JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.89.132.71

159.89.132.71 was found in our database!

This IP was reported 103 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Hostname(s)	prod-barium-sfo2-65.do.binaryedge.ninja
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.89.132.71

Whois 159.89.132.71

IP Abuse Reports for 159.89.132.71:

This IP address has been reported a total of 103 times from 63 distinct sources. 159.89.132.71 was first reported on May 16th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 DrLex0	2026-05-25 04:33:31 (1 week ago)	Probing for various exploits 159.89.132.71 443 - [25/May/2026:04:33:29 +0000] "GET /sslvpnLogin.htm ... show more Probing for various exploits 159.89.132.71 443 - [25/May/2026:04:33:29 +0000] "GET /sslvpnLogin.html HTTP/1.1" 404 5980 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" 159.89.132.71 443 - [25/May/2026:04:33:30 +0000] "GET /api/sonicos/auth HTTP/1.1" 404 5980 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" 159.89.132.71 443 - [25/May/2026:04:33:30 +0000] "GET /api/sonicos/tfa HTTP/1.1" 404 5980 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" 159.89.132.71 443 - [25/May/2026:04:33:31 +0000] "GET /sonicui/7/sslvpn-portal/ HTTP/1.1" 404 5980 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-24 21:25:18 (1 week ago)	159.89.132.71 - - [24/May/2026:18:45:52 +0000] "GET /RDWeb HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macin ... show more 159.89.132.71 - - [24/May/2026:18:45:52 +0000] "GET /RDWeb HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" 159.89.132.71 - - [24/May/2026:18:45:53 +0000] "GET /Remote HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" ... show less	Web App Attack
🇬🇧 venus.launch.bz	2026-05-24 17:46:48 (1 week ago)	(wpscan) WordPress probe detected from 159.89.132.71 (US/United States/prod-barium-sfo2-65.do.binary ... show more (wpscan) WordPress probe detected from 159.89.132.71 (US/United States/prod-barium-sfo2-65.do.binaryedge.ninja) show less	Hacking
🇳🇱 0xffffffff	2026-05-24 10:15:45 (1 week ago)	[2026-05-24 13:14:20.256606] [authz_core:error] [pid 766019:tid 130142133601984] [client 159.89.132. ... show more [2026-05-24 13:14:20.256606] [authz_core:error] [pid 766019:tid 130142133601984] [client 159.89.132.71:53774] AH01630: client denied by server configuration: /var/www//+CSCOE+ , error_notes:wrong-host , URI:'/+CSCOE+/logon.html' [2026-05-24 13:14:35.121428] [authz_core:error] [pid 766020:tid 130141938218688] [client 159.89.132.71:33874] AH01630: client denied by server configuration: /var/www//+CSCOT+ , error_notes:wrong-host , URI:'/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2BCSCOE%2B/portal_inc.lua' [2026-05-24 13:14:51.663186] [authz_core:error] [pid 766019:tid 130142108423872] [client 159.89.132.71:51504] AH01630: client denied by server configuration: /var/www//.env , error_notes:config-files , URI:'/.env' [2026-05-24 13:15:08.067821] [authz_core:error] [pid 766020:tid 130141401380544] [client 159.89.132.71:42854] AH01630: client denied by server configuration: /var/www//.ftpconfig , error_notes:wrong-host , URI:'/.ftpconfig' [2026-05-24 13:15:25.974045] [au show less	Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-05-24 06:45:18 (1 week ago)	HTTP Tarpit detected bot activity:TargetPort:443, Path:/, Method:GET, UA:Mozilla/5.0 (Macintosh; Int ... show more HTTP Tarpit detected bot activity:TargetPort:443, Path:/, Method:GET, UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4 show less	Port Scan Web App Attack Bad Web Bot
🇺🇸 RAP	2026-05-23 09:38:01 (1 week ago)	2026-05-23 09:38:01 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇩🇪 EnthecSolutions	2026-05-23 06:02:38 (1 week ago)	Detected by Enthec Solutions. \| Attempts: 39 in 24h \| Target port: 60000	Port Scan Hacking
🇺🇸 Cyber Crusader	2026-05-23 02:53:24 (1 week ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
🇺🇸 MPL	2026-05-22 17:14:31 (1 week ago)	tcp/50100 (2 or more attempts)	Port Scan
🇬🇧 gbzret4d	2026-05-22 16:46:39 (1 week ago)	Honeypot [uk-production01]: Empty payload (likely service probe); 50070 [35] TCP	Port Scan
🇺🇸 MPL	2026-05-22 12:55:15 (1 week ago)	tcp/49670	Port Scan
🇩🇪 Justin F. \| AS204464	2026-05-22 07:05:13 (1 week ago)	Honeypot [nx-infrastructure]: Empty payload (likely service probe); 44818 [39] TCP Reported by: Just ... show more Honeypot [nx-infrastructure]: Empty payload (likely service probe); 44818 [39] TCP Reported by: Justin F. show less	Port Scan
🇮🇳 Mr.Singh	2026-05-22 06:30:09 (1 week ago)	NFT blocked 159.89.132.71 on 22-May-2026..	Port Scan Brute-Force
🇺🇸 MPL	2026-05-22 03:29:19 (1 week ago)	tcp/28015 (2 or more attempts)	Port Scan
🇳🇱 COMPLEX	2026-05-22 00:29:43 (1 week ago)	Unsolicited TCP traffic \| Action: DROP \| Port 21000	Brute-Force

Showing 31 to 45 of 103 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.231

🇭🇳 170.83.118.254

🇺🇸 135.237.127.207

🇳🇱 204.76.203.219

🇩🇪 185.169.3.152

🇺🇸 184.105.247.222

🇺🇸 162.216.150.40

🇮🇩 103.149.178.233

🇩🇪 82.21.68.118

🇳🇱 78.142.18.40

🇺🇸 72.10.32.138

🇳🇱 45.148.10.141

🇯🇵 20.190.141.37

🇺🇸 20.102.43.161

🇻🇳 14.225.7.70

🇺🇸 2607:f8b0:4001:c0d::12d

🇩🇪 209.38.222.175

🇧🇷 190.109.97.198

🇧🇷 189.113.198.58

🇵🇦 181.197.138.35