Check an IP Address, Domain Name, Subnet, or ASN

20.127.244.67 was found in our database!

$ whois 20.127.244.67

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.127.244.67scoring →

confidence

85%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·9d ago

sessions·160

events·229

reports·1

$ sikker protocols 20.127.244.67

HTTPS

56 / 85

HTTP

12 / 21 / 1r

FTP

8 / 19

SIP

17 / 19

SMTP

10 / 18

IMAP

12 / 16

SSH

10 / 14

MONGODB

9 / 11

POSTGRES

8 / 8

RDP

6 / 6

ELASTICSEARCH

3 / 3

SMB

2 / 2

MSSQL

2 / 2

DOCKER

2 / 2

TELNET

2 / 2

REDIS

1 / 1

$ sikker summary 20.127.244.67

20.127.244.67 has a threat confidence score of 85%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 160 honeypot sessions and reported 1 times targeting HTTPS, HTTP, FTP, SIP, SMTP and 11 other protocols. First observed on January 21, 2026, most recently active March 25, 2026.

$ sikker behaviors 20.127.244.67catalog →

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.127.244.67

smtp_ehlo_greeting7 http_method_get4 https_path_root4 elastic_http_get_request4 elastic_http_bad_request_path_probe3 ftp_auth_tls2 docker_get_method2 http_path_bad_request2 docker_bad_request_uri2 ftp_auth_ssl1 redis_info_lowercase1 sip_call_id_token_at_ip1

$ sikker reports 20.127.244.67submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 07:13	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 20.127.244.67

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.206.243.183	72%	474
40.124.173.157	74%	121
134.33.73.107	48%	35
20.40.208.55	63%	154
137.135.124.92	95%	1,178

IP Address	Confidence	Events
216.126.237.101	99%	2,869
185.218.138.17	97%	6,246
66.132.172.39	90%	133
134.33.73.107	48%	35
198.235.24.220	97%	380