Check an IP Address, Domain Name, Subnet, or ASN

66.132.172.216 was found in our database!

$ whois 66.132.172.216

country·🇺🇸 United States

isp·Censys, Inc.

asn·AS398324

network·Standard

$ sikker risk 66.132.172.216scoring →

confidence

90%Very High

first_seen·Mar 20, 2026

last_seen·1h ago

sessions·34

events·34

$ sikker protocols 66.132.172.216

HTTP

21 / 21

HTTPS

9 / 9

SSH

1 / 1

RTSP

1 / 1

MONGODB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.172.216

66.132.172.216 has a threat confidence score of 90%. This IP address from United States (AS398324, Censys, Inc.) has been observed in 34 honeypot sessions targeting HTTP, HTTPS, SSH, RTSP, MONGODB and 1 other protocols. First observed on March 20, 2026, most recently active March 22, 2026.

$ sikker behaviors 66.132.172.216catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.172.216

http_method_get11 elastic_http_get_request11 elastic_http_bad_request_path_probe4 elastic_root_path_probe3 http_path_bad_request2 rtsp_options1 https_path_root1 mongodb_ismaster1 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 elastic_http_favicon_path_probe1 mongodb_buildinfo_admin_command1

$ sikker related 66.132.172.216

🇺🇸·More threats fromUnited States→AS·More threats fromCensys, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
66.132.172.137	85%	8
66.132.172.203	68%	10
66.132.172.136	87%	28
66.132.186.183	23%	1
66.132.172.180	70%	27

IP Address	Confidence	Events
65.49.1.217	51%	111
65.49.1.213	56%	113
65.49.1.216	57%	118
74.82.47.48	43%	54
65.49.1.221	51%	87