Check an IP Address, Domain Name, Subnet, or ASN

20.104.19.212 was found in our database!

$ whois 20.104.19.212

country·🇨🇦 Canada

city·Toronto

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.104.19.212scoring →

confidence

77%High

first_seen·Apr 9, 2026

last_seen·11d ago

sessions·2

events·2

$ sikker protocols 20.104.19.212

HTTPS

2 / 2

$ sikker summary 20.104.19.212

20.104.19.212 has a threat confidence score of 77%. This IP address from Canada (AS8075, Microsoft Corporation) has been observed in 2 honeypot sessions targeting HTTPS protocols. Detected attack patterns include https androxgh0st root probe, https dotenv environment file exposure probe. First observed on April 9, 2026, most recently active April 9, 2026.

$ sikker behaviors 20.104.19.212catalog →

highHttps Androxgh0st Root Probe1x

HTTPS request to / with request body containing 0x%5B%5D=androxgh0st.

highHttps Dotenv Environment File Exposure Probe1x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

$ sikker primitives 20.104.19.212

https_path_root1 https_path_dotenv1 https_request_body_0x_5b_5d_androxgh0st1

$ sikker related 20.104.19.212

🇨🇦·More threats fromCanada→AS·More threats fromMicrosoft Corporation→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
4.186.56.66	92%	126
172.203.245.82	87%	190
20.65.195.123	95%	198
52.188.81.67	86%	229
40.124.186.100	89%	217

IP Address	Confidence	Events
149.56.155.187	97%	7,636
99.241.94.234	82%	614
139.177.194.14	30%	2
51.222.40.109	100%	3,594
192.53.122.47	23%	1