JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.245.131.197

165.245.131.197 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Douglasville, Georgia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.245.131.197

Whois 165.245.131.197

IP Abuse Reports for 165.245.131.197:

This IP address has been reported a total of 21 times from 21 distinct sources. 165.245.131.197 was first reported on February 22nd 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇾 StatsMe	2026-03-02 22:40:16 (3 months ago)	2026-03-02T23:24:21.675562+0300 ET SCAN NMAP -sS window 1024	Port Scan
🇺🇸 psh-ack	2026-03-02 21:05:05 (3 months ago)	Credential stuffing attack utilizing weak hardcoded credentials across multiple service accounts. At ... show more Credential stuffing attack utilizing weak hardcoded credentials across multiple service accounts. Attacker deployed automated SSH clients (Go-based and paramiko) attempting 6 distinct username/password combinations within 48 seconds: mysql/123456789, oracle/test123, root/888888, support/1234, ubuntu (null password), user/user1. 12 total sessions established across varied credential pairs. Post-authentication reconnaissance executed via shell commands capturing system fingerprinting data: CPU architecture via uname, uptime via /proc/uptime parsing, CPU core count via nproc. PATH variable manipulation performed prior to recon commands, suggesting preparation for execution of additional payloads or privilege escalation attempts. No malware downloads, persistence mechanisms, or lateral movement observed during captured activity window. Attack pattern consistent with automated botnet reconnaissance scanning targeting database service accounts and default/weak credentials. Infrastructure likely participates in... show less	Brute-Force SSH
🇺🇸 heyzg	2026-03-02 20:46:16 (3 months ago)	SSH honeypot \| Privilege Escalation + Auth Attempts (Moderate) \| 4 auths (2 users), 20 cmds, 2.5m \| ... show more SSH honeypot \| Privilege Escalation + Auth Attempts (Moderate) \| 4 auths (2 users), 20 cmds, 2.5m \| python_framework \| tactics: remote file download, sudo spray \| URLs: hxxp://130[.]12[.]180[.]179/f/[.]b0s \| ext IPs: 130[.]12[.]180[.]179 show less	Hacking Exploited Host SSH
🇷🇴 abuse_IP_reporter	2026-03-02 20:45:09 (3 months ago)	Mar 2 22:25:12 server UFW BLOCK SRC=165.245.131.197 PROTO=TCP SPT=43007 DPT=22	Port Scan
🇩🇪 acadeova	2026-03-02 20:39:39 (3 months ago)	🚨 Recon detected (nft drop) SRC=165.245.131.197 Observed=TCP dpt=22 in=enp0s6 ttl=56 Time=recent(jou ... show more 🚨 Recon detected (nft drop) SRC=165.245.131.197 Observed=TCP dpt=22 in=enp0s6 ttl=56 Time=recent(journalctl: 10 minutes ago) Assessment=SSH recon (PORT_SCAN+SSH) — treat as brute-force ONLY if repeated SSH auth failures occur show less	Port Scan
🇺🇸 anon333	2026-03-02 20:34:05 (3 months ago)	Hacker syslog review 1772483645	Hacking
🇨🇦 Largnet SOC	2026-03-02 20:33:13 (3 months ago)	165.245.131.197 triggered Icarus honeypot on port 22. Check us out on github.	Port Scan Hacking
Anonymous	2026-03-02 20:28:47 (3 months ago)	Drop from IP address 165.245.131.197 to tcp-port 22	Port Scan
🇧🇾 sashan	2026-03-02 20:24:17 (3 months ago)	2026-03-02T23:24:17.087391+03:00 gate kernel: nftables: JAIL-SSH IN=wan OUT= MAC= SRC=165.245.131.19 ... show more 2026-03-02T23:24:17.087391+03:00 gate kernel: nftables: JAIL-SSH IN=wan OUT= MAC= SRC=165.245.131.197 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44851 PROTO=TCP SPT=43007 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇺🇸 xmission.com	2026-03-02 20:21:28 (3 months ago)	Blocked by UFW (TCP on 22) Source port: 42837 TTL: 242 Packet length: 40 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 22) Source port: 42837 TTL: 242 Packet length: 40 TOS: 0x08 This report (for 165.245.131.197) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan SSH Brute-Force
🇺🇸 technojoe99	2026-03-02 20:20:39 (3 months ago)	Attempted SSH connection from 165.245.131.197 port 42837 asn digitalocean; no valid users in that as ... show more Attempted SSH connection from 165.245.131.197 port 42837 asn digitalocean; no valid users in that asn show less	Port Scan SSH
🇨🇦 dpinse	2026-02-22 18:38:41 (3 months ago)	Honeypot [honeypot-ca-sensor1]: Brute-force attack detected on 22/SSH • Credentials: root:123456, ro ... show more Honeypot [honeypot-ca-sensor1]: Brute-force attack detected on 22/SSH • Credentials: root:123456, root:password • Number of login attempts: 2 • 4 command(s) were executed during the session • Client: SSH-2.0-Go show less	Brute-Force SSH Hacking
🇵🇱 lns.bz	2026-02-22 18:37:08 (3 months ago)	SSH bruteforce [BY]	SSH
🇫🇷 Jérôme Delacotte	2026-02-22 18:37:08 (3 months ago)	Feb 22 19:37:06 Akhenaton sshd[453138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 ... show more Feb 22 19:37:06 Akhenaton sshd[453138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.245.131.197 user=root Feb 22 19:37:07 Akhenaton sshd[453138]: Failed password for root from 165.245.131.197 port 39170 ssh2 ... show less	Brute-Force SSH
🇧🇷 Host One	2026-02-22 18:37:06 (3 months ago)	[SSH Attack] SSH-related attack. Ports: ; Direction: 1; Trigger: LF_TRIGGER; Message: (sshd) Failed ... show more [SSH Attack] SSH-related attack. Ports: ; Direction: 1; Trigger: LF_TRIGGER; Message: (sshd) Failed SSH login from 165.245.131.197 (-): 3 in the last 7200 secs; Logs: Feb 22 15:32:47 potedemel sshd[2677764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.245.131.197 user=root Feb 22 15:32:48 potedemel sshd[2677764]: Failed password for root from 165.245.131.197 port 46680 ssh2 Feb 22 15:33:40 potedemel sshd[2677775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.245.131.197 user=root show less	Brute-Force SSH

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 202.29.225.206

🇧🇷 177.74.188.179

🇭🇰 161.81.121.126

🇺🇸 132.196.92.64

🇺🇸 66.116.237.163

🇨🇦 3.96.137.112

🇳🇱 217.60.195.25

🇺🇸 209.251.16.179

🇿🇦 197.245.143.175

🇬🇧 193.163.125.139

🇻🇪 186.167.35.162

🇪🇨 186.68.221.243

🇨🇳 182.204.178.225

🇺🇸 162.216.150.237

🇩🇪 161.35.70.45

🇵🇰 153.117.9.64

🇮🇳 139.59.56.104

🇲🇲 136.228.161.66

🇻🇳 116.110.219.28

🇨🇳 115.190.3.212