Check an IP Address, Domain Name, Subnet, or ASN

20.118.32.47 was found in our database!

$ whois 20.118.32.47

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.118.32.47scoring →

confidence

77%High

first_seen·Jan 21, 2026

last_seen·57m ago

first_reported·Mar 11, 2026

last_reported·12d ago

sessions·122

events·179

reports·1

$ sikker protocols 20.118.32.47

HTTPS

46 / 62

SMTP

12 / 20

FTP

6 / 19 / 1r

IMAP

14 / 18

SSH

8 / 11

MSSQL

8 / 8

HTTP

3 / 7

REDIS

4 / 6

MONGODB

4 / 6

ELASTICSEARCH

6 / 6

SMB

4 / 5

DOCKER

2 / 4

TELNET

2 / 4

RDP

2 / 2

POSTGRES

1 / 1

$ sikker summary 20.118.32.47

20.118.32.47 has a threat confidence score of 77%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 122 honeypot sessions and reported 1 times targeting HTTPS, SMTP, FTP, IMAP, SSH and 10 other protocols. First observed on January 21, 2026, most recently active March 23, 2026.

$ sikker behaviors 20.118.32.47catalog →

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.118.32.47

smtp_ehlo_greeting9 elastic_http_get_request8 elastic_http_bad_request_path_probe6 ftp_auth_ssl2 ftp_auth_tls2 http_method_get2 docker_get_method2 redis_info_lowercase2 https_path_root1 elastic_root_path_probe1

$ sikker reports 20.118.32.47submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 11, 2026, 08:24	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 20.118.32.47

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	2,440
13.94.117.127	76%	201
20.15.160.31	68%	123
20.38.32.246	71%	152
48.210.66.163	52%	12

IP Address	Confidence	Events
16.58.56.214	100%	33,174
20.38.32.246	70%	143
3.130.168.2	100%	26,525
185.238.231.153	75%	154
18.234.210.139	50%	17