JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.161.131.180

5.161.131.180 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 100%: ?

100%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213230
Hostname(s)	static.180.131.161.5.clients.your-server.de
Domain Name	hetzner.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.161.131.180

Whois 5.161.131.180

IP Abuse Reports for 5.161.131.180:

This IP address has been reported a total of 33 times from 32 distinct sources. 5.161.131.180 was first reported on June 11th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 JCB	2026-06-12 12:46:00 (7 hours ago)	5.161.131.180 - - [12/Jun/2026:02:26:09 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh H ... show more 5.161.131.180 - - [12/Jun/2026:02:26:09 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP/1.1" 400 266 "-" "libredtail-http" ... show less	Web App Attack Hacking
🇺🇸 gu-alvareza	2026-06-12 07:05:27 (12 hours ago)	Apache.HTTP.Server.cgi-bin.Path.Traversal	Web App Attack Hacking
🇩🇪 ranklord	2026-06-12 04:17:00 (15 hours ago)	2026-06-12T04:13:59.590228+00:00 uman sshd[1954963]: Invalid user admin from 5.161.131.180 port 4792 ... show more 2026-06-12T04:13:59.590228+00:00 uman sshd[1954963]: Invalid user admin from 5.161.131.180 port 47920 2026-06-12T04:14:44.427573+00:00 uman sshd[1955149]: Invalid user orangepi from 5.161.131.180 port 58716 2026-06-12T04:15:29.201180+00:00 uman sshd[1955334]: User root from 5.161.131.180 not allowed because not listed in AllowUsers 2026-06-12T04:16:14.359254+00:00 uman sshd[1955520]: User root from 5.161.131.180 not allowed because not listed in AllowUsers 2026-06-12T04:17:00.220453+00:00 uman sshd[1955701]: User root from 5.161.131.180 not allowed because not listed in AllowUsers ... show less	Brute-Force SSH
🇨🇱 SentinalX by uzumaru	2026-06-12 04:00:34 (15 hours ago)	SSH brute-force detected: 49 failed login attempts in the last 1 hour.	Brute-Force SSH
🇺🇸 clair	2026-06-12 03:52:21 (16 hours ago)	2026-06-11T23:46:32.297887-04:00 clair-mc sshd-session[48792]: Invalid user admin from 5.161.131.180 ... show more 2026-06-11T23:46:32.297887-04:00 clair-mc sshd-session[48792]: Invalid user admin from 5.161.131.180 port 46364 2026-06-11T23:47:14.687721-04:00 clair-mc sshd-session[48801]: Invalid user orangepi from 5.161.131.180 port 54460 2026-06-11T23:52:21.074969-04:00 clair-mc sshd-session[48846]: Invalid user test from 5.161.131.180 port 60680 ... show less	Brute-Force SSH
🇧🇷 SOC Blue Team	2026-06-12 03:26:05 (16 hours ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇳🇴 jad@	2026-06-12 03:24:25 (16 hours ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: cgi_probe. O ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: cgi_probe. Observed by 1 sensor(s); 1 hits. show less	Hacking Web App Attack
🇩🇪 centurion	2026-06-12 03:10:38 (16 hours ago)	Blocked by UFW on ns02 [443/tcp] Source port: 45150 TTL: 53 Packet length: 40 TOS: 0x00 This report ... show more Blocked by UFW on ns02 [443/tcp] Source port: 45150 TTL: 53 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇹🇭 Sawasdee	2026-06-12 02:42:08 (17 hours ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇳🇿 Antinson	2026-06-12 02:37:22 (17 hours ago)	High error rate and elevated request volume targeting cPanel servers	Bad Web Bot
🇺🇸 4ensic	2026-06-12 02:34:52 (17 hours ago)	Jun 11 21:33:31 racknerd-a34c87 sshd[845212]: pam_unix(sshd:auth): authentication failure; logname= ... show more Jun 11 21:33:31 racknerd-a34c87 sshd[845212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.131.180 Jun 11 21:33:33 racknerd-a34c87 sshd[845212]: Failed password for invalid user orangepi from 5.161.131.180 port 38118 ssh2 Jun 11 21:34:10 racknerd-a34c87 sshd[845229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.131.180 user=root Jun 11 21:34:12 racknerd-a34c87 sshd[845229]: Failed password for root from 5.161.131.180 port 46854 ssh2 Jun 11 21:34:49 racknerd-a34c87 sshd[845238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.131.180 user=root Jun 11 21:34:51 racknerd-a34c87 sshd[845238]: Failed password for root from 5.161.131.180 port 33570 ssh2 ... show less	Brute-Force SSH
🇹🇼 kk_it_man	2026-06-12 02:23:03 (17 hours ago)	ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP ... show more ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt ET WEB_SERVER Generic PHP Remote File Include ET WEB_SERVER PHP tags in HTTP POST ET WEB_SERVER PHP.//Input in HTTP POST ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body ET WEB_SERVER allow_url_include PHP config option in uri ET WEB_SERVER auto_prepend_file PHP config option in uri ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) GPL WEB_SERVER 403 Forbidden show less	Port Scan
🇺🇸 bigscoots.com	2026-06-12 01:34:15 (18 hours ago)	(sshd) Failed SSH login from 5.161.131.180 (US/United States/static.180.131.161.5.clients.your-serve ... show more (sshd) Failed SSH login from 5.161.131.180 (US/United States/static.180.131.161.5.clients.your-server.de): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 11 20:32:48 14048 sshd[14509]: Invalid user admin from 5.161.131.180 port 35764 Jun 11 20:32:50 14048 sshd[14509]: Failed password for invalid user admin from 5.161.131.180 port 35764 ssh2 Jun 11 20:33:23 14048 sshd[14959]: Invalid user orangepi from 5.161.131.180 port 49974 Jun 11 20:33:25 14048 sshd[14959]: Failed password for invalid user orangepi from 5.161.131.180 port 49974 ssh2 Jun 11 20:33:58 14048 sshd[14998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.131.180 user=root show less	Brute-Force SSH
🇫🇷 John Doe	2026-06-12 01:23:57 (18 hours ago)	$f2bV_matches	Brute-Force SSH
🇩🇪 formality	2026-06-12 01:18:02 (18 hours ago)	Invalid user ftpuser from 5.161.131.180 port 56492	Brute-Force SSH

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 200.163.48.111

🇺🇸 193.34.72.228

🇺🇸 193.34.72.216

🇺🇸 193.34.72.45

🇧🇩 123.49.38.114

🇨🇳 120.48.175.122

🇮🇳 103.91.246.101

🇫🇷 54.37.229.48

🇲🇾 47.250.93.74

🇨🇳 223.89.215.7

🇨🇳 223.85.251.55

🇺🇸 194.195.208.25

🇺🇸 193.34.72.174

🇺🇸 193.34.72.159

🇺🇸 193.33.237.50

🇺🇸 193.33.237.40

🇧🇷 189.108.23.194

🇨🇳 182.123.209.245

🇫🇮 147.185.133.52

🇫🇮 147.185.133.44