JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.89.205.120

159.89.205.120 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.89.205.120

Whois 159.89.205.120

IP Abuse Reports for 159.89.205.120:

This IP address has been reported a total of 25 times from 20 distinct sources. 159.89.205.120 was first reported on May 11th 2025, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇾 Rizzy	2025-06-03 03:26:43 (1 year ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇫🇷 dynamix	2025-06-03 03:25:06 (1 year ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-06-03 01:40:53 (1 year ago)	(wordpress) Failed wordpress login from 159.89.205.120 (SG/Singapore/-)	Brute-Force
🇩🇪 updown.io	2025-05-19 09:16:07 (1 year ago)	{"level":"info","ts":1747646115.7891555,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1747646115.7891555,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"159.89.205.120","remote_port":"59536","client_ip":"159.89.205.120","proto":"HTTP/1.1","method":"GET","host":"status.shelhealth.com","uri":"/un.php","headers":{"User-Agent":["Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"],"Accept-Encoding":["gzip, deflate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Connection":["keep-alive"],"Cache-Control":["max-age=0"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8"],"Referer":["www.google.com"]}},"bytes_read":0,"user_id":"","duration":0.000062379,"size":0,"status":308,"resp_headers":{"Location":["https://status.shelhealth.com/un.php"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}} {"level":"info","ts":1747646117.469067,"logg ... show less	DDoS Attack Web App Attack
🇮🇩 hermawan	2025-05-18 11:21:06 (1 year ago)	[Sun May 18 18:20:20.264117 2025] [security2:error] [pid 224551:tid 139795873175232] [client 159.89. ... show more [Sun May 18 18:20:20.264117 2025] [security2:error] [pid 224551:tid 139795873175232] [client 159.89.205.120:58787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Mozlila" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "59"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: Mozlila found within REQUEST_HEADERS:User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 request_line = GET /un.php HTTP/1.1 Request URI RAW = /un.php Request Basename = un.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.14.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag " ... show less	Hacking Web App Attack
Anonymous	2025-05-17 04:51:44 (1 year ago)	Http Port:80 (http_status:403) - Agent:Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) A ... show more Http Port:80 (http_status:403) - Agent:Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 show less	Web App Attack
🇧🇪 cmbplf	2025-05-16 22:59:22 (1 year ago)	4.452 requests from abuseipdb.com blacklisted IP (4mos1d19h)	Brute-Force Bad Web Bot
🇺🇸 quicksand	2025-05-16 06:53:34 (1 year ago)	Malicious URI path & DigitalOcean User Agent Spoofing [GET /phpinfo.php?re@=vo@] [Mozlila/5.0 (Linux ... show more Malicious URI path & DigitalOcean User Agent Spoofing [GET /phpinfo.php?re@=vo@] [Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36] show less	Bad Web Bot Web App Attack
🇦🇺 Tony	2025-05-15 14:15:00 (1 year ago)	Wordpress and PHP	Web App Attack
🇫🇮 paissangroup	2025-05-15 12:19:54 (1 year ago)	Multiple WAF Violations	Web App Attack
🇩🇪 updown.io	2025-05-15 09:52:09 (1 year ago)	{"level":"info","ts":1747302550.0708768,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1747302550.0708768,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"159.89.205.120","remote_port":"49747","client_ip":"159.89.205.120","proto":"HTTP/1.1","method":"GET","host":"portal.status.locate2u.com","uri":"/un.php","headers":{"Accept-Encoding":["gzip, deflate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8"],"Accept-Language":["en-US,en;q=0.9,fr;q=0.8"],"Referer":["www.google.com"],"User-Agent":["Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Connection":["keep-alive"]}},"bytes_read":0,"user_id":"","duration":0.000056447,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://portal.status.locate2u.com/un.php"]}} {"level":"info","ts":1747302552.11 ... show less	DDoS Attack Web App Attack
Anonymous	2025-05-14 00:37:00 (1 year ago)	vars[0]=md5&vars[1][]=Hello	Hacking Brute-Force Web App Attack
🇮🇩 Incidents Response Neptus Team	2025-05-13 14:00:00 (1 year ago)	Report Abuse IP	Hacking Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2025-05-13 00:47:57 (1 year ago)	159.89.205.120 - - [13/May/2025:03:47:56 +0300] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 40 ... show more 159.89.205.120 - - [13/May/2025:03:47:56 +0300] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 404 196 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Web App Attack
🇩🇪 ps-center	2025-05-12 23:38:43 (1 year ago)	ABV: Web Attack GET /wp-includes/class-wp-other.php	Web Spam Hacking Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:c84::21

🇮🇩 192.147.114.23

🇺🇸 185.180.141.5

🇳🇱 172.71.99.207

🇻🇳 171.244.61.79

🇳🇱 162.159.113.60

🇫🇮 147.185.133.160

🇲🇬 129.222.109.86

🇵🇰 111.68.107.91

🇮🇩 103.154.77.48

🇻🇳 103.75.183.177

🇩🇪 95.133.245.20

🇫🇷 92.103.134.183

🇧🇬 78.90.19.40

🇺🇸 64.62.156.184

🇧🇷 45.71.123.226

🇺🇦 37.221.142.209

🇺🇸 20.102.103.195

🇩🇪 5.231.242.253

🇬🇧 217.45.87.214