JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 66.132.172.191

66.132.172.191 was found in our database!

This IP was reported 2,084 times. Confidence of Abuse is 100%: ?

100%

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Hostname(s)	191.172.132.66.censys-scanner.com
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 66.132.172.191

Whois 66.132.172.191

IP Abuse Reports for 66.132.172.191:

This IP address has been reported a total of 2,084 times from 448 distinct sources. 66.132.172.191 was first reported on March 20th 2026, and the most recent report was 22 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 IP Analyzer	2026-06-02 00:30:52 (2 days ago)	Unauthorized connection attempt from IP address 66.132.172.191 on Port 25(SMTP)	Port Scan
🇺🇸 cwytech	2026-06-01 23:43:24 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/web-asn-lockdown-high.	Bad Web Bot Web App Attack
🇫🇮 GamesGames	2026-06-01 23:31:50 (2 days ago)	SSH login attempts	Brute-Force SSH
Anonymous	2026-06-01 23:17:13 (2 days ago)	[Tue Jun 02 00:48:56.440250 2026] [access_compat:error] [pid 797646:tid 797646] [client 66.132.172.1 ... show more [Tue Jun 02 00:48:56.440250 2026] [access_compat:error] [pid 797646:tid 797646] [client 66.132.172.191:29746] AH01797: client denied by server configuration: /var/www/html/wiki [Tue Jun 02 00:48:56.440250 2026] [access_compat:error] [pid 797646:tid 797646] [client 66.132.172.191:29746] AH01797: client denied by server configuration: /var/www/html/wiki ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-01 20:23:09 (2 days ago)	Shorewall log file match.	Port Scan
🇩🇪 anycast_ac	2026-06-01 20:10:54 (2 days ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: $ GET / HTTP/1.1 show less	DDoS Attack IoT Targeted Brute-Force
🇩🇪 anycast_ac	2026-06-01 19:53:02 (2 days ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/8080 (http). Commands captured: $ show less	DDoS Attack IoT Targeted Brute-Force
🇩🇪 dispaisyenterprises	2026-06-01 18:45:46 (2 days ago)	Honeypot [fra-de-honeypot]: Unauthorized traffic (59 bytes of payload); 4841 [2] TCP Reported by Dis ... show more Honeypot [fra-de-honeypot]: Unauthorized traffic (59 bytes of payload); 4841 [2] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇩🇪 shr4pnel	2026-06-01 17:41:13 (2 days ago)	SSH login attempts (endlessh): 2026-06-01T17:39:42.927Z ACCEPT host=::ffff:66.132.172.191 port=2812 ... show more SSH login attempts (endlessh): 2026-06-01T17:39:42.927Z ACCEPT host=::ffff:66.132.172.191 port=2812 fd=5 n=12/4096 show less	Brute-Force SSH
🇬🇧 gbzret4d	2026-06-01 17:39:53 (2 days ago)	Honeypot [uk-production01]: Empty payload (likely service probe); 26308 [1] TCP	Port Scan
🇩🇪 Ano_Nym	2026-06-01 16:50:18 (2 days ago)	CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/http-bad-user-agent	Web App Attack
🇺🇸 thororen	2026-06-01 16:43:59 (2 days ago)	Blocked by UFW [110/tcp] Source port: 36204 TTL: 57 Packet length: 60 TOS: 0x00 This report was gen ... show more Blocked by UFW [110/tcp] Source port: 36204 TTL: 57 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 Luhte	2026-06-01 16:21:04 (2 days ago)	Unsolicited TCP connection from 66.132.172.191 to port 0 at 2026-06-01T16:21:03Z. Source IP complete ... show more Unsolicited TCP connection from 66.132.172.191 to port 0 at 2026-06-01T16:21:03Z. Source IP completed three-way handshake to non-public service on this host. Detected by automated intrusion monitoring. show less	Port Scan Hacking
🇫🇷 Flo Flo	2026-06-01 15:28:48 (2 days ago)	66.132.172.191 - - - [01/Jun/2026:17:28:47 +0200] "82.66.117.16" "GET / HTTP/1.1" 444 0 "-" "Mozilla ... show more 66.132.172.191 - - - [01/Jun/2026:17:28:47 +0200] "82.66.117.16" "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 0.000 ... show less	Web App Attack
🇯🇵 mkaraki	2026-06-01 14:15:12 (2 days ago)	1780323311 # Service_probe # SIGNATURE_SEND # source_ip:66.132.172.191 # dst_port:5903 ...	Port Scan

Showing 46 to 60 of 2084 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 194.59.206.2

🇫🇷 188.209.129.151

🇵🇾 181.123.136.11

🇻🇳 180.93.3.33

🇩🇪 165.245.246.63

🇵🇪 161.132.38.234

🇭🇰 152.32.171.99

🇱🇹 141.98.9.227

🇳🇱 103.176.90.41

🇷🇴 92.118.39.236

🇺🇸 91.230.168.123

🇺🇸 66.132.195.124

🇮🇳 59.98.148.5

🇻🇳 42.116.14.91

🇨🇳 180.76.236.214

🇨🇳 180.76.231.110

🇨🇳 180.76.225.49

🇨🇳 180.76.183.253

🇨🇳 117.71.53.210

🇸🇪 81.170.248.221