Check an IP Address, Domain Name, Subnet, or ASN

66.132.224.228 was found in our database!

$ whois 66.132.224.228

country·🇺🇸 United States

network·Standard

$ sikker risk 66.132.224.228scoring →

confidence

93%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·118

events·118

$ sikker protocols 66.132.224.228

RDP

18 / 18

HTTPS

17 / 17

POSTGRES

17 / 17

SIP

12 / 12

HTTP

10 / 10

IMAP

10 / 10

SMTP

9 / 9

FTP

4 / 4

SSH

4 / 4

REDIS

4 / 4

TELNET

3 / 3

ELASTICSEARCH

3 / 3

SMB

2 / 2

MSSQL

2 / 2

MONGODB

2 / 2

DOCKER

1 / 1

$ sikker summary 66.132.224.228

66.132.224.228 has a threat confidence score of 93%. This IP address from United States has been observed in 118 honeypot sessions targeting RDP, HTTPS, POSTGRES, SIP, HTTP and 11 other protocols. First observed on March 23, 2026, most recently active April 2, 2026.

$ sikker behaviors 66.132.224.228catalog →

mediumRdp Legacy Plaintext Authentication Attempt3x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

mediumMongodb Version Fingerprinting Reconnaissance2x

Remote client performs MongoDB service validation and environment fingerprinting by first initiating a wire-protocol handshake (ismaster / hello) followed by execution of the buildInfo command against the admin database. This sequence indicates targeted reconnaissance to determine server role, software version, build characteristics, and platform details. Such activity is commonly associated with automated scanning frameworks and pre-exploitation tooling used to assess exposure and identify version-specific vulnerabilities prior to authentication attempts or database enumeration

infoFtp Tls Upgrade4x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 66.132.224.228

elastic_http_get_request9 docker_get_method5 ftp_auth_tls4 http_method_get4 sip_call_id_alphanumeric_entropy4 docker_bad_request_uri3 elastic_root_path_probe3 elastic_nodes_enumeration3 elastic_cluster_stats_request3 rdp_legacy_plaintext_authenthication3 https_path_root2 mongodb_ismaster2 mongodb_buildinfo_admin_command2 https_path_bad_request1

$ sikker related 66.132.224.228

Report IP WHOIS Lookup →

IP Address	Confidence	Events
3.132.26.232	100%	14,709
167.94.146.58	50%	3,113
92.118.39.63	100%	66,945
143.198.60.193	30%	2
92.118.39.62	100%	385,912