Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.206 was found in our database!

$ whois 66.132.172.206

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.206scoring →

confidence

78%High

first_seen·Mar 20, 2026

last_seen·1h ago

sessions·18

events·18

$ sikker protocols 66.132.172.206

HTTPS

12 / 12

HTTP

5 / 5

MONGODB

1 / 1

$ sikker summary 66.132.172.206

66.132.172.206 has a threat confidence score of 78%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 18 honeypot sessions targeting HTTPS, HTTP, MONGODB protocols. First observed on March 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 66.132.172.206catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 66.132.172.206

http_method_get2 https_path_root1 mongodb_ismaster1 mongodb_buildinfo_admin_command1

$ sikker related 66.132.172.206

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.172.201	88%	35
206.168.34.212	50%	1,949
66.132.153.113	100%	2,767
66.132.153.131	100%	2,075
66.132.172.45	80%	25

IP Address	Confidence	Events
159.89.52.241	86%	21
147.185.132.41	62%	63
38.54.50.81	96%	1,074
170.106.167.247	94%	563
20.102.112.104	82%	730