Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.136 was found in our database!

$ whois 66.132.172.136

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.136scoring →

confidence

81%Very High

first_seen·Mar 19, 2026

last_seen·1h ago

sessions·23

events·23

$ sikker protocols 66.132.172.136

HTTPS

10 / 10

RDP

6 / 6

SSH

2 / 2

SMTP

2 / 2

DOCKER

1 / 1

TELNET

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.136

66.132.172.136 has a threat confidence score of 81%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 23 honeypot sessions targeting HTTPS, RDP, SSH, SMTP, DOCKER and 2 other protocols. First observed on March 19, 2026, most recently active March 21, 2026.

$ sikker behaviors 66.132.172.136catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoSmtp Censys Tls Capability Probe2x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.172.136

elastic_http_get_request9 docker_get_method5 docker_bad_request_uri3 elastic_http_bad_request_path_probe3 smtp_ehlo_greeting2 elastic_root_path_probe2 smtp_starttls_upgrade_request2 smtp_ehlo_censys_scanner_identifier2 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 elastic_http_favicon_path_probe1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.172.136

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→SSH·More threats targetingSSH→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
206.168.34.32	49%	1,593
206.168.34.63	49%	1,841
206.168.34.221	50%	2,270
66.132.153.129	100%	1,806
206.168.34.217	50%	1,748

IP Address	Confidence	Events
38.54.50.81	96%	1,617
92.118.39.92	100%	103,497
159.89.236.241	98%	341
38.54.104.5	97%	598
3.129.187.38	100%	29,719