Check an IP Address, Domain Name, Subnet, or ASN

66.132.186.163 was found in our database!

$ whois 66.132.186.163

country·🇺🇸 United States

network·Standard

$ sikker risk 66.132.186.163scoring →

confidence

83%Very High

first_seen·Mar 22, 2026

last_seen·1h ago

sessions·33

events·33

$ sikker protocols 66.132.186.163

HTTP

10 / 10

HTTPS

8 / 8

RDP

6 / 6

SMTP

3 / 3

MSSQL

2 / 2

DOCKER

2 / 2

FTP

1 / 1

SIP

1 / 1

$ sikker summary 66.132.186.163

66.132.186.163 has a threat confidence score of 83%. This IP address from United States has been observed in 33 honeypot sessions targeting HTTP, HTTPS, RDP, SMTP, MSSQL and 3 other protocols. First observed on March 22, 2026, most recently active March 26, 2026.

$ sikker behaviors 66.132.186.163catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 66.132.186.163

http_method_get5 docker_get_method2 docker_bad_request_uri2 ftp_auth_tls1 https_path_root1 https_path_bad_request1 sip_call_id_alphanumeric_entropy1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.186.163

🇺🇸·More threats fromUnited States→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→SMTP·More threats targetingSMTP→MSSQ·More threats targetingMSSQL→DOCK·More threats targetingDOCKER→FTP·More threats targetingFTP→SIP·More threats targetingSIP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
23.227.173.100	100%	1,206
192.210.186.10	100%	641
66.132.172.34	93%	109
92.118.39.56	100%	117,922
205.251.116.71	95%	1,108