IPMediumSignal 85/100
66.132.224.21
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Mar 21, 2026
Last Seen
Jun 10, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
13 reports85% confidence
13
Source reports
85%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadminaegisamberaptasiaattackattacker-ipaustraliaautomated attackautomated attacksbad ip'sbad reputationbad web botblock ratebotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute-forcebrute_forcebrute_force_attackbruteforcecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand executioncommunication protocolconnectcorazacowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securitydcomddosddos attackdecoy systemdenial of servicedigital oceandionaeadionaea honeypotdropseuropeexfiltrationexploitation activityexploited hostexternal_threatfattfraud voipftpftp brute-forceftp_scangermanyhackinghoneytrap honeypothttp scannerhttp_scanidentity & access exploitationinbound scanindicatorinfrastructure targetinginitial accessinitial_accessinjection activityinjection attacksinternet facing systemsinternet-facing assetsinternet_wide_scaniocsiot securityiot targetedipv4ipv4 addressesipv4 scanningipv4 trafficipv4_scanningitalyjapanmailoney honeypotmalicious activitymalicious ipmalicious ip addressesmalicious ipsmalwaremalware behaviourmalware capturemirainetworknetwork attacksnetwork discoverynetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancenetwork_scanningnorth americaoceaniaopen proxyopportunistic attackp0fpassword attacksphishingphishing attackphishing trapping of deathpolandportportscanprotocol exploitationproxyransomwarercerdprdp_scanreconnaissanceredisremote accessremote servicesresearchedresource hijackingrpcscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetservice scansipsmtpsnmpsocial engineeringsocradarspamsql injectionsshssh attackssh monitoringssh_scansynacksynwithdatasystem accesst1021t1021.001t1040t1046t1055t1059t1059.003t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1566.001t1566.002t1566.003t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scanningtelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat_actor_unknowntor nodetpotudpunited statesusvoidtrapvoipvoip attackvultrweb app attackweb application attackweb attackweb exploitweb exploitationweb spamweb trafficwinwindowszeek
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
· Peak: 2026-06-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
13
Reports
First seenMar 21, 2026
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2780, -83.7408
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 10 days ago
Appeared in 13 threat reports