Check an IP Address, Domain Name, Subnet, or ASN

66.132.195.42 was found in our database!

$ whois 66.132.195.42

country·🇺🇸 United States

network·Standard

$ sikker risk 66.132.195.42scoring →

confidence

87%Very High

first_seen·Mar 22, 2026

last_seen·just now

sessions·29

events·29

$ sikker protocols 66.132.195.42

HTTP

10 / 10

RDP

6 / 6

HTTPS

6 / 6

SMTP

3 / 3

DOCKER

1 / 1

MONGODB

1 / 1

POSTGRES

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.195.42

66.132.195.42 has a threat confidence score of 87%. This IP address from United States has been observed in 29 honeypot sessions targeting HTTP, RDP, HTTPS, SMTP, DOCKER and 3 other protocols. First observed on March 22, 2026, most recently active March 25, 2026.

$ sikker behaviors 66.132.195.42catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

mediumMongodb Version Fingerprinting Reconnaissance1x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 66.132.195.42

elastic_http_get_request9 http_method_get6 docker_get_method5 docker_bad_request_uri3 elastic_http_bad_request_path_probe3 elastic_root_path_probe2 mongodb_ismaster1 http_path_bad_request1 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 elastic_http_favicon_path_probe1 mongodb_buildinfo_admin_command1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.195.42

🇺🇸·More threats fromUnited States→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→MONG·More threats targetingMONGODB→POST·More threats targetingPOSTGRES→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
195.184.76.145	59%	86
92.118.39.76	100%	110,198
45.205.1.8	97%	9,726
209.222.101.54	98%	55,336
15.204.128.147	96%	2,902