JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.223.228.249

159.223.228.249 was found in our database!

This IP was reported 139 times. Confidence of Abuse is 9%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.223.228.249

Whois 159.223.228.249

IP Abuse Reports for 159.223.228.249:

This IP address has been reported a total of 139 times from 77 distinct sources. 159.223.228.249 was first reported on January 11th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-05-17 08:41:06 (3 weeks ago)	tcp/465 (2 or more attempts)	Port Scan
🇬🇧 thetomtaylor.co.uk	2026-05-05 23:08:15 (1 month ago)	Fail2Ban - [SSH]Brute-force login attempts on sshd ... [mx02]	Brute-Force SSH
🇦🇹 Pingger Shikkoken	2026-03-21 08:50:45 (2 months ago)	2026-03-21T08:50:45+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC ... show more 2026-03-21T08:50:45+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=159.223.228.249 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=3531 DF PROTO=TCP SPT=46580 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2026-03-21T08:50:46+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=159.223.228.249 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=3532 DF PROTO=TCP SPT=46580 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2026-03-21T08:50:48+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=159.223.228.249 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=11359 DF PROTO=TCP SPT=36382 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Hacking Bad Web Bot
🇺🇸 MPL	2026-03-21 05:27:09 (2 months ago)	tcp/8888 (3 or more attempts)	Port Scan
🇷🇴 abuse_IP_reporter	2026-03-21 03:45:07 (2 months ago)	Mar 21 04:48:32 server UFW BLOCK SRC=159.223.228.249 PROTO=TCP SPT=61007 DPT=8090	Port Scan
🇷🇸 Scan	2026-03-21 02:11:25 (2 months ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇳🇱 0xffffffff	2026-03-21 00:12:27 (2 months ago)	[2026-03-21 02:12:24.120592] [authz_core:error] [pid 1676343:tid 125191787116224] [client 159.223.22 ... show more [2026-03-21 02:12:24.120592] [authz_core:error] [pid 1676343:tid 125191787116224] [client 159.223.228.249:60636] AH01630: client denied by server configuration: /var/www/html/ , error_notes:wrong-host , URI:'/' [2026-03-21 02:12:24.253625] [authz_core:error] [pid 1676343:tid 125192578893504] [client 159.223.228.249:39012] AH01630: client denied by server configuration: /var/www/*/ , error_notes:wrong-host , URI:'/' [2026-03-21 02:12:25.056448] [authz_core:error] [pid 1676343:tid 125192444413632] [client 159.223.228.249:60644] AH01630: client denied by server configuration: /var/www/html/favicon.ico , error_notes:wrong-host , URI:'/favicon.ico' [2026-03-21 02:12:25.076313] [authz_core:error] [pid 1676344:tid 125192223274688] [client 159.223.228.249:60668] AH01630: client denied by server configuration: /var/www/html/.well-known , error_notes:wrong-host , URI:'/.well-known/security.txt' [2026-03-21 02:12:25.076539] [authz_core:error] [pid 1676343:tid 125192427628224] [client 159.223.228.249:60656] AH01630: clie show less	Web App Attack Bad Web Bot
🇳🇱 EGP Abuse Dept	2026-03-19 08:00:43 (2 months ago)	Scanning for port/service exploits on tpc-040.mach3builders.nl	Port Scan Hacking
🇬🇧 OptimusGO	2026-03-19 07:43:05 (2 months ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-03-19 07:43:05 UTC Log evidence: 03/19/2026-07:43:05.128830 [] [1:1000090:1] POLICY Unauthorized Management Port Access [] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 159.223.228.249:61009 -> 185.127.18.66:27017 03/19/2026-07:43:05.128830 [] [1:1000103:1] SECURITY Management Port Probe - CRITICAL [] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 159.223.228.249:61009 -> 185.127.18.66:27017 show less	Port Scan Brute-Force
🇷🇺 SeMPaI	2026-03-19 07:09:16 (2 months ago)	[server] SSH honeypot login attempt NL from 159.223.228.249 to port 2000	Brute-Force SSH
🇦🇹 centurion	2026-02-24 01:05:14 (3 months ago)	Unauthorized attempt on cendev [8883/tcp] Source port: 61003 TTL: 244 Packet length: 44 TOS: 0x00 ht ... show more Unauthorized attempt on cendev [8883/tcp] Source port: 61003 TTL: 244 Packet length: 44 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 spamverify.com	2026-02-24 01:04:08 (3 months ago)	Honeypot Hit: Port Scan (8089) SPLUNKD	Web Spam Blog Spam Bad Web Bot Web App Attack
🇺🇸 Josh S.	2026-02-24 00:53:39 (3 months ago)	Blocked by UFW on Mailcow [4000/tcp] Source port: 61015 TTL: 243 Packet length: 44 TOS: 0x00 If thi ... show more Blocked by UFW on Mailcow [4000/tcp] Source port: 61015 TTL: 243 Packet length: 44 TOS: 0x00 If this was a mistake contact me: [email protected] show less	Port Scan
🇳🇱 EGP Abuse Dept	2026-02-24 00:24:57 (3 months ago)	Scanning for port/service exploits on tpc-002.mach3builders.nl	Port Scan Hacking
🇧🇪 Ivo Vynckier	2026-01-16 11:02:00 (4 months ago)	159.223.228.249 - - [15/Jan/2026:12:19:11 +0100] "GET /simple.php HTTP/1.1" 301 255 "-" "Mozlila/5.0 ... show more 159.223.228.249 - - [15/Jan/2026:12:19:11 +0100] "GET /simple.php HTTP/1.1" 301 255 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force" 159.223.228.249 - - [15/Jan/2026:12:19:13 +0100] "GET /about.php HTTP/1.1" 301 254 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force" 159.223.228.249 - - [15/Jan/2026:12:19:15 +0100] "GET /install.php HTTP/1.1" 301 256 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force" show less	Web App Attack

Showing 1 to 15 of 139 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.11.5.53

🇲🇦 196.92.7.246

🇧🇬 79.124.40.110

🇺🇸 23.234.92.202

🇺🇸 23.234.92.77

🇷🇴 194.68.44.217

🇪🇸 83.61.163.223

🇧🇬 79.124.62.126

🇵🇰 58.181.100.184

🇧🇷 45.205.1.76

🇧🇪 35.205.114.199

🇺🇸 23.234.92.155

🇺🇸 23.234.92.147

🇧🇪 198.235.24.144

🇺🇸 156.154.125.65

🇩🇪 139.162.155.161

🇭🇰 116.48.150.115

🇧🇬 79.124.59.78

🇸🇬 47.237.205.127

🇺🇸 23.234.91.98