Check an IP Address, Domain Name, Subnet, or ASN

20.65.194.180 was found in our database!

$ whois 20.65.194.180

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.65.194.180scoring →

confidence

74%High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Mar 9, 2026

last_reported·11d ago

sessions·96

events·111

reports·1

$ sikker protocols 20.65.194.180

HTTPS

33 / 42

SMTP

10 / 11

HTTP

7 / 10

SSH

6 / 8 / 1r

POSTGRES

7 / 7

ELASTICSEARCH

7 / 7

FTP

6 / 6

TELNET

6 / 6

SMB

4 / 4

IMAP

4 / 4

RDP

2 / 2

MSSQL

2 / 2

REDIS

1 / 1

DOCKER

1 / 1

$ sikker summary 20.65.194.180

20.65.194.180 has a threat confidence score of 74%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 96 honeypot sessions and reported 1 times targeting HTTPS, SMTP, HTTP, SSH, POSTGRES and 9 other protocols. First observed on January 24, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.65.194.180catalog →

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 20.65.194.180

elastic_http_get_request9 elastic_http_bad_request_path_probe7 https_path_root3 http_method_get2 docker_get_method1 redis_info_lowercase1 elastic_root_path_probe1

$ sikker reports 20.65.194.180submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 9, 2026, 21:34	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 20.65.194.180

Report IP WHOIS Lookup →

IP Address	Confidence	Events
13.89.125.252	73%	148
4.236.164.162	95%	10
20.109.38.225	99%	382
40.76.181.212	96%	12
20.168.7.10	51%	59

IP Address	Confidence	Events
92.118.39.63	100%	48,619
216.180.246.43	85%	186
209.222.101.54	100%	52,498
23.95.86.214	88%	154
16.58.56.214	100%	31,376