IPMediumSignal 70/100

`66.132.153.118`

Location

United States

Miami, FL

ASN

AS398324

Censys, Inc

First Seen

Sep 12, 2025

Last Seen

May 26, 2026

Sep 12

First Seen

276d ago

May 26

Last Seen

20d ago

Reports

source reports

70%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

70%

Signal Score

70 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

78 techniques

Network Information

Country

United States

RegionMiami, FL

ASNAS398324

OrganizationCensys, Inc

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

30 reports70% confidence

Source reports

70%

Confidence score

Category tags

abuseaccount compromiseactive scanactive scanningadbadb attacksadb brute forceadb honeypot interactionadbhoney activityadbhoney attackadbhoney honeypotadbhoney interactionsapacheapache attackeraptasiaattackattack activityattacker ipattacker ipsattacker-ipaustraliaauthentication abuseauthentication attackauthentication-attemptsautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force-attackbrute_forcebrute_force_attemptbruteforcec2canadacensys-benignciscocisco activitycisco asacisco asa targetedcisco brute forcecisco devicecisco device attackcisco device attackscisco device scanningcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco exploitscisco-device-targetingcisco_device_attackcloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud migrationcloud securitycloud servicescloud storagecloud_infrastructurecommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised system detectionconnected devicesconpotconpot activityconpot attackconpot attacksconpot honeypotconpot interactionscowriecowrie activitycowrie attackcowrie attackscowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptcredential attackcredential attackscredential brute forcecredential brute forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_stuffingcvecve exploitationdata encryptiondata exfiltrationdata store exposuredatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase exploitation attemptdatabase intrusion attemptdatabase probingdatabase securitydatabase serversdatabase_serverddosddos attackddos attack indicatorsddos attemptddos probingdecoy systemdenial of servicedetected botnet activitydevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean ipdigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdropperelasticpot activityelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexternal access attemptsexternal attackersexternal scanningexternal threatexternal-threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfirewall eventfrancefraud voipftpftp activityftp attackftp attacksftp brute forceftp brute-forcegermanyhackingheralding activityhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap attackshoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicmpics securityics/scada attacksidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsindustrial iotinformation technologyinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksinternet facinginternet of thingsinternet scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scannersintrusion attemptintrusion detectioniociocsiot analyticsiot applicationsiot attackiot attacksiot device targetingiot exploit attemptsiot platformsiot securityiot targetediot/ics attackiot_attackip-addressesipphoney activityipphoney honeypotipv4ipv4 activityipv4 attacksipv4 port scanningipv4-iocipv4_activityipv4_addressit infrastructurejapankill-chain:exploitationkill-chain:reconnaissanceknown malicious iplamplamp activitylamp attacklamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlamp_stack_attacklateral movementlateral movement attemptlcialinuxlinux serverslinux systemslinux-server-attacklinux-server-attackslinux-server-targetinglinux_server_attacksloginlogin attacklogin attemptmail protocol abusemailoney activitymailoney attackmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious infrastructuremalicious ip listmalicious ipv4malicious network activitymalicious payloadmalicious payload detectionmalicious sftpmalicious softwaremalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware download attemptsmalware probingmalware propagationmalware_activitymass scanningmispmobilemobile securitymssqlmssql brute forcemulti-cloud managementmysql brute forcenetworknetwork accessnetwork activitynetwork attacksnetwork communicationnetwork device exploitationnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork-discoverynetwork_discoverynetwork_enumerationnetwork_reconnaissancenetwork_scannetwork_scanningnorth americaoceaniaopenctiopportunistic attackos command injectionp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword-guessingphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible credential stuffingpossible exploit attemptpossible exploit attemptspossible lateral movementpossible malware activitypossible malware distributionpossible malware dropperpossible malware infectionpossible mirai variantpossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential stuffingpotential exploitpotential exploit activitypotential lateral movementpotential malicious activitypotential malware activitypotential malware distributionpotential threat actorpotential vulnerability exploitationprivilege escalationprocess injectionprotocol exploitationprotocol-abusepublic cloud targetingpublic ip addressransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance-activitiesredisredis attacksredis exploitationredis exploitation attemptsredis honeypotredis honeypot attacksredishoneypotredishoneypot activityredishoneypot attackremote accessremote access abuseremote access attackremote access attemptremote access attemptsremote service exploitationremote servicesremote_access_serviceresearchedresource hijackingsansscams & fraudscannerscanner activityscanner ipscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer sip attackssentrypeer targetingserver exploitationservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptsftp probingsftp-attacksftp-brute-forcesingaporesipsip activitysip attackssip brute forcesip scansip scanningsip vulnerability exploitationsip vulnerability scansip-scanningsmart devicessmb attackssmb brute forcesmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh-brute-forcesuricata alertssynt-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1202t1203t1204.002t1210t1486t1496t1497t1497.001t1499.001t1499.002t1499.003t1505.002t1505.004t1552.001t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1583t1588t1589t1590t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat_intelligencetlp:whitetokyotor nodetorontotpottpotceudp port scanudp scanunattributed activityunattributed threat actorunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown threat actorusus ip addressverified-benignvnc protocolvoipvoip attackvoip attacksvoip systemsvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr parisvultr tokyovultr-platformvultr_platform_activitywazuhweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitationweb exploitsweb serverweb server attacksweb serversweb shellweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb-application-attacksweb-serversweb_attackweb_server

Activity Timeline

1 total obs

May 26May 26

Threat Activity Heatmap

· Peak: 2026-05-26

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

70%

Confidence

Reports

First seenSep 12, 2025

Last seenMay 26, 2026

GeolocationUS

CountryUnited States

LocationMiami, FL

ASNAS398324

OrgCensys, Inc

Coords25.8025, -80.3407

VPN

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded.
raw: NetRange: 66.132.153.0 - 66.132.153.255 CIDR: 66.132.153.0/24 NetName: CENSY NetHandle: NET-66-132-153-0-1 Parent: NET66 (NET-66-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2024-05-14 Updated: 2024-05-14 Ref: https://rdap.arin.net/registry/ip/66.132.153.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`66.132.153.118`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy