Check an IP Address, Domain Name, Subnet, or ASN

20.80.88.247 was found in our database!

$ whois 20.80.88.247

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.80.88.247scoring →

confidence

85%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·28d ago

sessions·111

events·146

reports·1

$ sikker protocols 20.80.88.247

HTTPS

37 / 47

HTTP

13 / 19

SMTP

4 / 12 / 1r

SMB

7 / 8

SSH

6 / 8

SIP

3 / 7

POSTGRES

5 / 7

IMAP

6 / 6

MSSQL

6 / 6

DOCKER

5 / 5

MONGODB

3 / 5

RDP

4 / 4

ELASTICSEARCH

4 / 4

FTP

2 / 2

RTSP

2 / 2

REDIS

2 / 2

TELNET

2 / 2

$ sikker summary 20.80.88.247

20.80.88.247 has a threat confidence score of 85%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 111 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SMTP, SMB, SSH and 12 other protocols. First observed on January 22, 2026, most recently active April 6, 2026.

$ sikker behaviors 20.80.88.247catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

lowHttps Path Developmentserver Metadatauploader Probe1x

HTTPS request to /developmentserver/metadatauploader.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.80.88.247

http_method_get6 smtp_ehlo_greeting6 elastic_http_get_request6 docker_get_method5 elastic_http_bad_request_path_probe3 elastic_root_path_probe2 ftp_auth_tls1 rtsp_options1 http_path_bad_request1 sip_call_id_token_at_ip1 redis_mglndd_client_identifier_tag1 https_path_developmentserver_metadatauploader1

$ sikker reports 20.80.88.247submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 8, 2026, 13:12	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 20.80.88.247

Report IP WHOIS Lookup →

IP Address	Confidence	Events
135.237.125.106	59%	52
135.237.124.83	67%	57
40.76.124.110	63%	52
20.42.115.228	68%	59
207.46.224.89	99%	77

IP Address	Confidence	Events
8.43.116.131	86%	2,791
92.118.39.92	100%	110,596
87.251.64.141	81%	1,254
135.237.124.83	67%	57
66.132.195.109	99%	424