JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.54.165.85

159.54.165.85 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 85%: ?

85%

ISP	Oracle Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracle.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.54.165.85

Whois 159.54.165.85

IP Abuse Reports for 159.54.165.85:

This IP address has been reported a total of 44 times from 34 distinct sources. 159.54.165.85 was first reported on April 5th 2026, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 polarolouis	2026-06-14 17:53:09 (22 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-open-proxy	Web App Attack Open Proxy
🇫🇷 pm33	2026-06-13 12:58:54 (2 days ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack
🇫🇷 TheHoneyPotter	2026-06-13 09:15:01 (2 days ago)	Honeypot [fc-honeypot]: Unauthorized traffic (3 bytes of payload); 3128 [6] TCP Reported by: https:/ ... show more Honeypot [fc-honeypot]: Unauthorized traffic (3 bytes of payload); 3128 [6] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇮🇪 RoboSOC	2026-06-12 22:02:11 (2 days ago)	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	Port Scan
🇺🇸 TPI-Abuse	2026-06-09 04:47:45 (6 days ago)	(mod_security) mod_security (id:217210) triggered by 159.54.165.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217210) triggered by 159.54.165.85 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 00:47:41.629671 2026] [security2:error] [pid 25661:tid 25661] [client 159.54.165.85:48838] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.baidu.com:443\|F\|4"] [data "CONNECT www.baidu.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.baidu.com"] [uri "/"] [unique_id "aiea7f0pGZIcbrSSrPl3BAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 EGP Abuse Dept	2026-06-08 10:42:03 (1 week ago)	Unsolicited connection to port 1080	Port Scan Hacking
🇮🇪 RoboSOC	2026-06-08 01:39:08 (1 week ago)	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	Port Scan
🇩🇪 andrepcg	2026-06-06 04:36:13 (1 week ago)	Port scanning (159.54.165.85 -> :1080)	Port Scan Brute-Force
🇹🇷 Threat.live	2026-06-04 22:55:03 (1 week ago)	Suspicious Connection Attempts	Brute-Force
🇫🇷 zulzeen	2026-06-04 10:23:55 (1 week ago)	[distribamap-0] Blocked by SysWarden Firewall [BLOCK] (Open Proxy Probe)	Open Proxy Hacking
🇫🇷 Coco Bongo	2026-06-04 06:57:32 (1 week ago)	1780556250 - 06/04/2026 08:57:30 Host: 159.54.165.85/159.54.165.85 Port: 1080 TCP Blocked ...	Port Scan
🇺🇸 SentinalX by uzumaru	2026-06-03 07:02:08 (1 week ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.baidu.com:443 show less	Open Proxy Port Scan
Anonymous	2026-05-31 15:53:37 (2 weeks ago)	Suspicious activity detected by CrowdSec (reason: crowdsecurity/http-open-proxy)	Web App Attack
🇺🇸 Cyber Crusader	2026-05-31 07:08:00 (2 weeks ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
🇦🇹 DonPedro	2026-05-28 05:56:50 (2 weeks ago)	Connection attempts using mod_proxy	Open Proxy

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.150

🇩🇪 104.28.159.2

🇫🇮 81.27.98.217

🇧🇬 79.124.59.78

🇳🇬 62.173.38.229

🇮🇩 34.50.127.205

🇹🇼 212.115.54.84

🇺🇸 208.84.102.213

🇭🇰 199.45.154.143

🇸🇬 172.217.97.17

🇺🇸 104.168.99.198

🇸🇬 103.250.11.116

🇵🇱 83.168.95.29

🇺🇸 66.132.195.23

🇳🇱 45.148.10.151

🇳🇱 45.148.10.141

🇮🇩 27.112.79.9

🇺🇸 18.190.15.50

🇺🇸 3.136.156.209

🇺🇸 2604:a880:400:d1:0:4:961d:d001