IOC Radar
IPMediumSignal 72/100

66.132.172.187

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Mar 21, 2026
Last Seen
Jun 18, 2026
Mar 21
First Seen
97d ago
Jun 18
Last Seen
8d ago
21
Reports
source reports
72%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

VPN
VPN exit node

Feed Intelligence Summary

21 reports72% confidence
21
Source reports
72%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningapacheapache attackeraptattackaustraliaautomated attackautomated attacksautomated threatbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute-forcebruteforcecisco devicecisco network devicescivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand executioncommon vulnerabilitiescommunication protocolcowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-harvestingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenv-huntingeuropeexploitexploit attemptexploit attemptsexploitation activityexploited hostexploitsexternal access attemptsfattfinlandfrancefraud voipftpftp brute-forcegalahgermanygovernment technologyhackinghoneytrap honeypothttphttp scannerhttp/httpshttp/shttpsidentity & access exploitationindicatorinformation technologyinjection activityiot securityiot targetedipv4it infrastructurelamplamp stacklateral movementlinux serverslinux systemslogin attemptsmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware delivery attemptsnetworknetwork device exploitationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnginxnorth americaoceaniaopencanaryp0fpassword attacksperimeter securityphishingphishing attackphishing trappolandportscanprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwareraspberry-pircereconnaissanceredisredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscams & fraudscannerscannersscanning activitysensor-taggedsentrypeer botnetserver exploitationserver securityservice scanservice scanningsftp attacksip heraldingsmtpsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh monitoringsystem accesst-pott1021t1021.001t1021.002t1040t1041t1046t1059.003t1059.005t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1505.002t1505.004t1563t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunited statesunknown threat actorusvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvultrweak credentialsweb app attackweb application attackweb attacksweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
21
Reports
First seenMar 21, 2026
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 8 days ago
Appeared in 21 threat reports