IOC Radar
IPMediumSignal 87/100

66.132.172.105

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Mar 20, 2026
Last Seen
Jun 15, 2026
Mar 20
First Seen
99d ago
Jun 15
Last Seen
11d ago
21
Reports
source reports
87%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

21 reports87% confidence
21
Source reports
87%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbadbhoney honeypotaegisamberandroidaptattackaustraliaauthentication_failuresautomated attackautomated attacksautomated threatbad reputationbad web botblock rateblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcecisco devicecisco network devicescivil servicesclasscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescommon vulnerabilitiescommunication protocolconnectconpot honeypotcorazacountcountrycowriecowrie honeypotcredential accesscredential access attemptscredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase serversddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdropperdropselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeeventsexfiltrationexploitexploit attemptexploit attemptsexploitation activityexploitation attemptexploited hostexport-to-otxexternal access attemptsfattfieldfranceftpftp brute forceftp brute-forcegermanygovernment technologyhackinghoneypot 24h activityhoneytrap honeypothttp exploitationhttp scannerhttp/shttpsics attacksics securityidentity & access exploitationindicatorindustrial control systemsinformation technologyinitial accessinitial access activityinjection activityinjection attacksiot device attacksiot securityiot targetediot/ics attackipv4it infrastructureitalylamplamp stacklateral movementlinux serverslinux systemsmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmispmobile threatnetworknetwork attacksnetwork devicesnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnorth americaoceaniaopen proxyp0fpassword attackspassword_guessingpathperimeter securityphishingphishing attackphishing trappolandportportscanprotocol exploitationproxypublic administrationpublic infrastructurepublic policyransomwarercereconnaissanceredisredis attacksredis honeypotregulatory agenciesremote accessremote access attacksremote servicesremote_accessresearchedresource hijackingsansscannerscannersscanning activityscorescripting attackssensor-taggedsentrypeer botnetserver exploitationserver securityserviceservice scanservice scanningseveresftp attacksftp attackssip attackssip brute forcesmb exploitationsmtpsmtp attackersmtp brute forcesnmpsocial engineeringsocradarsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh bruteforcessh monitoringsynacksynwithdatasystem accesst1021t1021.001t1021.002t1021.004t1040t1041t1046t1059t1059.003t1059.007t1071.001t1076t1077t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550.002t1563t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scanningtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat feedthreat intelligencetor nodetotal eventstpottypeunited statesunknown threat actorusvaluevoipvoip attackvulnerability scanvulnerability-exploitationvultrweak credentialsweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb serversweb spamweb trafficzeek

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
21
Reports
First seenMar 20, 2026
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 11 days ago
Appeared in 21 threat reports