Check an IP Address, Domain Name, Subnet, or ASN

172.178.83.104 was found in our database!

$ whois 172.178.83.104

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 172.178.83.104scoring →

confidence

77%High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 15, 2026

last_reported·5d ago

sessions·135

events·175

reports·1

$ sikker protocols 172.178.83.104

HTTPS

50 / 64

HTTP

16 / 26

FTP

10 / 20

SMB

12 / 13

IMAP

10 / 12

TELNET

8 / 8

SSH

7 / 7 / 1r

SMTP

6 / 6

MONGODB

5 / 5

WINRM

2 / 4

POSTGRES

3 / 4

MSSQL

3 / 3

ELASTICSEARCH

2 / 2

DOCKER

1 / 1

$ sikker summary 172.178.83.104

172.178.83.104 has a threat confidence score of 77%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 135 honeypot sessions and reported 1 times targeting HTTPS, HTTP, FTP, SMB, IMAP and 9 other protocols. First observed on January 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 172.178.83.104catalog →

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 172.178.83.104

ftp_auth_tls4 https_path_root4 elastic_http_get_request4 elastic_http_bad_request_path_probe3 ftp_auth_ssl2 http_method_get1 docker_get_method1 http_path_bad_request1 elastic_root_path_probe1

$ sikker reports 172.178.83.104submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 15, 2026, 17:09	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 172.178.83.104

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.190.51.254	100%	79
20.102.112.104	82%	1,104
172.173.200.62	89%	8
20.64.105.174	74%	172
20.29.56.192	72%	114

IP Address	Confidence	Events
185.218.138.17	97%	4,801
38.54.50.81	97%	1,978
38.54.104.5	97%	1,143
92.118.39.62	100%	371,991
64.72.74.162	53%	476