JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.89.207.20

159.89.207.20 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 88%: ?

88%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.89.207.20

Whois 159.89.207.20

IP Abuse Reports for 159.89.207.20:

This IP address has been reported a total of 37 times from 17 distinct sources. 159.89.207.20 was first reported on June 21st 2026, and the most recent report was 19 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ruusvuu	2026-06-27 21:58:31 (19 minutes ago)	Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-i ... show more Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-includes/wlwmanifest.xml, //xmlrpc.php, //blog/wp-includes/wlwmanifest.xml, //web/wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml. Sample log lines: [rulesandprompts] 06/27/2026, 14:58:29 MST \| 159.89.207.20 \| GET //site/wp-includes/wlwmanifest.xml 404 172b 0.547 ms \| ref=- [rulesandprompts] 06/27/2026, 14:58:29 MST \| 159.89.207.20 \| GET //cms/wp-includes/wlwmanifest.xml 404 171b 0.752 ms \| ref=- [rulesandprompts] 06/27/2026, 14:58:29 MST \| 159.89.207.20 \| GET //sito/wp-includes/wlwmanifest.xml 404 172b 0.718 ms \| ref=- Detected by an automated web-server log monitor. show less	Web App Attack
🇱🇹 Evag Touf	2026-06-27 07:42:36 (14 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 159.89.207.20 (SG/Singapore/-)	SQL Injection
🇺🇸 ruusvuu	2026-06-27 07:14:42 (15 hours ago)	Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-i ... show more Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-includes/wlwmanifest.xml, //xmlrpc.php, //blog/wp-includes/wlwmanifest.xml, //web/wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml. Sample log lines: [rulesandprompts] 06/27/2026, 24:14:41 MST \| 159.89.207.20 \| GET //wp2/wp-includes/wlwmanifest.xml 404 171b 0.549 ms \| ref=- [rulesandprompts] 06/27/2026, 24:14:41 MST \| 159.89.207.20 \| GET //site/wp-includes/wlwmanifest.xml 404 172b 0.551 ms \| ref=- [rulesandprompts] 06/27/2026, 24:14:41 MST \| 159.89.207.20 \| GET //cms/wp-includes/wlwmanifest.xml 404 171b 0.614 ms \| ref=- Detected by an automated web-server log monitor. show less	Web App Attack
🇩🇪 LRob.fr	2026-06-27 03:30:11 (18 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-27 02:01:57 (20 hours ago)	159.89.207.20 - - [27/Jun/2026:04:01:52 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 " ... show more 159.89.207.20 - - [27/Jun/2026:04:01:52 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [27/Jun/2026:04:01:55 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [27/Jun/2026:04:01:55 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [27/Jun/2026:04:01:56 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [27/Jun/2026:04:01:57 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1 ... show less	Brute-Force Web App Attack
🇺🇸 ruusvuu	2026-06-26 20:39:54 (1 day ago)	Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-i ... show more Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / SG. Targeted paths: //wp-includes/wlwmanifest.xml, //xmlrpc.php, //blog/wp-includes/wlwmanifest.xml, //web/wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml. Sample log lines: [rulesandprompts] 06/26/2026, 13:39:52 MST \| 159.89.207.20 \| GET //site/wp-includes/wlwmanifest.xml 404 172b 0.741 ms \| ref=- [rulesandprompts] 06/26/2026, 13:39:52 MST \| 159.89.207.20 \| GET //cms/wp-includes/wlwmanifest.xml 404 171b 1.397 ms \| ref=- [rulesandprompts] 06/26/2026, 13:39:53 MST \| 159.89.207.20 \| GET //sito/wp-includes/wlwmanifest.xml 404 172b 0.666 ms \| ref=- Detected by an automated web-server log monitor. show less	Web App Attack
🇺🇸 Victor López	2026-06-26 01:14:11 (1 day ago)	jc-alvarez.com 159.89.207.20 - - [25/Jun/2026:20:14:08 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 200 32 ... show more jc-alvarez.com 159.89.207.20 - - [25/Jun/2026:20:14:08 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 200 3205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" jc-alvarez.com 159.89.207.20 - - [25/Jun/2026:20:14:10 -0500] "POST //xmlrpc.php HTTP/1.1" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" jc-alvarez.com 159.89.207.20 - - [25/Jun/2026:20:14:11 -0500] "POST //xmlrpc.php HTTP/1.1" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ... show less	Hacking Web App Attack
Anonymous	2026-06-25 22:55:44 (1 day ago)	159.89.207.20 - - [26/Jun/2026:00:55:40 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 2586 ... show more 159.89.207.20 - - [26/Jun/2026:00:55:40 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 2586 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [26/Jun/2026:00:55:42 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2596 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [26/Jun/2026:00:55:42 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2594 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [26/Jun/2026:00:55:43 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2606 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [26/Jun/2026:00:55:43 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP ... show less	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-06-25 21:35:40 (2 days ago)	1.863 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇳🇱 ParaBug	2026-06-25 13:33:58 (2 days ago)	159.89.207.20 - - [25/Jun/2026:15:33:57 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 405 ... show more 159.89.207.20 - - [25/Jun/2026:15:33:57 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 405 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ... show less	Phishing Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-25 09:00:13 (2 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇪🇸 pipeline.es	2026-06-25 04:51:44 (2 days ago)	Web scanning / probing for vulnerable paths \| URL: //wp2/wp-includes/wlwmanifest.xml \| Evidence: min ... show more Web scanning / probing for vulnerable paths \| URL: //wp2/wp-includes/wlwmanifest.xml \| Evidence: minhaviagemraiodesol.com 159.89.207.20 - - [25/Jun/2026:06:50:28 +0200] \"GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.1\" 404 18586 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\" GEOIP_COUNTRY_CODE=SG \| ASN: DIGITALOCEAN-ASN \| Country: SG show less	Port Scan Web App Attack
🇺🇸 n2nguyenn2nguyen	2026-06-24 20:00:19 (3 days ago)	Blocked by YFC Security on https://parcl9.com — type: xmlrpc_attempts	Brute-Force Web App Attack
Anonymous	2026-06-24 19:22:59 (3 days ago)	159.89.207.20 - - [24/Jun/2026:21:22:53 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 " ... show more 159.89.207.20 - - [24/Jun/2026:21:22:53 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [24/Jun/2026:21:22:56 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [24/Jun/2026:21:22:57 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [24/Jun/2026:21:22:58 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 159.89.207.20 - - [24/Jun/2026:21:22:58 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1 ... show less	Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-06-24 09:31:32 (3 days ago)	(y3) Failed access -byebye- from 159.89.207.20 (SG/Singapore/-): (CF_ENABLE)	Hacking

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.84

🇳🇱 78.142.18.40

🇮🇩 36.69.159.149

🇩🇪 2.213.109.152

🇮🇳 209.38.121.186

🇳🇱 204.76.203.219

🇲🇽 201.149.53.243

🇧🇪 198.235.24.219

🇨🇳 125.124.42.183

🇨🇳 58.34.42.158

🇳🇱 45.148.10.141

🇮🇩 36.68.186.7

🇺🇸 191.102.159.178

🇩🇪 69.5.169.152

🇳🇱 45.144.212.243

🇮🇳 182.64.3.134

🇨🇳 180.76.172.156

🇺🇸 152.32.148.140

🇬🇧 86.170.37.58

🇩🇪 84.233.216.173