Check an IP Address, Domain Name, Subnet, or ASN

20.98.152.158 was found in our database!

$ whois 20.98.152.158

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.98.152.158scoring →

confidence

72%High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 18, 2026

last_reported·8d ago

sessions·76

events·130

reports·1

$ sikker protocols 20.98.152.158

HTTPS

18 / 26

SMTP

8 / 23

HTTP

8 / 19

IMAP

12 / 14

SSH

6 / 10

TELNET

4 / 6 / 1r

FTP

2 / 5

WINRM

2 / 5

DOCKER

2 / 4

MONGODB

2 / 4

POSTGRES

4 / 4

SIP

1 / 3

RDP

2 / 2

SMB

2 / 2

ELASTICSEARCH

2 / 2

MSSQL

1 / 1

$ sikker summary 20.98.152.158

20.98.152.158 has a threat confidence score of 72%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 76 honeypot sessions and reported 1 times targeting HTTPS, SMTP, HTTP, IMAP, SSH and 11 other protocols. First observed on January 21, 2026, most recently active March 26, 2026.

$ sikker behaviors 20.98.152.158catalog →

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 20.98.152.158

smtp_ehlo_greeting6 http_method_get3 docker_get_method2 elastic_http_get_request2 elastic_http_bad_request_path_probe2 https_path_root1 http_path_bad_request1

$ sikker reports 20.98.152.158submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 14:42	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 20.98.152.158

Report IP WHOIS Lookup →

IP Address	Confidence	Events
158.23.49.180	95%	855
20.24.100.112	99%	85
20.29.29.56	100%	174
20.203.42.204	100%	2,590
20.29.57.104	71%	145

IP Address	Confidence	Events
23.227.173.100	100%	1,206
192.210.186.10	100%	641
66.132.172.34	93%	109
92.118.39.56	100%	117,922
205.251.116.71	95%	1,108