Check an IP Address, Domain Name, Subnet, or ASN

66.240.219.146 was found in our database!

$ whois 66.240.219.146

country·🇺🇸 United States

isp·CariNet, Inc.

asn·AS10439

network·Standard

$ sikker risk 66.240.219.146scoring →

confidence

100%Very High

first_seen·Jan 22, 2026

last_seen·1d ago

first_reported·Mar 11, 2026

last_reported·Mar 14, 2026

sessions·1,846

events·2,535

reports·2

$ sikker protocols 66.240.219.146

SMTP

580 / 1,038

HTTPS

281 / 352

FTP

222 / 222

TELNET

211 / 221

HTTP

125 / 195

SSH

145 / 181 / 1r

IMAP

176 / 176

DOCKER

22 / 44

SIP

31 / 33

RTSP

27 / 27

REDIS

7 / 27

MSSQL

12 / 12

POSTGRES

5 / 5

SMB

1 / 1 / 1r

ELASTICSEARCH

1 / 1

$ sikker summary 66.240.219.146

66.240.219.146 has a threat confidence score of 100%. This IP address from United States (AS10439, CariNet, Inc.) has been observed in 1,846 honeypot sessions and reported 2 times targeting SMTP, HTTPS, FTP, TELNET, HTTP and 10 other protocols. First observed on January 22, 2026, most recently active May 8, 2026.

$ sikker behaviors 66.240.219.146catalog →

mediumSip Request Uri Sip Nm23x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

mediumRedis Structured Service Enumeration7x

Identifies coordinated Redis service reconnaissance consisting of INFO retrieval, CLIENT LIST enumeration of connected peers, and incremental keyspace iteration via SCAN. This tightly grouped pattern reflects automated or manual post-access mapping of server configuration, active clients, and stored keyspace structure. The sequence indicates structured environment profiling prior to potential data extraction or exploitation.

lowRtsp Options Probe14x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoSmtp Tls Capability Probe79x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttp Root Path Request27x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get26x

HTTP request using GET method.

infoFtp Tls Upgrade17x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Path Robots Txt9x

HTTPS request to /robots.txt.

infoHttp Fetch Robots Txt7x

HTTP GET request to /robots.txt.

infoDocker Invalid Protocol Probe7x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 66.240.219.146

empty_ftp_command148 smtp_ehlo_greeting113 smtp_starttls_upgrade_request109 docker_get_method84 docker_bad_request_uri43 ftp_auth_tls35 http_method_get33 sip_request_uri_sip_nm23 ftp_user_probe18 ftp_help_request18 ftp_password_attempt18 ftp_feature_list_request18 rtsp_options14 https_path_robots_txt9 redis_info_uppercase7 http_robots_txt_path_probe7 redis_scan_cursor_iteration7 redis_client_list_enumeration7 elastic_http_get_request5 smb_root_read4

$ sikker reports 66.240.219.146submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 14, 2026, 08:04	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 11, 2026, 01:24	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 66.240.219.146

Report IP WHOIS Lookup →

IP Address	Confidence	Events
71.6.135.131	100%	4,281
71.6.167.142	100%	2,800
71.6.146.185	100%	3,759
66.240.205.34	85%	2,753
66.240.192.82	98%	903

IP Address	Confidence	Events
157.254.223.81	95%	5,078
8.39.235.78	95%	298
207.244.242.144	93%	57
173.239.254.90	85%	665
165.245.172.235	44%	2