← Back to feed

Subnet 66.132.195.0/24

SUBNET Active high
Why this campaign was detected
8 IPs from the same /24 subnet (66.132.195.0/24) were observed attacking our sensors within the same time window. All belong to Censys, Inc. (AS398324). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS398324 · Censys, Inc.
Subnet
66.132.195.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
8 IPs
Below average
Total Events
91
Below average by volume
Started / Ended
2026-03-23 03:46 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
66.132.195.95 scanner 60% 2x OSINT 9 3 http:scanssh:bruteforce β€” 2026-07-13 00:34 evidence →
66.132.195.63 web_probe 57% 1x OSINT 9 3 http:scanssh:bruteforce β€” 2026-07-13 04:01 evidence →
66.132.195.36 scanner 52% 10 3 http:scanssh:bruteforce β€” 2026-07-13 08:05 evidence →
66.132.195.64 scanner 52% 29 3 http:scanssh:bruteforce β€” 2026-07-12 02:47 evidence →
66.132.195.100 scanner 44% 2x OSINT 10 2 http:scanssh:bruteforce β€” 2026-07-12 05:34 evidence →
66.132.195.54 web_probe 40% 2x OSINT 3 2 http:scan β€” 2026-07-15 17:48 evidence →
66.132.195.62 web_probe 38% 2x OSINT 5 1 http:scanssh:bruteforce β€” 2026-07-14 16:25 evidence →
66.132.195.31 scanner 36% 1x OSINT 16 2 ssh:bruteforce β€” 2026-07-15 11:44 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds