Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.169 was found in our database!

$ whois 66.132.172.169

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.169scoring →

confidence

90%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·47

events·47

$ sikker protocols 66.132.172.169

HTTP

17 / 17

SMTP

11 / 11

RDP

6 / 6

IMAP

5 / 5

SMB

3 / 3

RTSP

2 / 2

FTP

1 / 1

TELNET

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.169

66.132.172.169 has a threat confidence score of 90%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 47 honeypot sessions targeting HTTP, SMTP, RDP, IMAP, SMB and 4 other protocols. First observed on March 23, 2026, most recently active April 15, 2026.

$ sikker behaviors 66.132.172.169catalog →

mediumRtsp Options Multicast Profile2 Probe2x

RTSP OPTIONS request targeting /multicast/profile2/media.smp, indicating capability probing of a multicast camera stream endpoint commonly associated with IP camera profiles and observed in automated scanning activity.

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoSmtp Censys Tls Capability Probe6x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

infoHttp Http Method Get3x

HTTP request using GET method.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.172.169

elastic_http_get_request11 smtp_ehlo_greeting7 smtp_ehlo_censys_scanner_identifier7 smtp_starttls_upgrade_request6 http_method_get4 elastic_http_bad_request_path_probe4 elastic_root_path_probe3 rtsp_options2 rtsp_url_multicast_profile2_media_smp2 ftp_auth_tls1 http_path_bad_request1 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 elastic_http_favicon_path_probe1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.172.169

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTP→SMTP·More threats targetingSMTP→RDP·More threats targetingRDP→IMAP·More threats targetingIMAP→SMB·More threats targetingSMB→RTSP·More threats targetingRTSP→FTP·More threats targetingFTP→TELN·More threats targetingTELNET→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.172.128	100%	738
66.132.172.106	100%	431
66.132.195.33	100%	343
66.132.172.35	98%	281
66.132.172.133	100%	587

IP Address	Confidence	Events
173.54.156.105	27%	122
154.23.188.210	95%	2,918
185.218.138.26	97%	15,694
92.118.39.56	100%	122,424
38.146.219.190	77%	2,046