IPMediumSignal 71/100
66.132.224.225
Location
United StatesAnn Arbor, FL
ASN
AS398324
Censys Inc
First Seen
Mar 21, 2026
Last Seen
Jun 16, 2026
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, FL
ASNAS398324
OrganizationCensys Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
22 reports71% confidence
22
Source reports
71%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute-forcebrute_force_attackbruteforcecisco asa targetingcisco devicecloud infrastructurecloud infrastructure attackcloud servicescommand executioncommunication protocolconpot honeypotcowriecowrie honeypotcredential accesscredential access attemptscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotelasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexploitation activityexploited hostexternal_threatfattfinlandfranceftp brute-forceftp_scangalahgermanyhackinghoneytrap honeypothttphttp/httpshttp_scanics attacksics securityidentity & access exploitationimapimap attackindicatorindustrial control systemsinitial access attemptsinjection activityinternet_wide_scaniot device attacksiot securityiot targetediot/ics attackipv4_scanningjapanlamplinux systemmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturemalware delivery attemptsnetworknetwork device attacknetwork infrastructurenetwork probingnetwork scanningnetwork securitynetwork_reconnaissancenorth americaopen proxyopencanaryp0fpassword attacksphishingphishing attackphishing trappolandportscanprotocol exploitationproxyransomwareraspberry-pirdp_scanreconnaissanceredis attacksredis honeypotremote accessremote servicesresearchedresource hijackingsansscannerscannersscanning activitysensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksftp attackssip attackssmtpsmtp attackersocial engineeringsocradar honeypotspamsql injectionsshssh attackssh attacksssh monitoringssh_scant1021t1021.001t1040t1041t1046t1059.005t1071.001t1076t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1496t1499.001t1505.004t1563t1566.001t1566.002t1566.003t1566.004t1590.005t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat_actor_unknowntor nodetpotunited statesusvoipvoip attackvultrweb app attackweb application attackweb application attacksweb attacksweb exploitationweb server attackweb spam
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
22
Reports
First seenMar 21, 2026
Last seenJun 16, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, FL
ASNAS398324
OrgCensys Inc
Coords25.8025, -80.3407
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force REDIS on DigitalOcean Toronto (CA) honeypot
- raw
- NetRange: 66.132.224.0 - 66.132.224.255 CIDR: 66.132.224.0/24 NetName: CENSY NetHandle: NET-66-132-224-0-1 Parent: NET66 (NET-66-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2024-05-14 Updated: 2024-05-14 Ref: https://rdap.arin.net/registry/ip/66.132.224.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
- references
- https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/digitaloceantoronto-redis-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceantoronto-redis-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-28/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-24/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 10 days ago
Appeared in 22 threat reports