JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.89.195.34

159.89.195.34 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 43%: ?

43%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.89.195.34

Whois 159.89.195.34

IP Abuse Reports for 159.89.195.34:

This IP address has been reported a total of 14 times from 7 distinct sources. 159.89.195.34 was first reported on August 2nd 2024, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇬 abuseipreport.darajati	2026-06-08 02:54:41 (10 hours ago)	159.89.195.34 - - [2026-06-08T10:54:40+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-08T10:54:40+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
🇮🇩 sockominfo	2026-06-07 22:00:52 (15 hours ago)	Webshell discovery success (Response: 200). Threat Score: 8.9/10 (CRITICAL). Confidence: 70%. CVSS v ... show more Webshell discovery success (Response: 200). Threat Score: 8.9/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 87%. MITRE ATT&CK: T1566 (Phishing). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-07 21:00:08 (16 hours ago)	Webshell discovery success (Response: 200). Threat Score: 8.3/10 (HIGH). Reported by TangerangKota-C ... show more Webshell discovery success (Response: 200). Threat Score: 8.3/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇸🇬 abuseipreport.darajati	2026-06-07 20:54:39 (16 hours ago)	159.89.195.34 - - [2026-06-08T04:54:38+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-08T04:54:38+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-06-07 19:54:30 (17 hours ago)	159.89.195.34 - - [2026-06-08T03:54:30+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-08T03:54:30+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-06-07 18:54:22 (18 hours ago)	159.89.195.34 - - [2026-06-08T02:54:21+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-08T02:54:21+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-06-07 15:54:21 (21 hours ago)	159.89.195.34 - - [2026-06-07T23:54:20+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-07T23:54:20+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T23:54:20+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T23:54:20+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-06-07 13:54:13 (23 hours ago)	159.89.195.34 - - [2026-06-07T21:54:12+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiai ... show more 159.89.195.34 - - [2026-06-07T21:54:12+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T21:54:12+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T21:54:12+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T21:54:13+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ... show less	Web App Attack
Anonymous	2026-06-07 13:05:21 (1 day ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=20	Hacking
🇮🇹 VHosting	2026-06-07 13:00:04 (1 day ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇸🇬 abuseipreport.darajati	2026-06-07 12:54:13 (1 day ago)	159.89.195.34 - - [2026-06-07T20:54:09+08:00] "POST /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (W ... show more 159.89.195.34 - - [2026-06-07T20:54:09+08:00] "POST /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T20:54:10+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T20:54:10+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T20:54:11+08:00] "POST /wp-login.php HTTP/1.1" 200 5756 "http://hestiaistiviani.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 159.89.195.34 - - [2026-06-07T20:54:11+08:00] "POST /wp-login. ... show less	Web App Attack
🇮🇩 Burayot	2026-06-07 12:47:00 (1 day ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.89.195.34 (SG/Singapore/-): 1 i ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.89.195.34 (SG/Singapore/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:48:09 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 159.89.195.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 159.89.195.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:48:04.974500 2026] [security2:error] [pid 6273:tid 6273] [client 159.89.195.34:62481] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.majesticsolutions.co\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.majesticsolutions.co"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiUGFFc9rxR2JvYquH9QbwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇳 TC Saini	2024-08-02 14:01:37 (1 year ago)	Indicators of compromise (IoCs) reported by the GOVT India	Blog Spam Exploited Host IoT Targeted

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇱 188.212.135.109

🇨🇳 115.190.52.176

🇰🇬 92.62.70.58

🇺🇸 64.227.49.223

🇩🇪 64.89.163.132

🇺🇸 52.54.249.218

🇺🇸 45.156.129.62

🇩🇪 43.228.157.10

🇻🇳 27.79.243.208

🇧🇷 2804:16a0:2000:131e:d49c:31d2:29cc:28fc

🇲🇽 200.68.173.229

🇺🇸 195.184.76.81

🇳🇱 193.176.31.213

🇨🇳 117.177.102.79

🇮🇩 103.96.147.12

🇷🇺 81.195.133.103

🇳🇱 34.158.139.134

🇦🇪 20.203.42.204

🇰🇿 5.34.16.49

🇮🇪 2a05:d018:10df:d401:650f:ef93:32e2:a5eb