66.132.224.93
# IP INTELLIGENCE BRIEFING: 66.132.224.93/32
Classification: LOW RISK | Analysis Date: Current | Source: IPDebrief
---
## EXECUTIVE SUMMARY
IP 66.132.224.93 is a Censys, Inc. infrastructure address associated with their scanner operations. The IP presents a low risk profile (score: 25), shows no active threat indicators, and is classified as firewalled with no open services. Intelligence indicates this is passive reconnaissance infrastructure, not an active threat actor endpoint.
---
## OWNERSHIP & GEOSLOCATION
Organization: Censys, Inc. (ASN: 398324)
Network: 66.132.224.0/24
Location: Miami, Florida, US (ARIN)
Registration: Available via RDAP
The IP is owned by Censys, a legitimate cybersecurity reconnaissance and scanning platform provider. The address resolves to the Censys scanner domain infrastructure.
---
## THREAT INDICATORS
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Tor Exit Node | No |
| Spam Source | No |
| Blacklist Count | 0 |
| Pulsedive Risk | Not Available |
| Known Campaigns | None |
| DNSBL Listings | 1 of 8 total lists |
Risk Score: 25 (Low Risk)
Abuse Confidence Score: Not Available
The IP has a minimal threat profile with no active malicious indicators. One DNSBL listing observed historically, but no current abuse signals.
---
## NETWORK ROLE & SERVICES
Infrastructure Type: Scanner/Probing Infrastructure
Services: Firewalled / No Services
Open Ports: None detected
TLS Certificate: Not Available
The IP presents no active services or open ports, indicating it is used for passive scanning operations rather than hosting malicious payloads or command-and-control infrastructure.
---
## DNS ANALYSIS
PTR Hostname: 93.224.132.66.censys-scanner.com
Forward Resolution: Confirmed
Hosted Domains: 0
Email Authentication: No SPF/DMARC records
DNS records confirm legitimate association with Censys scanner infrastructure.
---
## OBSERVATION HISTORY
Total Observations: 22 signals
Recent Activity: June 2026 (most recent)
Historical data shows consistent low-risk behavior over the observation period. One DNSBL listing observed in June 2024 with maximum severity rating. No escalation in threat activity observed over time.
---
## NETWORK RELATIONSHIPS
DNS Associations: 93.224.132.66.censys-scanner.com (primary)
Network Associations: Multiple entries for "CENSY" network
Relationship Count: 29 total relationships
The IP maintains strong DNS and network relationships within the Censys infrastructure, consistent with organized scanning operations.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 66.132.224.0/24
Sibling IPs: 31 total
Abuse Density: 0.5
Risk Distribution:
- High Risk: 0
- Medium Risk: 15
- Low Risk: 16
The /24 subnet shows mixed classification with 50% low-risk and 50% medium-risk siblings. This distribution is consistent with Censys' scanning infrastructure footprint, where multiple addresses are used for distributed reconnaissance.
---
## RECOMMENDED ACTIONS
Security Posture: Monitor, No Action Required
Recommended Actions:
- No immediate blocking required
- No firewall rules recommended due to low risk profile
- Continue monitoring for any risk score changes
- Consider correlation with other Censys infrastructure for broader visibility
Note: The IP represents legitimate scanning infrastructure. Blocking may impact legitimate security research operations.
---
## INTELLIGENCE CONCLUSION
IP 66.132.224.93 is Censys, Inc. scanner infrastructure with low-risk characteristics. The address shows no active threat indicators, no open services, and a stable risk profile. Historical data confirms consistent low-risk behavior. SOC analysts should maintain awareness of this as legitimate reconnaissance infrastructure rather than malicious threat actor assets.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Censys, Inc. |
| ASN | AS398324 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 93.224.132.66.censys-scanner.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 93.224.132.66.censys-scanner.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-08 05:02:31 UTC |
| Last Seen | 2026-06-26 08:24:03 UTC |
| Profile Built | 2026-06-25 03:56:05 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.