Check an IP Address, Domain Name, Subnet, or ASN

20.29.47.111 was found in our database!

$ whois 20.29.47.111

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.29.47.111scoring →

confidence

76%High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Mar 13, 2026

last_reported·17d ago

sessions·124

events·139

reports·1

$ sikker protocols 20.29.47.111

HTTPS

50 / 56

IMAP

16 / 16

SMB

8 / 8 / 1r

SMTP

8 / 8

REDIS

5 / 8

HTTP

4 / 6

POSTGRES

6 / 6

ELASTICSEARCH

5 / 5

SSH

4 / 4

MSSQL

4 / 4

WINRM

2 / 4

TELNET

2 / 4

SIP

3 / 3

DOCKER

3 / 3

RDP

2 / 2

MONGODB

2 / 2

$ sikker summary 20.29.47.111

20.29.47.111 has a threat confidence score of 76%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 124 honeypot sessions and reported 1 times targeting HTTPS, IMAP, SMB, SMTP, REDIS and 11 other protocols. First observed on January 22, 2026, most recently active March 30, 2026.

$ sikker behaviors 20.29.47.111catalog →

lowRedis Mglndd Campaign Activity1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 20.29.47.111

elastic_http_get_request6 https_path_root3 docker_get_method3 smtp_ehlo_greeting2 elastic_http_bad_request_path_probe2 http_method_get1 redis_info_lowercase1 elastic_root_path_probe1 redis_mglndd_client_identifier_tag1

$ sikker reports 20.29.47.111submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 07:20	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 20.29.47.111

Report IP WHOIS Lookup →

IP Address	Confidence	Events
13.81.183.30	100%	1,101
20.65.193.105	80%	191
20.118.24.61	86%	140
20.46.226.81	76%	133
172.202.118.41	68%	147

IP Address	Confidence	Events
144.202.82.88	77%	16,663
157.254.223.78	95%	1,336
20.64.105.9	84%	190
54.218.81.185	74%	624
204.48.18.49	98%	2,995