Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.101 was found in our database!

$ whois 66.132.172.101

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.101scoring →

confidence

85%Very High

first_seen·Mar 19, 2026

last_seen·13m ago

sessions·71

events·71

$ sikker protocols 66.132.172.101

HTTP

23 / 23

SIP

14 / 14

HTTPS

12 / 12

IMAP

10 / 10

SMTP

4 / 4

TELNET

3 / 3

FTP

1 / 1

SSH

1 / 1

MSSQL

1 / 1

REDIS

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.101

66.132.172.101 has a threat confidence score of 85%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 71 honeypot sessions targeting HTTP, SIP, HTTPS, IMAP, SMTP and 6 other protocols. First observed on March 19, 2026, most recently active March 23, 2026.

$ sikker behaviors 66.132.172.101catalog →

infoHttp Root Path Request11x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Censys Tls Capability Probe1x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.172.101

http_method_get14 elastic_http_get_request11 sip_call_id_alphanumeric_entropy6 elastic_http_bad_request_path_probe4 http_path_bad_request3 elastic_root_path_probe3 redis_ping1 ftp_auth_tls1 https_path_root1 smtp_ehlo_greeting1 redis_info_uppercase1 http2_pri_method_probe1 https_path_bad_request1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 redis_nonexistent_command1 elastic_cluster_stats_request1 smtp_starttls_upgrade_request1 elastic_http_favicon_path_probe1 smtp_ehlo_censys_scanner_identifier1

$ sikker related 66.132.172.101

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.195.33	39%	2
66.132.172.192	91%	71
66.132.172.135	82%	56
66.132.172.198	95%	41
66.132.195.38	42%	3

IP Address	Confidence	Events
157.254.223.78	95%	804
154.23.188.210	95%	1,074
54.159.23.131	50%	16
54.172.51.23	48%	12
157.230.189.2	56%	2