Check an IP Address, Domain Name, Subnet, or ASN

52.180.159.71 was found in our database!

$ whois 52.180.159.71

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 52.180.159.71scoring →

confidence

74%High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 17, 2026

last_reported·1d ago

sessions·58

events·79

reports·2

$ sikker protocols 52.180.159.71

HTTPS

31 / 36

MONGODB

6 / 12 / 1r

DOCKER

4 / 10 / 1r

HTTP

4 / 6

TELNET

4 / 6

FTP

4 / 4

SMTP

4 / 4

POSTGRES

1 / 1

$ sikker summary 52.180.159.71

52.180.159.71 has a threat confidence score of 74%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 58 honeypot sessions and reported 2 times targeting HTTPS, MONGODB, DOCKER, HTTP, TELNET and 3 other protocols. First observed on January 23, 2026, most recently active March 23, 2026.

$ sikker behaviors 52.180.159.71catalog →

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 52.180.159.71

mongodb_buildinfo6 http_method_get3 docker_get_method3 https_path_root2 docker_bad_request_uri2 smtp_ehlo_greeting1

$ sikker reports 52.180.159.71submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 15:42	Brute Force	MONGODB	SikkerGuard: 2 blocked packets
User	Mar 17, 2026, 16:33	Brute Force	DOCKER	SikkerGuard: 2 blocked packets

$ sikker related 52.180.159.71

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→FTP·More threats targetingFTP→SMTP·More threats targetingSMTP→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.65.193.35	54%	137
20.64.105.19	81%	134
172.202.118.31	64%	129
20.40.218.140	74%	99
20.219.16.35	95%	825

IP Address	Confidence	Events
18.218.118.203	100%	32,779
45.205.1.8	95%	7,189
3.129.187.38	100%	31,148
203.55.131.4	100%	958
92.118.39.62	100%	374,515