Check an IP Address, Domain Name, Subnet, or ASN

172.178.82.191 was found in our database!

$ whois 172.178.82.191

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 172.178.82.191scoring →

confidence

88%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Feb 26, 2026

last_reported·Mar 3, 2026

sessions·170

events·224

reports·2

$ sikker protocols 172.178.82.191

HTTPS

75 / 101

HTTP

25 / 33

SMTP

10 / 14 / 1r

IMAP

8 / 12

MONGODB

10 / 12

DOCKER

5 / 11

TELNET

10 / 11

ELASTICSEARCH

8 / 8

SSH

6 / 6

POSTGRES

5 / 5

SMB

4 / 4

SIP

1 / 3

RDP

2 / 2

REDIS

1 / 2

FTP

0 / 0 / 1r

$ sikker summary 172.178.82.191

172.178.82.191 has a threat confidence score of 88%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 170 honeypot sessions and reported 2 times targeting HTTPS, HTTP, SMTP, IMAP, MONGODB and 10 other protocols. First observed on January 22, 2026, most recently active April 6, 2026.

$ sikker behaviors 172.178.82.191catalog →

lowHttps Path Developmentserver Metadatauploader Probe3x

HTTPS request to /developmentserver/metadatauploader.

lowRedis Info Reconnaissance1x

The client authenticated to a Redis service and executed the INFO command (info / redis_info_lowercase) without attempting configuration changes, data access, or command execution. The INFO command retrieves server metadata including version, role (master/replica), connected clients, memory usage, persistence settings, and replication status. This behavior is consistent with automated reconnaissance activity where a bot validates exposure, fingerprints the Redis instance, and determines whether it is a viable target for follow-up exploitation (e.g., replication abuse, module loading, or persistence manipulation). No destructive or modification activity was observed in this session.

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 172.178.82.191

elastic_http_get_request11 elastic_http_bad_request_path_probe7 docker_get_method4 mongodb_buildinfo3 smtp_ehlo_greeting3 elastic_root_path_probe3 https_path_developmentserver_metadatauploader3 docker_bad_request_uri2 http_method_get1 https_path_root1 redis_info_lowercase1 http_path_bad_request1

$ sikker reports 172.178.82.191submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 3, 2026, 04:10	Brute Force	SMTP	SikkerGuard: 2 blocked packets
User	Feb 26, 2026, 15:26	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 172.178.82.191

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.175.205.56	99%	165
172.215.217.104	100%	116
145.132.102.99	99%	80
20.83.185.81	85%	165
20.168.13.53	79%	195

IP Address	Confidence	Events
185.218.138.16	97%	10,527
20.55.86.54	100%	133
167.94.146.61	50%	3,499
205.210.31.165	98%	286
198.143.191.202	98%	85,993