169.213

🇪🇬 156.218.177.48

🇵🇰 124.29.226.103

🇸🇪 104.23.223.87

🇳🇬 102.90.102.99

🇬🇧 82.1.229.14

🇷🇴 80.94.92.120

🇧🇬 79.124.62.178

🇺🇸 66.132.186.219

🇫🇷 51.75.119.34

🇵🇰 39.38.81.63

🇨🇳 27.44.146.26

🇮🇳 103.13.112.90