Check an IP Address, Domain Name, Subnet, or ASN

20.65.195.33 was found in our database!

$ whois 20.65.195.33

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.65.195.33scoring →

confidence

80%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·5d ago

sessions·130

events·190

reports·1

$ sikker protocols 20.65.195.33

HTTPS

54 / 77

HTTP

18 / 27

FTP

6 / 17

SMTP

8 / 16

IMAP

8 / 12

SMB

6 / 8

DOCKER

4 / 6 / 1r

POSTGRES

6 / 6

SSH

4 / 5

ELASTICSEARCH

5 / 5

RDP

4 / 4

TELNET

3 / 3

MSSQL

2 / 2

MONGODB

2 / 2

$ sikker summary 20.65.195.33

20.65.195.33 has a threat confidence score of 80%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 130 honeypot sessions and reported 1 times targeting HTTPS, HTTP, FTP, SMTP, IMAP and 9 other protocols. First observed on January 21, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.65.195.33catalog →

infoHttp Root Path Request9x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.65.195.33

http_method_get10 elastic_http_get_request8 elastic_http_bad_request_path_probe5 docker_get_method4 elastic_root_path_probe3 https_path_root2 ftp_auth_ssl1 ftp_auth_tls1 smtp_ehlo_greeting1 http_path_bad_request1 docker_bad_request_uri1

$ sikker reports 20.65.195.33submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 04:26	Brute Force	DOCKER	SikkerGuard: 2 blocked packets

$ sikker related 20.65.195.33

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	1,017
172.215.144.32	71%	114
135.237.126.122	50%	45
20.65.193.243	80%	193
20.106.57.131	43%	92

IP Address	Confidence	Events
97.74.90.88	96%	2,370
38.54.50.81	96%	1,752
96.0.160.144	87%	19,699
181.215.65.49	85%	1,961
170.106.167.247	95%	1,105