Check an IP Address, Domain Name, Subnet, or ASN

66.132.195.107 was found in our database!

$ whois 66.132.195.107

country·🇺🇸 United States

network·Standard

$ sikker risk 66.132.195.107scoring →

confidence

86%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·46

events·46

$ sikker protocols 66.132.195.107

HTTPS

21 / 21

SIP

10 / 10

HTTP

5 / 5

IMAP

5 / 5

SMB

1 / 1

SSH

1 / 1

SMTP

1 / 1

REDIS

1 / 1

MONGODB

1 / 1

$ sikker summary 66.132.195.107

66.132.195.107 has a threat confidence score of 86%. This IP address from United States has been observed in 46 honeypot sessions targeting HTTPS, SIP, HTTP, IMAP, SMB and 4 other protocols. First observed on March 23, 2026, most recently active March 25, 2026.

$ sikker behaviors 66.132.195.107catalog →

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.195.107

http_method_get3 https_path_root2 sip_call_id_alphanumeric_entropy2 redis_ping1 mongodb_ismaster1 redis_info_uppercase1 http_path_bad_request1 redis_nonexistent_command1 mongodb_buildinfo_admin_command1

$ sikker related 66.132.195.107

🇺🇸·More threats fromUnited States→HTTP·More threats targetingHTTPS→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→SMB·More threats targetingSMB→SSH·More threats targetingSSH→SMTP·More threats targetingSMTP→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
18.218.118.203	100%	33,633
67.52.95.38	100%	603
154.23.188.210	95%	1,139
45.61.184.223	99%	7,844
34.193.119.44	81%	927