Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.196 was found in our database!

$ whois 66.132.172.196

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.196scoring →

confidence

89%Very High

first_seen·Mar 19, 2026

last_seen·2h ago

first_reported·Mar 20, 2026

last_reported·1d ago

sessions·38

events·38

reports·1

$ sikker protocols 66.132.172.196

HTTPS

8 / 8

SMTP

7 / 7

POSTGRES

7 / 7

IMAP

5 / 5

SSH

4 / 4

ELASTICSEARCH

3 / 3

SMB

1 / 1

MSSQL

1 / 1

DOCKER

1 / 1

MONGODB

1 / 1

MYSQL

0 / 0 / 1r

$ sikker summary 66.132.172.196

66.132.172.196 has a threat confidence score of 89%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 38 honeypot sessions and reported 1 times targeting HTTPS, SMTP, POSTGRES, IMAP, SSH and 6 other protocols. First observed on March 19, 2026, most recently active March 21, 2026.

$ sikker behaviors 66.132.172.196catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 66.132.172.196

elastic_http_get_request21 elastic_http_bad_request_path_probe6 docker_get_method5 elastic_root_path_probe5 docker_bad_request_uri3 elastic_nodes_enumeration3 elastic_cluster_stats_request3 http2_pri_method_probe2 http2_pri_asterisk_probe2 elastic_http_favicon_path_probe2 https_path_root1 mongodb_ismaster1 smtp_ehlo_greeting1 mongodb_buildinfo_admin_command1 smtp_ehlo_censys_scanner_identifier1 elastic_http_security_txt_path_probe1

$ sikker reports 66.132.172.196submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 12:24	Brute Force	MYSQL	SikkerGuard: 12 blocked packets

$ sikker related 66.132.172.196

Report IP WHOIS Lookup →

IP Address	Confidence	Events
162.142.125.37	50%	1,729
66.132.172.211	67%	23
66.132.172.181	80%	27
66.132.172.212	84%	24
66.132.172.108	84%	35

IP Address	Confidence	Events
92.118.39.72	100%	116,960
154.23.188.210	95%	683
92.118.39.56	100%	116,874
38.54.50.81	97%	2,728
108.59.252.119	74%	3