Check an IP Address, Domain Name, Subnet, or ASN

172.202.118.20 was found in our database!

$ whois 172.202.118.20

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 172.202.118.20scoring →

confidence

84%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Mar 17, 2026

last_reported·2d ago

sessions·105

events·159

reports·1

$ sikker protocols 172.202.118.20

HTTPS

45 / 60

HTTP

14 / 29

SMTP

8 / 11 / 1r

REDIS

6 / 11

IMAP

6 / 8

DOCKER

3 / 7

TELNET

4 / 6

MONGODB

2 / 6

ELASTICSEARCH

6 / 6

SSH

4 / 5

SIP

1 / 3

SMB

2 / 3

RDP

2 / 2

POSTGRES

2 / 2

$ sikker summary 172.202.118.20

172.202.118.20 has a threat confidence score of 84%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 105 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SMTP, REDIS, IMAP and 9 other protocols. First observed on January 22, 2026, most recently active March 19, 2026.

$ sikker behaviors 172.202.118.20catalog →

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 172.202.118.20

elastic_http_get_request9 elastic_http_bad_request_path_probe7 mongodb_buildinfo6 http_method_get5 docker_get_method5 redis_info_lowercase4 docker_bad_request_uri3 https_path_root2 elastic_root_path_probe2 http_path_bad_request1

$ sikker reports 172.202.118.20submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 17, 2026, 07:02	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 172.202.118.20

Report IP WHOIS Lookup →

IP Address	Confidence	Events
13.71.92.229	100%	727
20.123.9.61	96%	84
20.102.112.104	74%	136
40.124.173.251	77%	194
20.64.106.28	87%	128

IP Address	Confidence	Events
161.35.109.12	91%	35
20.102.112.104	74%	142
92.118.39.62	100%	369,956
205.210.31.42	96%	247
162.254.3.130	87%	13,459