Check an IP Address, Domain Name, Subnet, or ASN

20.65.193.148 was found in our database!

$ whois 20.65.193.148

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.65.193.148scoring →

confidence

87%Very High

first_seen·Jan 28, 2026

last_seen·30m ago

first_reported·Mar 11, 2026

last_reported·11d ago

sessions·142

events·170

reports·1

$ sikker protocols 20.65.193.148

HTTPS

48 / 60

SMTP

12 / 15

FTP

10 / 10

SMB

10 / 10

DOCKER

6 / 10

TELNET

8 / 10

ELASTICSEARCH

10 / 10

HTTP

5 / 9

SSH

6 / 8

IMAP

6 / 6

MSSQL

6 / 6

POSTGRES

5 / 6

MONGODB

5 / 5

REDIS

3 / 3

RDP

2 / 2

MYSQL

0 / 0 / 1r

$ sikker summary 20.65.193.148

20.65.193.148 has a threat confidence score of 87%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 142 honeypot sessions and reported 1 times targeting HTTPS, SMTP, FTP, SMB, DOCKER and 11 other protocols. First observed on January 28, 2026, most recently active March 22, 2026.

$ sikker behaviors 20.65.193.148catalog →

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade5x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe2x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 20.65.193.148

elastic_http_get_request12 https_path_root6 docker_get_method6 elastic_http_bad_request_path_probe6 ftp_auth_tls5 http_method_get5 smtp_ehlo_greeting3 docker_bad_request_uri2 redis_info_lowercase1 http_path_bad_request1 elastic_root_path_probe1 redis_mglndd_client_identifier_tag1

$ sikker reports 20.65.193.148submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 11, 2026, 04:54	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 20.65.193.148

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.235.199.122	98%	100
20.102.112.104	82%	1,706
20.46.235.137	70%	128
20.118.217.162	67%	100
20.65.193.170	82%	164

IP Address	Confidence	Events
92.118.39.87	100%	252,004
172.81.128.48	97%	686
68.68.101.178	93%	6,315
92.118.39.63	100%	51,046
181.215.65.49	85%	2,982