Check an IP Address, Domain Name, Subnet, or ASN

66.132.153.61 was found in our database!

$ whois 66.132.153.61

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.153.61scoring →

confidence

83%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·114

events·183

$ sikker protocols 66.132.153.61

HTTP

40 / 65

IMAP

35 / 47

HTTPS

9 / 20

SMTP

7 / 13

RTSP

6 / 10

SIP

2 / 7

MSSQL

6 / 6

FTP

2 / 5

TELNET

3 / 5

SSH

2 / 3

SMB

2 / 2

$ sikker summary 66.132.153.61

66.132.153.61 has a threat confidence score of 83%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 114 honeypot sessions targeting HTTP, IMAP, HTTPS, SMTP, RTSP and 6 other protocols. First observed on January 22, 2026, most recently active March 21, 2026.

$ sikker behaviors 66.132.153.61catalog →

lowRtsp Options Probe6x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Censys Tls Capability Probe2x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.153.61

http_method_get14 rtsp_options10 smtp_ehlo_greeting9 smtp_ehlo_censys_scanner_identifier9 smtp_starttls_upgrade_request8 http_path_bad_request4 ftp_auth_tls2 sip_call_id_alphanumeric_entropy2 ftp_auth_ssl1 https_path_root1

$ sikker related 66.132.153.61

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→RTSP·More threats targetingRTSP→SIP·More threats targetingSIP→MSSQ·More threats targetingMSSQL→FTP·More threats targetingFTP→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
206.168.34.123	50%	1,569
167.94.138.41	49%	1,390
66.132.172.180	59%	13
162.142.125.203	50%	2,233
206.168.34.218	50%	1,784

IP Address	Confidence	Events
97.74.90.88	96%	2,298
20.65.195.33	79%	189
206.168.34.218	50%	1,784
92.118.39.87	100%	250,874
92.118.39.72	100%	116,720