IPMediumSignal 77/100
66.132.172.128
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Mar 20, 2026
Last Seen
Jun 23, 2026
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
25 reports77% confidence
25
Source reports
77%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbadbhoney honeypotallandroidapacheapache attackeraptasiaattackaustraliaautomated attackautomated attacksbad reputationbad web botblocklist_allblog spambotnetbotnet activitybotnet attack activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcecisco devicecisco targetedcivil servicesclasscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommunication protocolconpot honeypotcountcountrycowriecowrie honeypotcredential accesscredential attackcredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-harvestingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotdistributed attacksdropperelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingentropyenv-huntingeuropeeventsexploitexploit attemptexploit attemptsexploitation activityexploitation attemptexploited hostexternal access attemptsfattfieldfraud voipftpftp brute forceftp brute-forcegovernment technologyhackinghoneytrap honeypothttp exploitationhttp scannerhttpsics securityics/scadaics/scada attackidentity & access exploitationimapimap attackindicatorindustrial control systemsinformation gatheringinformation technologyinitial accessinitial access activityinjection activityinjection attacksinternet-facing assetsiot securityiot targetediot/ics attackipv4ipv4 scanningit infrastructurelamplamp stacklamp stack targetedlateral movementlinux serversmailoney honeypotmalaysiamalicious activitymalicious ipsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmobile threatnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynginxnorth americaoceaniaopen proxyopportunistic attackp0fpassword attackspathperimeter securityphishingphishing attackphishing trapping of deathpolandportscanprocess injectionprotocol exploitationproxypublic administrationpublic infrastructurepublic policyransomwarercereconnaissanceredisredis honeypotregulatory agenciesremote accessremote access attacksremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscorescripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationserver securityserviceservice scanservice scanningseveresftp attacksftp attackssftp protocolsip attackssip brute forcesip protocolsmb exploitationsmtpsmtp attackersmtp brute forcesocial engineeringsocradarsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringssh protocolsystem accesssystem reconnaissancet1018t1021t1021.001t1021.002t1040t1041t1046t1055t1059.003t1059.005t1059.007t1071.001t1076t1077t1078t1090 - proxyt1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottypeunited statesunknown threat actorusvaluevoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb spamweb traffic
Activity Timeline
Jun 23Jun 23
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
25
Reports
First seenMar 20, 2026
Last seenJun 23, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2780, -83.7408
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 66.132.172.0 - 66.132.172.255 CIDR: 66.132.172.0/24 NetName: CENSY NetHandle: NET-66-132-172-0-1 Parent: NET66 (NET-66-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2024-05-14 Updated: 2024-05-14 Ref: https://rdap.arin.net/registry/ip/66.132.172.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 4 days ago
Appeared in 25 threat reports