Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.137 was found in our database!

$ whois 66.132.172.137

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.137scoring →

confidence

52%Medium

first_seen·Mar 20, 2026

last_seen·2h ago

sessions·2

events·2

$ sikker protocols 66.132.172.137

REDIS

1 / 1

MONGODB

1 / 1

$ sikker summary 66.132.172.137

66.132.172.137 has a threat confidence score of 52%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 2 honeypot sessions targeting REDIS, MONGODB protocols. First observed on March 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 66.132.172.137catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

$ sikker primitives 66.132.172.137

redis_ping1 mongodb_ismaster1 redis_info_uppercase1 redis_nonexistent_command1 mongodb_buildinfo_admin_command1

$ sikker related 66.132.172.137

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.172.141	75%	19
167.94.138.123	49%	1,436
206.168.34.200	50%	2,056
206.168.34.221	50%	2,235
167.94.138.182	50%	2,524

IP Address	Confidence	Events
170.106.167.247	93%	220
68.68.101.178	92%	2,808
92.118.39.62	100%	370,637
165.227.84.17	85%	17
92.118.39.56	100%	116,374