IOC Radar
IPMediumSignal 72/100

66.132.172.42

Location
United StatesUnited States
Ann Arbor, FL
ASN
AS398324
Censys Inc
First Seen
Mar 19, 2026
Last Seen
Jun 5, 2026
Mar 19
First Seen
86d ago
Jun 5
Last Seen
8d ago
21
Reports
source reports
72%
Confidence
medium
18/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, FL
ASNAS398324
OrganizationCensys Inc

Feed Intelligence Summary

21 reports72% confidence
21
Source reports
72%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaptattackaustraliaautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute-forcebrute_forcebruteforceciscocisco devicecisco network devicescisco targetedcivil servicesclasscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand executioncommon vulnerabilitiescommunication protocolcountcountrycowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential_accessdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase serversdatabase-serverddosddos attackdecoy systemdenial of servicedevice managementdhcpdigital oceandionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingeuropeeventsexploitexploit attemptexploit attemptsexploitation activityexploitation attemptexploited hostexternal access attemptsfattfieldfirst seenfrancefraud voipftpftp brute forceftp brute-forcegovernment technologyhackinghoneytrap honeypothttp exploitationhttp scannerhttp/shttpsidentity & access exploitationimapimap attackindicatorinformation gatheringinformation technologyinitial access activityinjection activityinjection attacksinternet facing systemsiot securityiot targetedip-address-iocipv4ipv4 addressesit infrastructurelamplamp stacklamp stack targetedlateral movementldaplinux serverslinux systemslinux-systemmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmax threatmonthlymssqlnetworknetwork attacksnetwork devicesnetwork infrastructurenetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork-devicenetwork_reconnaissancenetwork_services_attacknorth americantpoceaniaoraclep0fpassword attackspathperimeter securityphishingphishing attackphishing trappolandportscanpostgresprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceredisregulatory agenciesremote accessremote access attacksremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscorescripting attackssecurity policysensor-taggedsentrypeer botnetserver exploitationserver securityserviceservice scanservice scanningsftpsftp attacksftp attackssftp_protocolsipsip attackssip brute forcesip_protocolsmbsmb exploitationsmtpsmtp attackersmtp brute forcesnmpsocial engineeringsocks5socradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringssh_protocolsystem accesssystem reconnaissancet-pott1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.005t1059.007t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.005t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnettelnet threattelnet_protocolthreat actorthreat detectionthreat feedthreat intelligencethreat preventiontor nodetotal eventstpotunited statesunknown threat actorusvaluevncvnc protocolvoipvoip attackvoip attacksvulnerability scanvulnerability-exploitationvultrweak credentialsweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb serversweb spamweb trafficweb-server

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
21
Reports
First seenMar 19, 2026
Last seenJun 5, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, FL
ASNAS398324
OrgCensys Inc
Coords25.8025, -80.3407

VirusTotal

18/ 91vendors flagged
20% detection rateJun 6, 2026

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
NetRange: 66.132.172.0 - 66.132.172.255 CIDR: 66.132.172.0/24 NetName: CENSY NetHandle: NET-66-132-172-0-1 Parent: NET66 (NET-66-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2024-05-14 Updated: 2024-05-14 Ref: https://rdap.arin.net/registry/ip/66.132.172.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-31/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-27/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-19/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-15/, hexroot-full-2026-05-12-1726.md, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-05-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-28/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, ip_iocs.csv, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-21/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 8 days ago
Appeared in 21 threat reports