Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.108 was found in our database!

$ whois 66.132.172.108

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.108scoring →

confidence

85%Very High

first_seen·Mar 20, 2026

last_seen·54m ago

sessions·43

events·43

$ sikker protocols 66.132.172.108

HTTPS

23 / 23

HTTP

8 / 8

RDP

6 / 6

SIP

2 / 2

SMTP

2 / 2

REDIS

2 / 2

$ sikker summary 66.132.172.108

66.132.172.108 has a threat confidence score of 85%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 43 honeypot sessions targeting HTTPS, HTTP, RDP, SIP, SMTP and 1 other protocols. First observed on March 20, 2026, most recently active March 22, 2026.

$ sikker behaviors 66.132.172.108catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Censys Tls Capability Probe1x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.172.108

http_method_get4 redis_ping2 https_path_root2 redis_info_uppercase2 https_path_bad_request2 redis_nonexistent_command2 sip_call_id_alphanumeric_entropy2 smtp_ehlo_greeting1 smtp_starttls_upgrade_request1 smtp_ehlo_censys_scanner_identifier1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.172.108

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→SIP·More threats targetingSIP→SMTP·More threats targetingSMTP→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
206.168.34.36	50%	1,670
167.94.138.168	50%	1,719
66.132.172.166	27%	1
206.168.34.125	49%	1,311
206.168.34.213	50%	2,022

IP Address	Confidence	Events
45.205.1.20	89%	627
92.118.39.63	100%	50,377
184.105.247.196	100%	2,294
50.116.26.161	85%	1,406
96.0.160.144	87%	21,001