Check an IP Address, Domain Name, Subnet, or ASN

66.132.224.236 was found in our database!

$ whois 66.132.224.236

country·🇺🇸 United States

network·Standard

$ sikker risk 66.132.224.236scoring →

confidence

92%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·46

events·46

$ sikker protocols 66.132.224.236

HTTP

15 / 15

IMAP

10 / 10

HTTPS

8 / 8

RDP

6 / 6

FTP

2 / 2

SSH

1 / 1

RTSP

1 / 1

SMTP

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 66.132.224.236

66.132.224.236 has a threat confidence score of 92%. This IP address from United States has been observed in 46 honeypot sessions targeting HTTP, IMAP, HTTPS, RDP, FTP and 5 other protocols. First observed on March 23, 2026, most recently active March 25, 2026.

$ sikker behaviors 66.132.224.236catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe3x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoSmtp Censys Tls Capability Probe1x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

$ sikker primitives 66.132.224.236

http_method_get9 elastic_http_get_request9 docker_get_method5 http_path_bad_request3 docker_bad_request_uri3 elastic_http_bad_request_path_probe3 ftp_auth_tls2 elastic_root_path_probe2 rtsp_options1 https_path_root1 smtp_ehlo_greeting1 http2_pri_method_probe1 http2_pri_asterisk_probe1 elastic_nodes_enumeration1 elastic_cluster_stats_request1 smtp_starttls_upgrade_request1 elastic_http_favicon_path_probe1 smtp_ehlo_censys_scanner_identifier1 rdp_legacy_plaintext_authenthication1

$ sikker related 66.132.224.236

🇺🇸·More threats fromUnited States→HTTP·More threats targetingHTTP→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→FTP·More threats targetingFTP→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→SMTP·More threats targetingSMTP→DOCK·More threats targetingDOCKER→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.61.184.223	99%	9,833
68.68.101.178	94%	19,882
92.118.39.95	100%	83,058
161.35.126.145	46%	88
20.64.105.234	77%	127