Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.201 was found in our database!

$ whois 66.132.172.201

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.201scoring →

confidence

88%Very High

first_seen·Mar 19, 2026

last_seen·1h ago

sessions·35

events·35

$ sikker protocols 66.132.172.201

HTTP

19 / 19

RDP

6 / 6

IMAP

5 / 5

SMTP

2 / 2

ELASTICSEARCH

2 / 2

TELNET

1 / 1

$ sikker summary 66.132.172.201

66.132.172.201 has a threat confidence score of 88%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 35 honeypot sessions targeting HTTP, RDP, IMAP, SMTP, ELASTICSEARCH and 1 other protocols. First observed on March 19, 2026, most recently active March 21, 2026.

$ sikker behaviors 66.132.172.201catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Censys Tls Capability Probe2x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.172.201

elastic_http_get_request12 http_method_get8 elastic_root_path_probe3 elastic_http_bad_request_path_probe3 smtp_ehlo_greeting2 elastic_nodes_enumeration2 elastic_cluster_stats_request2 smtp_starttls_upgrade_request2 smtp_ehlo_censys_scanner_identifier2 http_path_bad_request1 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_http_favicon_path_probe1 elastic_http_security_txt_path_probe1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.172.201

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→ELAS·More threats targetingELASTICSEARCH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.172.103	63%	16
206.168.34.47	49%	1,558
167.94.138.197	50%	1,654
66.132.153.116	100%	3,102
66.132.172.183	44%	6

IP Address	Confidence	Events
92.118.39.63	100%	48,158
185.238.231.181	85%	1,598
181.215.65.49	85%	1,652
38.54.50.81	96%	1,449
43.162.109.139	96%	1,626