Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.212 was found in our database!

$ whois 66.132.172.212

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.212scoring →

confidence

84%Very High

first_seen·Mar 20, 2026

last_seen·1h ago

sessions·24

events·24

$ sikker protocols 66.132.172.212

HTTPS

9 / 9

RDP

6 / 6

HTTP

5 / 5

SSH

2 / 2

TELNET

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.212

66.132.172.212 has a threat confidence score of 84%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 24 honeypot sessions targeting HTTPS, RDP, HTTP, SSH, TELNET and 1 other protocols. First observed on March 20, 2026, most recently active March 22, 2026.

$ sikker behaviors 66.132.172.212catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.172.212

http_method_get3 elastic_http_get_request3 https_path_root1 http_path_bad_request1 https_path_bad_request1 elastic_root_path_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.172.212

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
206.168.34.36	50%	1,670
167.94.138.168	50%	1,719
66.132.172.166	27%	1
206.168.34.125	49%	1,311
206.168.34.213	50%	2,022

IP Address	Confidence	Events
5.253.86.23	97%	4,840
134.209.67.210	90%	91
198.211.112.202	39%	4
181.215.65.49	85%	2,514
216.218.206.66	100%	2,327