JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.65.254.161

185.65.254.161 was found in our database!

This IP was reported 98 times. Confidence of Abuse is 38%: ?

38%

ISP	IZONE TELECOM -IQ
Usage Type	Fixed Line ISP
ASN	AS201668
Domain Name	Unknown
Country	🇮🇶 Iraq
City	Baghdad, Baghdad

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.65.254.161

Whois 185.65.254.161

IP Abuse Reports for 185.65.254.161:

This IP address has been reported a total of 98 times from 58 distinct sources. 185.65.254.161 was first reported on May 12th 2024, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇴 Fn4ticHz	2026-05-29 02:46:48 (6 days ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇬🇧 gbzret4d	2026-05-20 19:50:37 (2 weeks ago)	Honeypot [uk-production01]: SMB traffic on port 445	Hacking
🇵🇱 mkey	2026-05-20 16:50:03 (2 weeks ago)	Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT \| PORTS ... show more Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT \| PORTS=445 \| HITS=2 \| IPSET=ADD \| FIRST=2026-05-20 18:46:53 \| LAST=2026-05-20 18:46:53. Last seen 2026-05-20 18:46:53. show less	Port Scan
🇷🇴 abuse_IP_reporter	2026-05-18 23:45:06 (2 weeks ago)	May 19 02:27:32 server UFW BLOCK SRC=185.65.254.161 DF PROTO=TCP SPT=50576	Port Scan
🇸🇰 GOVCERT	2026-05-17 00:05:37 (2 weeks ago)	Excessive Firewall Denies	DDoS Attack Web Spam
🇨🇭 Elysium Security	2026-05-16 07:40:45 (2 weeks ago)	Mass port scanning on a whole network	Port Scan
🇷🇴 Fn4ticHz	2026-05-09 14:01:48 (3 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇪🇸 el-brujo	2026-05-04 02:39:22 (1 month ago)	Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (X11; Linu ... show more Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Action: block Source: l7ddos ASN Description: Sama Madeniti for Communication & Internet Ltd. Country: IQ Method: GET Timestamp: 2026-05-04T02:39:22Z ruleId: 9bc0d8e988e545dea9bd4843c4bef55c. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇹🇷 rtbh.com.tr	2026-04-06 20:12:22 (1 month ago)	list.rtbh.com.tr report: tcp/1433, tcp/445	Brute-Force
🇩🇪 iNetWorker	2026-04-05 19:30:53 (1 month ago)	firewall-block, port(s): 135/tcp	Port Scan
🇹🇷 Threat.live	2026-04-05 16:15:26 (1 month ago)	Suspicious activity, tcp/445	Port Scan
🇩🇪 iNetWorker	2026-04-05 12:40:49 (1 month ago)	firewall-block, port(s): 445/tcp	Port Scan
🇺🇸 quilla	2026-03-30 20:13:00 (2 months ago)	Botnet infected device observed in honeypot (Vector: TCP HANDSHAKE ATTACK)	DDoS Attack
🇹🇷 rtbh.com.tr	2026-03-27 00:12:16 (2 months ago)	list.rtbh.com.tr report: tcp/1433, tcp/445	Brute-Force
🇹🇷 Threat.live	2026-03-26 23:05:09 (2 months ago)	Suspicious activity, tcp/1433	Port Scan

Showing 1 to 15 of 98 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 129.226.213.238

🇨🇳 117.62.22.127

🇨🇦 85.217.149.58

🇲🇾 49.124.153.64

🇸🇬 47.237.180.157

🇺🇸 34.181.220.92

🇨🇳 14.29.181.34

🇺🇸 195.184.76.78

🇩🇪 194.88.98.108

🇲🇽 189.206.189.150

🇺🇸 170.106.179.118

🇳🇱 103.176.90.41

🇺🇸 66.132.186.134

🇺🇸 65.49.1.21

🇲🇾 49.124.152.32

🇩🇿 41.111.178.165

🇧🇪 34.14.74.219

🇪🇸 212.231.190.106

🇭🇰 199.45.155.108

🇺🇸 195.184.76.140