JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.223.56.221

159.223.56.221 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 23%: ?

23%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.223.56.221

Whois 159.223.56.221

IP Abuse Reports for 159.223.56.221:

This IP address has been reported a total of 17 times from 14 distinct sources. 159.223.56.221 was first reported on January 17th 2023, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-13 11:24:14 (4 hours ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ghebconsulting.co.za:443:443 show less	Open Proxy Port Scan
🇺🇸 xmission.com	2026-06-13 03:13:19 (12 hours ago)	Blocked by UFW (TCP on 8118) Source port: 49690 TTL: 47 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 8118) Source port: 49690 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 159.223.56.221) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇯🇵 SentinalX by uzumaru	2026-06-13 00:29:31 (15 hours ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: nantmormountaincentre.co.uk:443:443 show less	Open Proxy Port Scan
🇺🇸 mnsf	2023-01-18 19:07:16 (3 years ago)	Xmlrpc Caught (12) Too many Status 40X (21) Scanning/Probing (18)	Brute-Force Web App Attack
🇱🇹 EIC	2023-01-18 15:51:36 (3 years ago)	(wordpress) Failed wordpress login from 159.223.56.221 (SG/Singapore/-): (CF_ENABLE)	Brute-Force
🇬🇧 BRHosting	2023-01-18 14:33:02 (3 years ago)	Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)	Brute-Force Web App Attack
🇮🇱 Dolphi	2023-01-18 09:50:03 (3 years ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2023-01-18 08:28:06 (3 years ago)	Abusive use detected	Brute-Force
🇩🇪 ps-center	2023-01-18 06:09:55 (3 years ago)	C1: Web Attack GET /harry-potter/wp-includes/wlwmanifest.xml	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TTWebhosting	2023-01-18 04:19:59 (3 years ago)	(mod_security) mod_security (id:225170) triggered by 159.223.56.221 (SG/Singapore/-/-/-): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 159.223.56.221 (SG/Singapore/-/-/-): 1 in the last 3600 secs show less	Port Scan Hacking Brute-Force
🇧🇷 AC - Team	2023-01-17 22:29:19 (3 years ago)	159.223.56.221 - - [17/Jan/2023:19:29:18 -0300] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 403 433 ... show more 159.223.56.221 - - [17/Jan/2023:19:29:18 -0300] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 403 433 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ... show less	Hacking Web App Attack
🇧🇷 AC - Team	2023-01-17 20:28:00 (3 years ago)	159.223.56.221 - - [17/Jan/2023:17:28:14 -0300] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 403 433 ... show more 159.223.56.221 - - [17/Jan/2023:17:28:14 -0300] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 403 433 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ... show less	Hacking Web App Attack
Anonymous	2023-01-17 20:25:51 (3 years ago)	(mod_security) mod_security triggered on hostname [redacted] 159.223.56.221 (SG/Singapore/-)	SQL Injection
🇺🇸 Major Hostility	2023-01-17 19:13:33 (3 years ago)	"GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /xmlrpc.php?rsd HTTP/1.1" 403 "GET /blog/wp-inc ... show more "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /xmlrpc.php?rsd HTTP/1.1" 403 "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /2018/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /test/wp-includes/wlwmanifest.xml HTTP/1.1" 404 "GET /media/wp-includes/wlwmanifest.xml HTTP/1.1" 404 show less	Web App Attack
🇺🇸 mnsf	2023-01-17 18:07:14 (3 years ago)	Xmlrpc Caught (7) Too many Status 40X (13) Scanning/Probing (12)	Brute-Force Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.226

🇹🇭 171.100.121.127

🇫🇷 163.172.143.147

🇦🇺 35.189.36.209

🇯🇵 34.84.76.9

🇨🇦 20.220.150.55

🇺🇸 18.223.29.229

🇵🇱 194.180.49.216

🇩🇪 193.36.85.91

🇻🇳 171.231.194.224

🇮🇳 125.23.203.138

🇮🇹 93.92.73.79

🇺🇸 66.132.195.123

🇬🇧 35.203.210.8

🇺🇸 18.118.26.166

🇰🇭 220.158.232.201

🇩🇪 213.209.159.56

🇻🇪 190.142.97.50

🇸🇬 188.166.246.68

🇧🇷 187.16.97.90