20.65.193.159 — Microsoft Corporation, US — High (73%)

Check an IP Address, Domain Name, Subnet, or ASN

20.65.193.159 was found in our database!

Confidence Level

73%

High?

Geolocation

🇺🇸

United StatesSan Antonio

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 22, 2026, 03:01 PM

Last seen1h ago

108Sessions

163Events

Protocol Breakdown

HTTPS

58 / 87

HTTP

9 / 17

IMAP

8 / 12

SSH

10 / 11

SMTP

6 / 10

FTP

2 / 7

MONGODB

4 / 6

POSTGRES

4 / 4

SMB

2 / 3

RTSP

1 / 2

SIP

1 / 1

MSSQL

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

20.65.193.159 has a high threat confidence level of 73%, originating from San Antonio, United States, on the Microsoft Corporation network (8075). It has been observed across 108 sessions targeting HTTPS, HTTP, IMAP, SSH, SMTP and 9 other protocols, First observed on January 22, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Https Root Path Request

info4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Smtp Ehlo Greeting5 Https Path Root4 Rtsp Options3 Http Method Get3 Mongodb Buildinfo3 Ftp Auth Ssl1 Ftp Auth Tls1 Docker Get Method1 Http Path Bad Request1 Elastic Http Get Request1 Elastic Http Bad Request Path Probe1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
20.168.109.236	64%	144
52.188.227.37	57%	127
172.172.170.199	100%	106
172.200.228.35	100%	779
20.169.85.114	47%	424

IP Address	Confidence	Events
209.74.71.46	99%	77
173.239.218.88	87%	504
162.142.125.115	30%	2,527
92.118.39.87	100%	234,131
143.244.190.213	100%	395