← Back to feed
Subnet 66.132.195.0/24
SUBNET Active highWhy this campaign was detected
8 IPs from the same /24 subnet (66.132.195.0/24) were observed attacking our sensors within the same time window. All belong to Censys, Inc. (AS398324). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS398324 · Censys, Inc.
Subnet
66.132.195.0/24
Country
πΊπΈ US
Cloud Provider
—
Member Count
8 IPs
Below average
Total Events
91
Below average by volume
Started / Ended
2026-03-23 03:46 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 66.132.195.95 | scanner | 60% | 2x OSINT | 9 | 3 | http:scanssh:bruteforce | β | 2026-07-13 00:34 | evidence → |
| 66.132.195.63 | web_probe | 57% | 1x OSINT | 9 | 3 | http:scanssh:bruteforce | β | 2026-07-13 04:01 | evidence → |
| 66.132.195.36 | scanner | 52% | 10 | 3 | http:scanssh:bruteforce | β | 2026-07-13 08:05 | evidence → | |
| 66.132.195.64 | scanner | 52% | 29 | 3 | http:scanssh:bruteforce | β | 2026-07-12 02:47 | evidence → | |
| 66.132.195.100 | scanner | 44% | 2x OSINT | 10 | 2 | http:scanssh:bruteforce | β | 2026-07-12 05:34 | evidence → |
| 66.132.195.54 | web_probe | 40% | 2x OSINT | 3 | 2 | http:scan | β | 2026-07-15 17:48 | evidence → |
| 66.132.195.62 | web_probe | 38% | 2x OSINT | 5 | 1 | http:scanssh:bruteforce | β | 2026-07-14 16:25 | evidence → |
| 66.132.195.31 | scanner | 36% | 1x OSINT | 16 | 2 | ssh:bruteforce | β | 2026-07-15 11:44 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds