Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.132 was found in our database!

$ whois 66.132.172.132

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.132scoring →

confidence

86%Very High

first_seen·Mar 20, 2026

last_seen·1h ago

sessions·43

events·43

$ sikker protocols 66.132.172.132

HTTP

16 / 16

IMAP

10 / 10

SIP

6 / 6

HTTPS

3 / 3

SMB

2 / 2

SMTP

2 / 2

RTSP

1 / 1

MSSQL

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.132

66.132.172.132 has a threat confidence score of 86%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 43 honeypot sessions targeting HTTP, IMAP, SIP, HTTPS, SMB and 5 other protocols. First observed on March 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 66.132.172.132catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoSmtp Censys Tls Capability Probe1x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.172.132

elastic_http_get_request12 http_method_get9 sip_call_id_alphanumeric_entropy6 docker_get_method5 docker_bad_request_uri3 elastic_root_path_probe3 elastic_http_bad_request_path_probe3 http_path_bad_request2 elastic_nodes_enumeration2 elastic_cluster_stats_request2 rtsp_options1 smtp_ehlo_greeting1 http2_pri_method_probe1 http2_pri_asterisk_probe1 smtp_starttls_upgrade_request1 elastic_http_favicon_path_probe1 smtp_ehlo_censys_scanner_identifier1

$ sikker related 66.132.172.132

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→SIP·More threats targetingSIP→HTTP·More threats targetingHTTPS→SMB·More threats targetingSMB→SMTP·More threats targetingSMTP→RTSP·More threats targetingRTSP→MSSQ·More threats targetingMSSQL→DOCK·More threats targetingDOCKER→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
206.168.34.32	49%	1,611
66.132.172.130	77%	30
167.94.138.52	50%	1,361
162.142.125.43	49%	1,597
206.168.34.214	50%	2,043

IP Address	Confidence	Events
147.185.132.244	69%	114
38.54.104.5	98%	1,203
165.154.182.174	70%	192
92.118.39.62	100%	372,032
159.89.236.241	99%	390