IOC Radar
IPMediumSignal 85/100

66.132.172.39

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Mar 20, 2026
Last Seen
Jun 18, 2026
Mar 20
First Seen
99d ago
Jun 18
Last Seen
8d ago
21
Reports
source reports
85%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

VPN
VPN exit node

Feed Intelligence Summary

21 reports85% confidence
21
Source reports
85%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningallaptasiaattackaustraliaautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcecisco devicecisco targetedclasscloud infrastructurecloud infrastructure attackcloud servicescommand executioncommunication protocolcountcountrycowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-harvestingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase-serverddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingentropyenv-huntingeuropeeventsexploitationexploitation activityexploitation attemptsexploited hostexternal access attemptsfattfieldfilehash-sha256-iocfirst seenfrancefraud voipftpftp brute forceftp brute-forceftp-bruteforcehackinghoneytrap honeypothttp scannerhttp/httpshttp/sidentity & access exploitationimapimap attackindicatorinitial access activityinitial-accessinjection activityinjection attacksiot securityiot targetedip-address-iocipv4ipv4-ioclamplamp stacklamp stack targetedlateral movementlinux serverslinux systemslinux-systemlogin attemptsmailoney honeypotmalaysiamalicious activitymalicious-filemalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmax threatmssqlnetworknetwork device exploitationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork-devicenginxnorth americaoceaniap0fpassword attackspathphishingphishing attackphishing trappolandport-scanningportscanprotocol exploitationransomwarerdp-bruteforcereconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscorescripting attackssensor-taggedsentrypeer botnetserver exploitationserviceservice scanservice scanningseveresftp attacksipsip heraldingsmb-bruteforcesmtpsmtp attackersocial engineeringsocradarsocradar honeypotspamsql injectionsshssh attackssh monitoringssh-bruteforcesystem accesssystem reconnaissancet1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.005t1059.007t1071.001t1076t1077t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1505.004t1563t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat-detectionthreat-intelligencetor nodetotal eventstpottypeunited statesusvaluevoipvoip attackvpnvpn ipvultrweb app attackweb application attackweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-server

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
21
Reports
First seenMar 20, 2026
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 8 days ago
Appeared in 21 threat reports