Is IP address 66.132.153.59 dangerous?

Yes, 66.132.153.59 is considered dangerous with a threat level of 10/10. It has been reported 2,318 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 66.132.153.59?

IP address 66.132.153.59 is operated by CENSYS-ARIN-01 (ASN 398324) and is geolocated to US. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 66.132.153.59?

Yes, blocking 66.132.153.59 is strongly recommended. With a threat level of 10/10 and 2,318 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 66.132.153.59?

Our threat assessment for 66.132.153.59 has a confidence score of 65%, based on 2,318 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

66.132.153.59

IPv4 Public

AS398324

CENSYS-ARIN-01

2,318 Reports

US Location

CENSYS-ARIN-01 ASN 398324

2,318 Reports

Honeypot Data Source

Maximum Danger

IP 66.132.153.59, registered to network operator CENSYS-ARIN-01 within AS398324 in the United States, presents a critical threat level of 10/10 based on 2,318 total abuse reports submitted through 20 automated honeypot sensors. This address has been actively reported between August 2025 and March 2026, indicating persistent hostile activity spanning approximately seven months. The dominant threat category across all reported incidents is general hacking activity, specifically characterized by repeated connection attempts against exposed services.

The volume of abuse reports for IP 66.132.153.59 is substantial relative to typical threat actors observed in shared honeypot telemetry, placing it in the upper percentile of reported source addresses. The detection network consistently identified this address as originating unauthorized connection requests, with all recent submissions categorizing the activity as hacking-related intrusion attempts. Despite a confidence score of 65%, which accounts for uncertainty in attribution and classification, the sheer report count and consistent categorization across multiple independent sensor sources strongly support the assessed risk profile. The zero activity frequency rating suggests the IP may currently be dormant or blocked at the perimeter level, though historical behaviour indicates it is far from benign.

Hacking activity encompasses a broad spectrum of intrusion tradecraft, including vulnerability exploitation, credential brute-forcing, and targeted service probing. For exposed services such as SSH, RDP, HTTP interfaces, or database listeners, each unsolicited connection from an address like 66.132.153.59 represents a potential pre-exploitation reconnaissance step or active exploitation attempt. Even failed attempts are operationally significant, as they confirm live infrastructure, refine attacker tooling, and may precede more sophisticated follow-on operations. The abstract attack pattern observed — generic connection attempts — is consistent with scanning campaigns or automated exploit scripts that cycle through target ranges indiscriminately.

More threatening than 91% of monitored IPs

Threat Categories

Hacking 30

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Reputable Network

This IP is hosted on a network (ASN 398324) with generally good reputation. The ISP CENSYS-ARIN-01 maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

Reputation Summary

Threat Level 10/10 Critical

Critical

Activity Frequency 0/10 Inactive

Confidence Score 63% High Confidence

Confidence History

22. Mar 2026 - 23. Mar 2026

65% Current

Stable Trend

Date	Categories	Source	Confidence
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
23. Mar 2026	Hacking	Honeypot	75%
22. Mar 2026	Hacking	Honeypot	75%
22. Mar 2026	Hacking	Honeypot	75%
22. Mar 2026	Hacking	Honeypot	75%
22. Mar 2026	Hacking	Honeypot	75%
22. Mar 2026	Hacking	Honeypot	75%

Basic Information

IP Address: 66.132.153.59
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class A

Geolocation

Country: US
ASN: AS398324
ISP: CENSYS-ARIN-01

DNS Information

Reverse DNS: 59.153.132.66.censys-scanner.com
PTR Record: Yes
Connection Type: Dynamic

Statistics

Total Reports: 2,318
First Reported: 15 Aug 2025
Last Reported: 23 Mar 2026, 21:43

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS398324

Organization: Censys, Inc.

Country:

Network Threat Assessment

2/10

This network appears to be relatively clean with very low threat indicators.

Network Statistics

613

Total IPs Monitored

85,901

Total Reports

140.1

Reports per IP

Network Context

This IP address belongs to Censys, Inc. (AS398324), which manages 613 IP addresses in our monitoring system. Out of these, 85,901 have been reported for suspicious activities, resulting in a network-wide threat level of 2/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

91 %

Global Threat Ranking

This IP is more threatening than 91% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,471 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++

Total Reports 2,318 avg: 23 ++

Network Comparison

Compared against 824 IPs in ASN 398324

Threat Level 10/10 network avg: 8.3 +

Total Reports 2,318 network avg: 162 ++

Network CENSYS-ARIN-01 has overall threat level 2/10

Geographic Comparison

Compared against 38,446 IPs in US

Threat Level 10/10 country avg: 5.9 ++

Total Reports 2,318 country avg: 41 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 0 reports

Daily Average 0 reports/day

Most Active Thursday 746 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Hacking 2,308

Exploited Host 9

Web App Attack 2

IoT Targeted 1

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 16:00 with 173 reports

Weekly Activity

Geographic Threat Distribution

187,140 threat incidents tracked globally • Last 24h: 19,043 Logs

FEED

Top Threat Sources

01

United States US THIS IP

38,446 20.5%
02

India IN

29,023 15.5%
03

China CN

26,021 13.9%
04

Brazil BR

10,256 5.5%
05

Germany DE

7,142 3.8%
06

Singapore SG

6,476 3.5%
07

Indonesia ID

5,539 3%
08

Russia RU

4,703 2.5%
09

Pakistan PK

4,654 2.5%
10

Netherlands NL

4,356 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

9.5/10 Avg Threat

94% Avg Confidence

20 High Threat

High-risk network: Majority of related IPs are flagged

Maximum Danger

Threat Categories

Technical Details

Recommended Mitigations

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]