Check an IP Address, Domain Name, Subnet, or ASN

20.169.85.177 was found in our database!

$ whois 20.169.85.177

country·🇺🇸 United States

city·Phoenix

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.169.85.177scoring →

confidence

80%Very High

first_seen·Jan 27, 2026

last_seen·1h ago

first_reported·Feb 28, 2026

last_reported·23d ago

sessions·125

events·156

reports·1

$ sikker protocols 20.169.85.177

HTTPS

52 / 60

HTTP

13 / 17

IMAP

12 / 15

FTP

4 / 14

SMTP

10 / 13

POSTGRES

6 / 8

MONGODB

6 / 6

ELASTICSEARCH

6 / 6

SSH

4 / 5

SMB

4 / 4

MSSQL

4 / 4

SIP

2 / 2

DOCKER

2 / 2

MYSQL

0 / 0 / 1r

$ sikker summary 20.169.85.177

20.169.85.177 has a threat confidence score of 80%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 125 honeypot sessions and reported 1 times targeting HTTPS, HTTP, IMAP, FTP, SMTP and 9 other protocols. First observed on January 27, 2026, most recently active March 24, 2026.

$ sikker behaviors 20.169.85.177catalog →

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.169.85.177

http_method_get8 https_path_root7 elastic_http_get_request7 smtp_ehlo_greeting3 http_path_bad_request3 elastic_http_bad_request_path_probe3 ftp_auth_ssl2 ftp_auth_tls2 docker_get_method2

$ sikker reports 20.169.85.177submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 28, 2026, 22:15	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 20.169.85.177

Report IP WHOIS Lookup →

IP Address	Confidence	Events
135.237.126.194	68%	156
20.102.112.104	82%	2,743
52.140.102.59	95%	1,084
20.219.16.35	95%	1,057
172.202.117.179	83%	146

IP Address	Confidence	Events
47.77.233.243	83%	3,710
154.16.112.232	100%	342,311
92.118.39.56	100%	117,386
192.155.88.83	32%	2
20.102.112.104	82%	2,746