Check an IP Address, Domain Name, Subnet, or ASN

172.202.114.34 was found in our database!

$ whois 172.202.114.34

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 172.202.114.34scoring →

confidence

81%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·124

events·180

$ sikker protocols 172.202.114.34

HTTPS

58 / 83

HTTP

11 / 19

SSH

8 / 13

SMTP

6 / 12

SMB

10 / 11

FTP

4 / 7

DOCKER

3 / 7

IMAP

4 / 6

POSTGRES

5 / 5

RDP

4 / 4

TELNET

4 / 4

ELASTICSEARCH

4 / 4

MONGODB

1 / 3

MSSQL

2 / 2

$ sikker summary 172.202.114.34

172.202.114.34 has a threat confidence score of 81%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 124 honeypot sessions targeting HTTPS, HTTP, SSH, SMTP, SMB and 9 other protocols. Detected attack patterns include https autodiscover powershell probe. First observed on January 23, 2026, most recently active April 6, 2026.

$ sikker behaviors 172.202.114.34catalog →

highHttps Autodiscover Powershell Probe1x

HTTPS request to /autodiscover/autodiscover.json with a query string containing @zdi/Powershell.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 172.202.114.34

http_method_get6 elastic_http_get_request6 mongodb_buildinfo3 smtp_ehlo_greeting3 elastic_http_bad_request_path_probe3 docker_get_method2 http_path_bad_request2 ftp_auth_tls1 elastic_root_path_probe1 https_autodiscover_json_path_probe1 https_query_powershell_reference_zdi1

$ sikker related 172.202.114.34

Report IP WHOIS Lookup →

IP Address	Confidence	Events
52.172.177.191	100%	993
20.80.88.247	85%	146
20.65.194.133	85%	140
20.15.163.51	77%	174
128.203.203.196	58%	131

IP Address	Confidence	Events
16.58.56.214	100%	41,887
92.118.39.92	100%	110,554
92.118.39.56	100%	120,103
205.210.31.102	97%	360
9.234.10.182	85%	158