Check an IP Address, Domain Name, Subnet, or ASN

20.65.193.170 was found in our database!

$ whois 20.65.193.170

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.65.193.170scoring →

confidence

82%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·3d ago

sessions·125

events·164

reports·2

$ sikker protocols 20.65.193.170

HTTPS

39 / 50 / 1r

SSH

24 / 33

HTTP

11 / 20

SMTP

12 / 12

POSTGRES

8 / 9

TELNET

4 / 8

DOCKER

5 / 7

ELASTICSEARCH

4 / 6

SIP

4 / 4

IMAP

4 / 4

SMB

2 / 3

MSSQL

3 / 3

FTP

2 / 2 / 1r

RTSP

1 / 1

REDIS

1 / 1

MONGODB

1 / 1

$ sikker summary 20.65.193.170

20.65.193.170 has a threat confidence score of 82%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 125 honeypot sessions and reported 2 times targeting HTTPS, SSH, HTTP, SMTP, POSTGRES and 11 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 20.65.193.170catalog →

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.65.193.170

http_method_get6 elastic_http_get_request5 docker_get_method4 elastic_http_bad_request_path_probe3 smtp_ehlo_greeting2 http_path_bad_request2 ftp_auth_tls1 https_path_root1 redis_info_lowercase1

$ sikker reports 20.65.193.170submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 13:35	Brute Force	FTP	SikkerGuard: 2 blocked packets
User	Mar 16, 2026, 05:16	Brute Force	HTTPS	SikkerGuard: 2 blocked packets

$ sikker related 20.65.193.170

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	1,741
20.169.104.65	68%	182
172.203.234.251	45%	458
172.208.24.217	100%	1,373
20.64.104.164	85%	176

IP Address	Confidence	Events
155.117.232.53	100%	1,366
45.131.194.49	84%	1,188
3.129.187.38	100%	30,490
92.118.39.63	100%	51,250
64.62.156.222	100%	1,689