IOC Radar
IPMediumSignal 69/100

66.132.186.201

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys, Inc
First Seen
Mar 22, 2026
Last Seen
Jun 18, 2026
Mar 22
First Seen
91d ago
Jun 18
Last Seen
3d ago
20
Reports
source reports
69%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys, Inc

IP Category

VPN
VPN exit node

Feed Intelligence Summary

20 reports69% confidence
20
Source reports
69%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningaptasiaattackattacker-ipaustraliaautomated attackautomated attacksautomated threatbad ip'sbad reputationbad web botblocklist_allbotnetbotnet activitybotnet attack activitybrutebrute forcebrute force attackbrute force attackerbrute-forcebruteforcecisco devicecisco network devicescisco targetedclasscloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommon vulnerabilitiescommunication protocolconpot honeypotcountcountrycowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeeventsexploit attemptsexploitation activityexploited hostexternal access attemptsfattfieldfinlandfrancefraud voipftpftp brute-forcegermanyhackinghoneytrap honeypothttp exploitationhttp scannerhttp/shttpsics securityidentity & access exploitationindicatorindustrial control systemsinjection activityinjection attacksintrusion detectioniocsiot securityiot targetediot/ics attackipv4italylamplamp stacklamp stack targetedlateral movementlinux serverslinux systemsmailoney honeypotmalaysiamalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymonthlynetworknetwork discoverynetwork infrastructurenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnorth americaoceaniap0fpassword attackspathperimeter securityphishingphishing attackphishing trappolandportscanprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attacksremote servicesresearchresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscoresecurity operationssensor-taggedsentrypeer botnetserver exploitationserver securityserviceservice scanservice scanningseveresftp attacksftp attackssip attackssip brute forcesmb exploitationsmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringssh-brutesystem reconnaissancet1021.001t1021.002t1040t1041t1046t1055t1059.003t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1498t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetotal eventstpottypeunited statesunknown threat actorusvaluevoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrweak credentialsweb app attackweb application attackweb application attacksweb attacksweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
20
Reports
First seenMar 22, 2026
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys, Inc
Coords42.2809, -83.7489
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 3 days ago
Appeared in 20 threat reports