Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.191 was found in our database!

$ whois 66.132.172.191

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.191scoring →

confidence

85%Very High

first_seen·Mar 21, 2026

last_seen·1h ago

first_reported·Mar 21, 2026

last_reported·12h ago

sessions·30

events·30

reports·1

$ sikker protocols 66.132.172.191

SMTP

20 / 20

HTTP

5 / 5

SIP

4 / 4

FTP

1 / 1

MONGODB

0 / 0 / 1r

$ sikker summary 66.132.172.191

66.132.172.191 has a threat confidence score of 85%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 30 honeypot sessions and reported 1 times targeting SMTP, HTTP, SIP, FTP, MONGODB protocols. First observed on March 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 66.132.172.191catalog →

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.172.191

http_method_get3 sip_call_id_alphanumeric_entropy3 ftp_auth_tls1 http_path_bad_request1

$ sikker reports 66.132.172.191submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 18:34	Brute Force	MONGODB	SikkerGuard: 8 blocked packets

$ sikker related 66.132.172.191

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTP→SIP·More threats targetingSIP→FTP·More threats targetingFTP→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.153.136	100%	2,015
167.94.138.44	50%	1,600
206.168.34.34	50%	1,721
162.142.125.221	50%	2,477
162.142.125.211	50%	2,315

IP Address	Confidence	Events
44.247.181.228	60%	1,189
208.3.195.65	100%	98,645
198.235.24.238	97%	294
92.118.39.92	100%	104,220
45.205.1.8	95%	6,335