Check an IP Address, Domain Name, Subnet, or ASN

20.171.25.13 was found in our database!

$ whois 20.171.25.13

country·🇺🇸 United States

city·Phoenix

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.171.25.13scoring →

confidence

65%High

first_seen·Jan 28, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·6d ago

sessions·29

events·40

reports·1

$ sikker protocols 20.171.25.13

SIP

10 / 17

DOCKER

6 / 8

SMTP

3 / 5

MSSQL

3 / 3 / 1r

HTTP

3 / 3

MONGODB

2 / 2

RTSP

1 / 1

REDIS

1 / 1

$ sikker summary 20.171.25.13

20.171.25.13 has a threat confidence score of 65%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 29 honeypot sessions and reported 1 times targeting SIP, DOCKER, SMTP, MSSQL, HTTP and 3 other protocols. First observed on January 28, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.171.25.13catalog →

infoDocker Invalid Protocol Probe6x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.171.25.13

docker_get_method8 docker_bad_request_uri8 http_method_get3 http_path_bad_request3 redis_mglndd_client_identifier_tag1

$ sikker reports 20.171.25.13submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 14, 2026, 18:20	Brute Force	MSSQL	SikkerGuard: 2 blocked packets

$ sikker related 20.171.25.13

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→SIP·More threats targetingSIP→DOCK·More threats targetingDOCKER→SMTP·More threats targetingSMTP→MSSQ·More threats targetingMSSQL→HTTP·More threats targetingHTTP→MONG·More threats targetingMONGODB→RTSP·More threats targetingRTSP→REDI·More threats targetingREDIS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	1,083
135.237.126.84	78%	163
20.46.235.137	69%	124
128.203.204.25	51%	98
48.214.144.125	74%	161

IP Address	Confidence	Events
157.230.224.183	99%	434
162.142.125.44	50%	1,729
92.118.39.72	100%	116,780
66.132.172.134	81%	29
144.172.105.60	98%	38,911