Check an IP Address, Domain Name, Subnet, or ASN

20.81.47.186 was found in our database!

$ whois 20.81.47.186

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.81.47.186scoring →

confidence

81%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 4, 2026

last_reported·19d ago

sessions·149

events·215

reports·1

$ sikker protocols 20.81.47.186

HTTPS

66 / 81

HTTP

22 / 30 / 1r

SMTP

10 / 18

FTP

6 / 17

DOCKER

6 / 14

TELNET

8 / 14

SSH

8 / 13

MONGODB

6 / 10

SMB

6 / 7

ELASTICSEARCH

6 / 6

MSSQL

5 / 5

$ sikker summary 20.81.47.186

20.81.47.186 has a threat confidence score of 81%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 149 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SMTP, FTP, DOCKER and 6 other protocols. First observed on January 21, 2026, most recently active March 23, 2026.

$ sikker behaviors 20.81.47.186catalog →

infoHttp Root Path Request10x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.81.47.186

http_method_get11 elastic_http_get_request8 mongodb_buildinfo6 smtp_ehlo_greeting6 elastic_http_bad_request_path_probe5 docker_get_method4 https_path_root2 elastic_root_path_probe2 ftp_auth_ssl1 ftp_auth_tls1 http_path_bad_request1

$ sikker reports 20.81.47.186submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 4, 2026, 02:40	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 20.81.47.186

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	2,574
20.199.43.112	77%	61
20.151.57.194	64%	45
135.237.127.54	45%	462
20.84.144.154	71%	177

IP Address	Confidence	Events
92.118.39.62	100%	375,627
66.132.172.45	94%	74
24.144.110.209	91%	102
172.105.128.12	92%	1,851
45.61.184.223	98%	2,525