JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 66.132.195.31

66.132.195.31 was found in our database!

This IP was reported 1,567 times. Confidence of Abuse is 100%: ?

100%

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Hostname(s)	31.195.132.66.censys-scanner.com
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 66.132.195.31

Whois 66.132.195.31

IP Abuse Reports for 66.132.195.31:

This IP address has been reported a total of 1,567 times from 371 distinct sources. 66.132.195.31 was first reported on March 22nd 2026, and the most recent report was 14 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇭 Sawasdee	2026-04-04 04:22:34 (2 months ago)	Port Scan ...	Port Scan
🇺🇸 donarev419	2026-04-04 01:53:40 (2 months ago)	Port scan detected on port 1198 (connection without data transfer)	Port Scan
🇬🇧 gbzret4d	2026-04-04 01:22:04 (2 months ago)	Honeypot [uk-production01]: Empty payload (likely service probe); 3128 [1] TCP	Port Scan
🇨🇦 Slackin' Jack	2026-04-03 22:11:03 (2 months ago)	Triggered honeypot on port 587. (66.132.195.31)	Port Scan
🇫🇷 arteagasoft	2026-04-03 21:32:52 (2 months ago)	2026-04-03T15:32:44.033736-06:00 7676cec1ce53 dovecot: imap-login: Login aborted: Connection closed ... show more 2026-04-03T15:32:44.033736-06:00 7676cec1ce53 dovecot: imap-login: Login aborted: Connection closed (no auth attempts in 2 secs) (no_auth_attempts): user=<>, rip=66.132.195.31, lip=192.168.30.250, TLS: Connection closed, session=<DOSgDpVOVp1ChMMf> 2026-04-03T15:32:50.227751-06:00 7676cec1ce53 dovecot: imap-login: Login aborted: Too many invalid commands (no auth attempts in 1 secs) (no_auth_attempts): user=<>, rip=66.132.195.31, lip=192.168.30.250, session=<iaEND5VOvKRChMMf> 2026-04-03T15:32:51.863864-06:00 7676cec1ce53 dovecot: imap-login: Login aborted: Too many invalid commands (no auth attempts in 0 secs) (no_auth_attempts): user=<>, rip=66.132.195.31, lip=192.168.30.250, session=<6wEqD5VO1qRChMMf> ... show less	Brute-Force
🇩🇪 ISPLtd	2026-04-03 19:48:09 (2 months ago)	Apr 3 16:48:01 66.132.195.31 TCP SPT=4550 DPT=8080 SYN Apr 3 16:48:02 66.132.195.31 TCP SPT=4550 D ... show more Apr 3 16:48:01 66.132.195.31 TCP SPT=4550 DPT=8080 SYN Apr 3 16:48:02 66.132.195.31 TCP SPT=4550 DPT=8080 SYN Apr 3 16:48:09 66.132.195.31 TCP SPT=53778 DPT=8080 ... show less	Port Scan
🇺🇸 chronos	2026-04-03 18:40:41 (2 months ago)	[AUTORAVALT][[03/04/2026 - 15:40:41 -03:00 UTC] Attack from [Censys, Inc.] [66.132.195.31][31.195.13 ... show more [AUTORAVALT][[03/04/2026 - 15:40:41 -03:00 UTC] Attack from [Censys, Inc.] [66.132.195.31][31.195.132.66.censys-scanner.com] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-For] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇫🇷 starhelix	2026-04-03 18:36:05 (2 months ago)	SSH login on honeypot.	Brute-Force SSH
🇩🇪 guldkage	2026-04-03 18:10:22 (2 months ago)	Unauthorized connection attempt detected from IP address 66.132.195.31 to port 22 (ger-02) [SSH]	Exploited Host
🇯🇵 mkaraki	2026-04-03 17:36:56 (2 months ago)	1775237813 # Service_probe # SIGNATURE_SEND # source_ip:66.132.195.31 # dst_port:64734 ...	Port Scan
🇬🇧 Andrew	2026-04-03 17:21:30 (2 months ago)	Blocked by UFW (TCP on port 8443). Source port: 10782 TTL: 57 Packet length: 60 TOS: 0x00 This repo ... show more Blocked by UFW (TCP on port 8443). Source port: 10782 TTL: 57 Packet length: 60 TOS: 0x00 This report (for 66.132.195.31) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 cazae	2026-04-03 16:47:44 (2 months ago)	Unauthorized attempt on debian [123/tcp] Source port: 31906 TTL: 50 Packet length: 60 TOS: 0x08 htt ... show more Unauthorized attempt on debian [123/tcp] Source port: 31906 TTL: 50 Packet length: 60 TOS: 0x08 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇷 Petre 21_ip	2026-04-03 16:43:49 (2 months ago)	2026-04-03T18:43:48.977978+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c ... show more 2026-04-03T18:43:48.977978+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c0:69:11:b3:85:db:08:00 SRC=66.132.195.31 DST=155.133.26.57 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=45565 DF PROTO=TCP SPT=47288 DPT=8081 WINDOW=21900 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇦🇺 2000cn.com.au	2026-04-03 16:28:43 (2 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇩🇪 dispaisyenterprises	2026-04-03 12:57:42 (2 months ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 61381 [1] TCP Reported by DisPaisy ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 61381 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan

Showing 1306 to 1320 of 1567 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 167.172.138.147

🇨🇳 116.129.255.173

🇲🇲 103.59.163.135

🇷🇴 2.57.121.112

🇰🇷 220.125.120.231

🇺🇸 216.25.89.73

🇮🇳 122.187.227.242

🇮🇩 69.5.7.218

🇺🇸 67.23.166.166

🇳🇱 45.148.10.152

🇳🇱 45.148.10.147

🇷🇴 2.57.122.177

🇺🇸 199.195.253.156

🇺🇸 143.110.153.4

🇳🇱 89.21.67.154

🇱🇹 81.30.98.44

🇵🇱 57.128.225.99

🇹🇭 45.194.70.254

🇬🇧 45.137.126.6

🇬🇧 35.203.210.9