Critical Alert
IP 66.132.153.60 is a high-risk address associated with sustained hacking activity, accumulating 1351 abuse reports across automated honeypot sensors between August 2025 and March 2026. With a maximum threat level of 10/10, this US-based IP under AS398324 (CENSYS-ARIN-01) presents a significant and persistent intrusion risk to exposed network services.
The volume of reports is substantial relative to the seven-month observation window, averaging roughly 193 confirmed abuse incidents per month. All 20 most recent reports specifically categorize the malicious activity as general hacking attempts, including intrusion enumeration, vulnerability probing and unauthorized access campaigns. Detection originated exclusively from automated honeypot infrastructure, indicating systematic automated scanning rather than opportunistic single-source attacks. The 68% confidence score reflects that while the threat pattern is clearly established, some characteristics remain ambiguous in attribution.
General hacking activity encompasses a broad spectrum of intrusion techniques designed to compromise targeted systems. Attackers leverage this classification for port scanning, credential stuffing, exploitation of unpatched software and lateral movement preparation. Even at low activity frequency, an IP amassing over 1300 reports demonstrates persistent automated threats that will continue probing any exposed entry points. Exposed services such as SSH, RDP, FTP or web applications with known vulnerabilities face immediate risk of unauthorized access or compromise.
Network operators should immediately block or heavily rate-limit traffic from this address at the firewall level. Enforcing strong authentication on all remote access services, disabling unused daemons and applying security patches promptly reduces exploitability. Implementing intrusion detection or fail2ban-style log analysis tools helps identify and neutralize repeated connection attempts in real time. Continuous monitoring of authentication logs for unusual source patterns provides additional early warning against automated intrusion campaigns.
MC 
UA 
GB 
IR 
CO