Check an IP Address, Domain Name, Subnet, or ASN

20.65.195.35 was found in our database!

$ whois 20.65.195.35

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.65.195.35scoring →

confidence

76%High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·8d ago

sessions·98

events·132

reports·1

$ sikker protocols 20.65.195.35

HTTPS

37 / 51

FTP

6 / 14 / 1r

HTTP

7 / 11

SMTP

10 / 11

TELNET

6 / 8

ELASTICSEARCH

7 / 7

SSH

4 / 6

IMAP

4 / 6

SMB

4 / 5

MSSQL

5 / 5

POSTGRES

4 / 4

RDP

2 / 2

DOCKER

2 / 2

$ sikker summary 20.65.195.35

20.65.195.35 has a threat confidence score of 76%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 98 honeypot sessions and reported 1 times targeting HTTPS, FTP, HTTP, SMTP, TELNET and 8 other protocols. First observed on January 24, 2026, most recently active March 25, 2026.

$ sikker behaviors 20.65.195.35catalog →

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.65.195.35

elastic_http_get_request9 https_path_root4 elastic_http_bad_request_path_probe4 http_method_get3 docker_get_method2 elastic_root_path_probe2 ftp_auth_ssl1 ftp_auth_tls1 smtp_ehlo_greeting1 docker_bad_request_uri1

$ sikker reports 20.65.195.35submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 22:37	Brute Force	FTP	SikkerGuard: 2 blocked packets

$ sikker related 20.65.195.35

Report IP WHOIS Lookup →

IP Address	Confidence	Events
40.124.173.251	77%	218
20.65.193.55	77%	203
158.23.49.180	95%	794
20.168.122.6	80%	152
135.237.126.90	60%	44

IP Address	Confidence	Events
66.132.195.107	87%	68
3.131.220.121	100%	17,712
45.61.184.223	99%	10,613
66.132.195.32	87%	58
147.185.132.52	98%	264