Check an IP Address, Domain Name, Subnet, or ASN

128.203.200.49 was found in our database!

$ whois 128.203.200.49

country·🇺🇸 United States

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 128.203.200.49scoring →

confidence

64%High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·71

events·120

$ sikker protocols 128.203.200.49

HTTPS

25 / 39

HTTP

10 / 26

SSH

10 / 13

FTP

6 / 12

SMTP

6 / 10

TELNET

6 / 8

MONGODB

4 / 6

DOCKER

1 / 3

IMAP

2 / 2

POSTGRES

1 / 1

$ sikker summary 128.203.200.49

128.203.200.49 has a threat confidence score of 64%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 71 honeypot sessions targeting HTTPS, HTTP, SSH, FTP, SMTP and 5 other protocols. First observed on January 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 128.203.200.49catalog →

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 128.203.200.49

https_path_root4 mongodb_buildinfo3 http_method_get2 ftp_auth_tls1 http_path_bad_request1

$ sikker related 128.203.200.49

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→FTP·More threats targetingFTP→SMTP·More threats targetingSMTP→TELN·More threats targetingTELNET→MONG·More threats targetingMONGODB→DOCK·More threats targetingDOCKER→IMAP·More threats targetingIMAP→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.98.128.122	74%	73
13.86.104.46	58%	144
20.65.169.214	87%	141
20.235.199.122	97%	94
20.169.81.111	49%	138

IP Address	Confidence	Events
185.238.231.121	78%	3,209
97.74.90.88	97%	3,082
20.65.194.188	74%	164
135.119.112.84	61%	144
16.58.56.214	100%	32,293