Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.215 was found in our database!

$ whois 66.132.172.215

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.215scoring →

confidence

95%Very High

first_seen·Mar 21, 2026

last_seen·1h ago

first_reported·Mar 22, 2026

last_reported·6d ago

sessions·121

events·121

reports·1

$ sikker protocols 66.132.172.215

HTTP

33 / 33

FTP

20 / 20

RDP

16 / 16

SMTP

15 / 15

HTTPS

11 / 11

IMAP

10 / 10

SSH

4 / 4

ELASTICSEARCH

4 / 4

SMB

3 / 3

DOCKER

2 / 2

TELNET

1 / 1 / 1r

SIP

1 / 1

MSSQL

1 / 1

$ sikker summary 66.132.172.215

66.132.172.215 has a threat confidence score of 95%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 121 honeypot sessions and reported 1 times targeting HTTP, FTP, RDP, SMTP, HTTPS and 8 other protocols. First observed on March 21, 2026, most recently active March 28, 2026.

$ sikker behaviors 66.132.172.215catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request11x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe5x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Censys Tls Capability Probe1x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.172.215

elastic_http_get_request38 empty_ftp_command20 http_method_get18 docker_get_method11 elastic_root_path_probe10 elastic_http_bad_request_path_probe10 http_path_bad_request7 docker_bad_request_uri7 elastic_nodes_enumeration6 elastic_cluster_stats_request6 http2_pri_method_probe3 http2_pri_asterisk_probe3 elastic_http_favicon_path_probe3 https_path_root1 smtp_ehlo_greeting1 https_path_bad_request1 smtp_starttls_upgrade_request1 sip_call_id_alphanumeric_entropy1 smtp_ehlo_censys_scanner_identifier1 rdp_legacy_plaintext_authenthication1

$ sikker reports 66.132.172.215submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 10:08	Brute Force	TELNET	SikkerGuard: 8 blocked packets

$ sikker related 66.132.172.215

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.195.114	96%	142
66.132.195.46	85%	65
66.132.172.181	93%	170
66.132.195.117	96%	121
66.132.172.40	97%	122

IP Address	Confidence	Events
5.253.86.23	97%	6,992
50.217.40.11	51%	442
162.158.79.167	5%	2
104.23.209.202	7%	6
68.68.101.178	94%	26,246