Is IP address 64.89.161.198 dangerous?

64.89.161.198 presents moderate risk with a threat level of 6/10. While not critically dangerous, it has been associated with activity. Monitoring and conditional blocking is recommended.

Who owns or operates IP address 64.89.161.198?

IP address 64.89.161.198 is operated by ISP Associates (ASN 0) and is geolocated to US. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 64.89.161.198?

Blocking 64.89.161.198 is advisable for security-sensitive environments. With a threat level of 6/10, consider implementing conditional blocks or rate limiting.

How accurate is this threat assessment for 64.89.161.198?

Our threat assessment for 64.89.161.198 has a confidence score of 96%, based on 230 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

64.89.161.198

IPv4 Public

ISP Associates

230 Reports

US Location

ISP Associates ISP

230 Reports

Mixed Data Source

Cautionary Risk

IP 64.89.161.198, registered to ISP Associates in the United States, is a medium-high risk address associated with 230 abuse reports and a confidence score of 96%. The dominant threat activity is general hacking probes, accounting for 18 of the most recent reports, alongside bad web bot behavior, WordPress configuration exposure attempts, unauthorized WP-Cron execution, and isolated DDoS and web application attack signatures. With an activity frequency rated 8 out of 10, this IP demonstrates persistent, automated scanning behavior directed at web infrastructure.

Detection data draws from 16 automated honeypot sensors and 4 community-based reports, all timestamped to February 2026. Abstracted attack-pattern logs reveal repeated automated scanner detections targeting NGINX servers, with specific focus on suspicious backup-related POST requests and unauthorized WP-Cron execution attempts. The IP also generated multiple attack connection events and web application probe activities consistent with vulnerability scanning toolchains. The concentration of honeypot hits across multiple sensor types indicates this is not opportunistic noise but deliberate, systematic reconnaissance against exposed web services.

The hacking category encompasses intrusion attempts, vulnerability exploitation, and unauthorized access probes—behaviors confirmed by the observed scanner signatures and POST requests targeting backup files and cronjob endpoints. For site operators running WordPress, unauthorized cron execution can facilitate privilege escalation, data exfiltration, or secondary payload delivery. When combined with WP Config Exposure attempts and generic web application probes, this IP profile suggests an actor preparing for or conducting automated compromise campaigns against misconfigured or unpatched web servers rather than random scanning.

Operators should block or rate-limit this IP at the firewall or load balancer level given the sustained activity and diverse attack vector profile. Enforcing strict access controls on wp-cron.php, renaming or restricting access to sensitive backup file paths, and implementing fail2ban or equivalent intrusion prevention rules can disrupt the observed automation patterns. Web application firewalls with bot management capabilities provide an additional layer of defense against the bad web bot activity and scanner signatures associated with this address.

More threatening than 52% of monitored IPs

Threat Categories

Hacking 19

Bad Web Bot 4

Web App Attack 3

DDoS Attack 2

WP Cron Abuse 2

WP Config Exposure 2

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Reputable Network

This IP is hosted on a network (ASN 0) with generally good reputation. The ISP ISP Associates maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

Reputation Summary

Threat Level 6/10 Medium

High

Activity Frequency 8/10 High

Confidence Score 57% High Confidence

Confidence History

3. Feb 2026 - 23. Feb 2026

96% Current

Stable Trend

Date	Categories	Source	Confidence
23. Feb 2026	WP Config Exposure Hacking WP Cron Abuse +2	Community x3	75%
20. Feb 2026	Bad Web Bot	Community	75%
3. Feb 2026	Bad Web Bot	Community	75%
3. Feb 2026	Hacking	Honeypot x2	75%
3. Feb 2026	Bad Web Bot WP Config Exposure Hacking +2	Community x3	75%
3. Feb 2026	Hacking	Honeypot	75%
3. Feb 2026	Hacking	Honeypot x2	75%
3. Feb 2026	Hacking Web App Attack	Honeypot x6	75%
3. Feb 2026	Web App Attack Hacking	Honeypot x11	75%
3. Feb 2026	Hacking	Honeypot x10	75%
3. Feb 2026	Hacking	Honeypot x16	75%
3. Feb 2026	Hacking	Honeypot x10	75%
3. Feb 2026	Hacking	Honeypot x19	75%
3. Feb 2026	Hacking	Honeypot x24	75%
3. Feb 2026	Hacking	Honeypot x29	75%
3. Feb 2026	Hacking	Honeypot x18	75%
3. Feb 2026	Hacking	Honeypot x32	75%
3. Feb 2026	Hacking	Honeypot x35	75%
3. Feb 2026	Hacking	Honeypot	75%
3. Feb 2026	Hacking	Honeypot x2	75%
3. Feb 2026	Hacking Web App Attack	Honeypot x3	75%

Basic Information

IP Address: 64.89.161.198
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class A

Geolocation

Country: US
ASN: Unknown
ISP: ISP Associates

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 230
First Reported: 3 Feb 2026
Last Reported: 23 Feb 2026, 02:16

Comparative Analysis

How this IP compares to others in our threat intelligence database

52 %

Global Threat Ranking

This IP is more threatening than 52% of all IPs in our database.

Above Average Threat

Global Comparison

Compared against 229,429 reported IPs worldwide

Threat Level 6/10 avg: 5.6 =

Total Reports 230 avg: 21 ++

Geographic Comparison

Compared against 44,186 IPs in US

Threat Level 6/10 country avg: 6.1 =

Total Reports 230 country avg: 38 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 0 reports

Daily Average 0 reports/day

Most Active Tuesday 19 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 5/10

Distribution of threat categories reported over time.

Top Threat Categories

Hacking 19

Bad Web Bot 4

Web App Attack 3

WP Config Exposure 2

WP Cron Abuse 2

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 02:00 with 8 reports

Weekly Activity

Geographic Threat Distribution

214,990 threat incidents tracked globally • Last 24h: 17,714 Logs

FEED

Top Threat Sources

01

United States US THIS IP

44,178 20.5%
02

India IN

34,935 16.2%
03

China CN

28,628 13.3%
04

Brazil BR

11,590 5.4%
05

Germany DE

8,150 3.8%
06

Singapore SG

6,991 3.3%
07

Indonesia ID

6,382 3%
08

Pakistan PK

5,791 2.7%
09

Russia RU

5,349 2.5%
10

Netherlands NL

4,896 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same subnet range, likely same network segment.

13 Related IPs

7.6/10 Avg Threat

61% Avg Confidence

11 High Threat

High-risk network: Majority of related IPs are flagged

Cautionary Risk

Threat Categories

Technical Details

Recommended Mitigations

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]