Check an IP Address, Domain Name, Subnet, or ASN

20.169.49.44 was found in our database!

$ whois 20.169.49.44

country·🇺🇸 United States

city·Phoenix

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.169.49.44scoring →

confidence

74%High

first_seen·Feb 3, 2026

last_seen·1h ago

first_reported·Mar 7, 2026

last_reported·15d ago

sessions·70

events·76

reports·1

$ sikker protocols 20.169.49.44

SMTP

12 / 12

HTTPS

12 / 12

HTTP

9 / 11 / 1r

DOCKER

6 / 10

SIP

6 / 6

SSH

6 / 6

RDP

4 / 4

SMB

4 / 4

ELASTICSEARCH

3 / 3

FTP

2 / 2

IMAP

2 / 2

REDIS

2 / 2

TELNET

2 / 2

$ sikker summary 20.169.49.44

20.169.49.44 has a threat confidence score of 74%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 70 honeypot sessions and reported 1 times targeting SMTP, HTTPS, HTTP, DOCKER, SIP and 8 other protocols. First observed on February 3, 2026, most recently active March 22, 2026.

$ sikker behaviors 20.169.49.44catalog →

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 20.169.49.44

http_method_get5 docker_get_method5 elastic_http_get_request4 elastic_http_bad_request_path_probe3 http_path_bad_request2 ftp_auth_tls1 smtp_ehlo_greeting1 redis_mglndd_client_identifier_tag1

$ sikker reports 20.169.49.44submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 7, 2026, 09:12	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 20.169.49.44

Report IP WHOIS Lookup →

IP Address	Confidence	Events
40.121.200.75	99%	50
40.124.175.233	71%	158
20.102.112.104	82%	1,929
20.62.198.61	48%	28
20.175.198.133	99%	157

IP Address	Confidence	Events
92.118.39.87	100%	252,492
35.212.167.254	29%	10
198.143.191.202	98%	85,422
18.218.118.203	100%	32,385
209.222.101.54	98%	53,560