20.65.195.113 — Microsoft Corporation, US — High (77%)

Check an IP Address, Domain Name, Subnet, or ASN

20.65.195.113 was found in our database!

Confidence Level

77%

High?

Geolocation

🇺🇸

United StatesSan Antonio

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 21, 2026, 01:44 PM

Last seen1d ago

First reportedFeb 25, 2026, 10:55 PM

Last reported7d ago

95Sessions

161Events

1Reports

Protocol Breakdown

HTTPS

45 / 84

HTTP

9 / 21

FTP

6 / 14

SMTP

6 / 11

SMB

8 / 10

TELNET

6 / 6

ELASTICSEARCH

5 / 5

REDIS

3 / 3

SSH

2 / 2

IMAP

2 / 2

POSTGRES

2 / 2

DOCKER

1 / 1

20.65.195.113 has a high threat confidence level of 77%, originating from San Antonio, United States, on the Microsoft Corporation network (8075). It has been observed across 95 sessions targeting HTTPS, HTTP, FTP, SMTP, SMB and 7 other protocols, First observed on January 21, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Https Root Path Request

info3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Elastic Http Get Request6 Https Path Root3 Elastic Http Bad Request Path Probe3 Ftp Auth Ssl2 Ftp Auth Tls2 Http Method Get2 Docker Get Method1 Redis Info Lowercase1 Http Path Bad Request1 Redis Mglndd Client Identifier Tag1

User Reports

1 report from 1 contributor

Date	Category	Protocol	Comment
Feb 25, 2026	Brute Force	SMB	SikkerGuard: 2 blocked packets

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMicrosoft Corporation HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP FTPMore threats targetingFTP SMTPMore threats targetingSMTP SMBMore threats targetingSMB TELNETMore threats targetingTELNET ELASTICSEARCHMore threats targetingELASTICSEARCH REDISMore threats targetingREDIS SSHMore threats targetingSSH IMAPMore threats targetingIMAP POSTGRESMore threats targetingPOSTGRES DOCKERMore threats targetingDOCKER { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
20.163.13.196	67%	35
20.102.115.195	50%	32
20.97.204.28	98%	58
20.215.130.165	56%	1
52.188.224.110	67%	51

IP Address	Confidence	Events
18.220.192.102	72%	110
66.132.153.136	99%	1,632
198.235.24.54	91%	176
91.230.168.187	59%	62
172.236.127.133	82%	481