Check an IP Address, Domain Name, Subnet, or ASN

20.118.241.35 was found in our database!

$ whois 20.118.241.35

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.118.241.35scoring →

confidence

54%Medium

first_seen·Mar 14, 2026

last_seen·1h ago

sessions·35

events·35

$ sikker protocols 20.118.241.35

HTTPS

10 / 10

RDP

8 / 8

SSH

4 / 4

DOCKER

3 / 3

FTP

2 / 2

SMTP

2 / 2

REDIS

2 / 2

TELNET

2 / 2

ELASTICSEARCH

2 / 2

$ sikker summary 20.118.241.35

20.118.241.35 has a threat confidence score of 54%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 35 honeypot sessions targeting HTTPS, RDP, SSH, DOCKER, FTP and 4 other protocols. First observed on March 14, 2026, most recently active April 3, 2026.

$ sikker behaviors 20.118.241.35catalog →

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.118.241.35

docker_get_method3 https_path_root2 docker_bad_request_uri2 elastic_http_get_request2 redis_mglndd_client_identifier_tag1 elastic_http_bad_request_path_probe1

$ sikker related 20.118.241.35

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→FTP·More threats targetingFTP→SMTP·More threats targetingSMTP→REDI·More threats targetingREDIS→TELN·More threats targetingTELNET→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.202.118.45	70%	171
207.46.224.85	98%	2,741
20.203.42.204	100%	3,304
20.102.115.137	75%	140
172.190.142.151	100%	273

IP Address	Confidence	Events
92.118.39.87	100%	263,577
92.118.39.62	100%	387,238
35.165.123.240	63%	1,748
45.61.184.223	99%	44,888
54.218.81.185	78%	2,091