Check an IP Address, Domain Name, Subnet, or ASN

20.102.117.125 was found in our database!

$ whois 20.102.117.125

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.102.117.125scoring →

confidence

82%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·11d ago

sessions·120

events·159

reports·2

$ sikker protocols 20.102.117.125

HTTPS

49 / 59

FTP

8 / 16

IMAP

10 / 16

SMTP

10 / 14

SSH

8 / 13

HTTP

9 / 11

POSTGRES

5 / 6

SMB

4 / 5

DOCKER

4 / 4 / 1r

RDP

4 / 4

MSSQL

4 / 4

SIP

1 / 3

TELNET

2 / 2

RTSP

1 / 1

ELASTICSEARCH

1 / 1

MONGODB

0 / 0 / 1r

$ sikker summary 20.102.117.125

20.102.117.125 has a threat confidence score of 82%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 120 honeypot sessions and reported 2 times targeting HTTPS, FTP, IMAP, SMTP, SSH and 11 other protocols. First observed on January 21, 2026, most recently active March 30, 2026.

$ sikker behaviors 20.102.117.125catalog →

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 20.102.117.125

http_method_get6 https_path_root5 docker_get_method4 ftp_auth_tls2 http_path_bad_request2 docker_bad_request_uri2 ftp_auth_ssl1 smtp_ehlo_greeting1 elastic_http_get_request1

$ sikker reports 20.102.117.125submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 13:01	Brute Force	DOCKER	SikkerGuard: 2 blocked packets
User	Mar 8, 2026, 17:42	Brute Force	MONGODB	SikkerGuard: 2 blocked packets

$ sikker related 20.102.117.125

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.219.16.35	95%	1,665
40.71.90.11	97%	133
40.76.137.53	76%	550
52.169.217.131	100%	594
20.24.100.112	100%	115

IP Address	Confidence	Events
68.71.247.133	38%	292
24.227.77.18	85%	2,726
15.204.128.147	96%	3,940
40.76.137.53	76%	549
92.118.39.56	100%	118,649