Check an IP Address, Domain Name, Subnet, or ASN

157.20.215.3 was found in our database!

$ whois 157.20.215.3

country·🇮🇳 India

isp·Micro Hosting Private Limited

asn·AS134926

network·Standard

$ sikker risk 157.20.215.3scoring →

confidence

54%Medium

first_seen·Feb 2, 2026

last_seen·20d ago

sessions·4

events·9

$ sikker protocols 157.20.215.3

DOCKER

1 / 6

SSH

3 / 3

$ sikker summary 157.20.215.3

157.20.215.3 has a threat confidence score of 54%. This IP address from India (AS134926, Micro Hosting Private Limited) has been observed in 4 honeypot sessions targeting DOCKER, SSH protocols. Detected attack patterns include docker remote exec via api. First observed on February 2, 2026, most recently active March 1, 2026.

$ sikker behaviors 157.20.215.3catalog →

highDocker Remote Exec Via Api1x

Unauthenticated or externally triggered interaction with the Docker Engine HTTP API resulting in container enumeration (GET /containers/json) followed by multiple POST /containers/{id}/exec and /exec/{id}/start calls. This pattern strongly indicates remote command execution inside running containers through the Docker daemon. In honeypot telemetry this is typically associated with attackers abusing exposed Docker sockets (2375/2376) to gain execution, deploy payloads, or stage further compromise.

$ sikker primitives 157.20.215.3

docker_post_method3 docker_container_exec_path2 docker_get_method1 docker_exec_start_endpoint1 docker_list_containers_endpoint1

$ sikker related 157.20.215.3

🇮🇳·More threats fromIndia→AS·More threats fromMicro Hosting Private Limited→DOCK·More threats targetingDOCKER→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
157.20.214.172	82%	94
150.241.245.231	70%	24
134.195.138.114	51%	4
103.127.30.46	60%	8
157.20.214.175	44%	4

IP Address	Confidence	Events
52.66.69.41	96%	1,448
122.187.118.18	27%	89
59.177.111.199	100%	15
117.255.208.114	58%	1
103.40.61.98	100%	2,380