Check an IP Address, Domain Name, Subnet, or ASN

172.174.200.225 was found in our database!

$ whois 172.174.200.225

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 172.174.200.225scoring →

confidence

85%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 12, 2026

last_reported·24d ago

sessions·133

events·182

reports·1

$ sikker protocols 172.174.200.225

HTTP

24 / 42

HTTPS

24 / 37

SMTP

16 / 24

SIP

10 / 14

TELNET

14 / 14

ELASTICSEARCH

11 / 11

DOCKER

5 / 9 / 1r

IMAP

4 / 6

POSTGRES

6 / 6

FTP

4 / 4

SMB

4 / 4

SSH

4 / 4

MSSQL

4 / 4

RTSP

1 / 1

REDIS

1 / 1

MONGODB

1 / 1

$ sikker summary 172.174.200.225

172.174.200.225 has a threat confidence score of 85%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 133 honeypot sessions and reported 1 times targeting HTTP, HTTPS, SMTP, SIP, TELNET and 11 other protocols. First observed on January 21, 2026, most recently active April 6, 2026.

$ sikker behaviors 172.174.200.225catalog →

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 172.174.200.225

elastic_http_get_request15 elastic_http_bad_request_path_probe11 http_method_get9 docker_get_method9 smtp_ehlo_greeting8 docker_bad_request_uri4 https_path_root3 elastic_root_path_probe3 redis_info_lowercase1 http_path_bad_request1

$ sikker reports 172.174.200.225submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 12, 2026, 21:58	Brute Force	DOCKER	SikkerGuard: 2 blocked packets

$ sikker related 172.174.200.225

Report IP WHOIS Lookup →

IP Address	Confidence	Events
13.89.125.230	92%	199
135.237.126.135	89%	180
135.237.127.54	52%	520
20.171.8.1	88%	214
20.65.194.102	94%	197

IP Address	Confidence	Events
209.222.101.54	99%	57,726
162.216.150.139	79%	139
135.237.127.54	52%	520
173.239.218.151	85%	2,151
147.185.133.41	61%	224