JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 66.132.172.205

66.132.172.205 was found in our database!

This IP was reported 1,867 times. Confidence of Abuse is 100%: ?

100%

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Hostname(s)	205.172.132.66.censys-scanner.com
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 66.132.172.205

Whois 66.132.172.205

IP Abuse Reports for 66.132.172.205:

This IP address has been reported a total of 1,867 times from 437 distinct sources. 66.132.172.205 was first reported on March 19th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 Kinsei Engineering Inc.	2026-06-01 06:24:30 (3 days ago)	UFW:High-frequency access to unused ports	Port Scan
🇩🇪 Justin F. \| AS204464	2026-06-01 04:52:31 (3 days ago)	Honeypot [nx-infrastructure]: Empty payload (likely service probe); 61194 [1] TCP Reported by: Justi ... show more Honeypot [nx-infrastructure]: Empty payload (likely service probe); 61194 [1] TCP Reported by: Justin F. show less	Port Scan
🇺🇸 Bankbook8585	2026-06-01 03:32:26 (3 days ago)	T-Pot honeypot \| Dionaea honeypot: mqttd	Port Scan Hacking
🇧🇬 MazenHost	2026-06-01 02:35:25 (3 days ago)	1780281324 - 06/01/2026 05:35:24 Host: 66.132.172.205/66.132.172.205 Port: 6667 TCP Blocked ...	Port Scan
🇩🇪 Luhte	2026-06-01 02:32:23 (3 days ago)	Unsolicited TCP connection from 66.132.172.205 to port 0 at 2026-06-01T02:32:23Z. Source IP complete ... show more Unsolicited TCP connection from 66.132.172.205 to port 0 at 2026-06-01T02:32:23Z. Source IP completed three-way handshake to non-public service on this host. Detected by automated intrusion monitoring. show less	Port Scan Hacking
🇩🇪 Axel	2026-06-01 01:38:03 (3 days ago)	[2026-06-01 01:38:03 UTC] Honeypot Flask connection attempt \| AXFRA HONEYPOT	Web App Attack
🇹🇷 SeczarSecureOps	2026-06-01 00:46:31 (3 days ago)	Seczar SecureOps — Port Scan Detection (45 events) — quarantined 43200m on fgdcapi	Port Scan
🇩🇪 dispaisyenterprises	2026-05-31 23:21:46 (3 days ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 4948 [1] TCP Reported by DisPaisy ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 4948 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇦🇺 LiftUp Hosting	2026-05-31 22:03:54 (3 days ago)	Honeypot hit: Empty payload (likely service probe); 13689 [1] TCP	Port Scan
🇺🇸 itsnixk	2026-05-31 20:56:41 (3 days ago)	(mod_security) mod_security (id:920350) triggered by 66.132.172.205 (US/United States/205.172.132.66 ... show more (mod_security) mod_security (id:920350) triggered by 66.132.172.205 (US/United States/205.172.132.66.censys-scanner.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun May 31 16:56:38.661275 2026] [security2:error] [pid 1179702:tid 1179841] [client 66.132.172.205:41648] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "ahyghulBJnom9m9w_SXqLQAAADg"] show less	Port Scan
🇩🇪 Thomas Barth	2026-05-31 20:32:19 (3 days ago)	2026-05-31T22:32:18.514284+02:00 server sshd-session[15258]: Connection closed by 66.132.172.205 por ... show more 2026-05-31T22:32:18.514284+02:00 server sshd-session[15258]: Connection closed by 66.132.172.205 port 23970 [preauth] ... show less	Brute-Force SSH
🇳🇿 realstuffie	2026-05-31 17:26:12 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇩🇪 acadeova	2026-05-31 17:22:15 (3 days ago)	🚨 Recon detected (nft drop) SRC=66.132.172.205 Observed=TCP dpt=22 in=enp0s6 ttl=54 Time=recent(jour ... show more 🚨 Recon detected (nft drop) SRC=66.132.172.205 Observed=TCP dpt=22 in=enp0s6 ttl=54 Time=recent(journalctl: 10 minutes ago) Assessment=SSH recon (PORT_SCAN+SSH) — treat as brute-force ONLY if repeated SSH auth failures occur show less	Port Scan
🇩🇪 kreativstrecke	2026-05-31 16:42:00 (3 days ago)	2026-05-31T18:41:54.771130+02:00 mailtwo postfix/smtps/smtpd[317811]: lost connection after EHLO fro ... show more 2026-05-31T18:41:54.771130+02:00 mailtwo postfix/smtps/smtpd[317811]: lost connection after EHLO from 205.172.132.66.censys-scanner.com[66.132.172.205] 2026-05-31T18:41:57.036845+02:00 mailtwo postfix/smtps/smtpd[317811]: lost connection after CONNECT from 205.172.132.66.censys-scanner.com[66.132.172.205] 2026-05-31T18:42:00.144184+02:00 mailtwo postfix/smtps/smtpd[317811]: lost connection after CONNECT from 205.172.132.66.censys-scanner.com[66.132.172.205] ... show less	Brute-Force
🇪🇸 whatda	2026-05-31 16:01:36 (3 days ago)	Honeypot RaspiNAS: ssh attack (1 events/h). Automated report.	SSH

Showing 61 to 75 of 1867 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 81.19.216.74

🇻🇳 42.115.213.239

🇨🇳 221.226.154.12

🇯🇵 203.25.124.119

🇪🇹 196.191.82.147

🇨🇳 183.23.61.27

🇫🇮 147.185.133.141

🇹🇷 95.0.100.48

🇺🇸 91.230.168.85

🇳🇱 62.164.177.41

🇺🇸 2600:3c02::2000:31ff:fe05:5137

🇨🇳 223.89.239.149

🇪🇸 212.30.33.208

🇰🇷 211.253.37.225

🇺🇸 192.169.180.166

🇺🇸 162.241.129.246

🇺🇸 162.216.149.142

🇺🇸 162.216.149.103

🇭🇰 152.32.168.34

🇩🇪 134.122.95.87