← Back to feed
Subnet 66.132.195.0/24
SUBNET Active highWhy this campaign was detected
18 IPs from the same /24 subnet (66.132.195.0/24) were observed attacking our sensors within the same time window. All belong to Censys, Inc. (AS398324). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS398324 · Censys, Inc.
Subnet
66.132.195.0/24
Country
πΊπΈ US
Cloud Provider
—
Member Count
18 IPs
Below average
Total Events
89
Below average by volume
Started / Ended
2026-03-23 03:46 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 66.132.195.47 | web_probe | 50% | 1x OSINT | 4 | 3 | http:scan | β | 2026-05-17 17:54 | evidence → |
| 66.132.195.110 | scanner | 49% | 1x OSINT | 5 | 2 | http:scanssh:bruteforce | β | 2026-05-20 21:39 | evidence → |
| 66.132.195.67 | web_probe | 45% | 1x OSINT | 6 | 2 | http:scanssh:bruteforce | β | 2026-05-18 13:34 | evidence → |
| 66.132.195.49 | scanner | 43% | 2x OSINT | 5 | 1 | http:scanssh:bruteforce | β | 2026-05-20 04:34 | evidence → |
| 66.132.195.116 | web_probe | 38% | 2x OSINT | 5 | 1 | http:scanssh:bruteforce | β | 2026-05-17 12:48 | evidence → |
| 66.132.195.76 | web_probe | 35% | 3 | 2 | http:scan | β | 2026-05-20 15:10 | evidence → | |
| 66.132.195.90 | scanner | 35% | 13 | 2 | http:scanssh:bruteforce | β | 2026-05-14 15:26 | evidence → | |
| 66.132.195.63 | scanner | 34% | 5 | 1 | http:scanssh:bruteforce | β | 2026-05-20 00:46 | evidence → | |
| 66.132.195.83 | scanner | 33% | 1x OSINT | 8 | 2 | ssh:bruteforce | β | 2026-05-17 12:40 | evidence → |
| 66.132.195.97 | scanner | 33% | 2x OSINT | 8 | 2 | ssh:bruteforce | β | 2026-05-15 11:32 | evidence → |
| 66.132.195.105 | web_probe | 30% | 1x OSINT | 1 | 1 | http:scan | β | 2026-05-19 19:51 | evidence → |
| 66.132.195.101 | scanner | 25% | 1x OSINT | 8 | 1 | ssh:bruteforce | β | 2026-05-17 16:43 | evidence → |
| 66.132.195.69 | web_probe | 25% | 1x OSINT | 1 | 1 | http:scan | β | 2026-05-17 17:31 | evidence → |
| 66.132.195.72 | web_probe | 24% | 1 | 1 | http:scan | β | 2026-05-20 01:39 | evidence → | |
| 66.132.195.60 | scanner | 17% | 1x OSINT | 4 | 1 | ssh:bruteforce | β | 2026-05-14 03:32 | evidence → |
| 66.132.195.89 | scanner | 16% | 4 | 1 | ssh:bruteforce | β | 2026-05-16 08:29 | evidence → | |
| 66.132.195.74 | scanner | 15% | 4 | 1 | ssh:bruteforce | β | 2026-05-15 09:35 | evidence → | |
| 66.132.195.77 | scanner | 14% | 4 | 1 | ssh:bruteforce | β | 2026-05-14 20:40 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds