Check an IP Address, Domain Name, Subnet, or ASN

20.171.8.42 was found in our database!

$ whois 20.171.8.42

country·🇺🇸 United States

city·Phoenix

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.171.8.42scoring →

confidence

83%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 6, 2026

last_reported·24d ago

sessions·131

events·175

reports·1

$ sikker protocols 20.171.8.42

HTTPS

63 / 83

HTTP

9 / 17 / 1r

SMTP

13 / 14

IMAP

8 / 12

MONGODB

6 / 8

SIP

3 / 7

RDP

6 / 6

DOCKER

4 / 6

ELASTICSEARCH

4 / 6

SMB

4 / 4

SSH

4 / 4

REDIS

4 / 4

POSTGRES

3 / 4

$ sikker summary 20.171.8.42

20.171.8.42 has a threat confidence score of 83%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 131 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SMTP, IMAP, MONGODB and 8 other protocols. First observed on January 23, 2026, most recently active March 30, 2026.

$ sikker behaviors 20.171.8.42catalog →

mediumRedis Mglndd Campaign Activity1x

Authenticated Redis sessions where the source issues a command containing the MGLNDD_[ip]_6379 pattern. The value is transmitted as part of the executed command rather than connection metadata and appears programmatically generated. This behavior groups activity where the previously defined primitive detects the MGLNDD command pattern, reflecting automated Redis interaction observed through honeypot telemetry. No assumptions are made about operator intent beyond the execution of this specific command string.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.171.8.42

http_method_get6 docker_get_method4 elastic_http_get_request4 https_path_root3 redis_info_lowercase2 smtp_ehlo_greeting1 sip_call_id_token_at_ip1 redis_mglndd_client_identifier_tag1 elastic_http_bad_request_path_probe1

$ sikker reports 20.171.8.42submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 6, 2026, 08:12	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 20.171.8.42

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.219.16.34	95%	1,536
20.203.42.204	100%	2,926
172.190.112.206	58%	37
20.15.163.174	65%	156
52.180.137.70	64%	150

IP Address	Confidence	Events
34.182.102.90	80%	5,435
92.118.39.87	100%	260,414
162.254.3.130	86%	26,537
45.61.184.223	99%	31,852
104.243.32.182	99%	7,690