Check an IP Address, Domain Name, Subnet, or ASN

20.124.87.15 was found in our database!

$ whois 20.124.87.15

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.124.87.15scoring →

confidence

77%High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·141

events·192

$ sikker protocols 20.124.87.15

HTTPS

57 / 80

HTTP

23 / 41

SMTP

8 / 11

SSH

10 / 10

IMAP

6 / 8

DOCKER

4 / 8

POSTGRES

8 / 8

MONGODB

6 / 6

MSSQL

5 / 5

ELASTICSEARCH

5 / 5

FTP

4 / 4

RDP

2 / 2

REDIS

1 / 2

TELNET

2 / 2

$ sikker summary 20.124.87.15

20.124.87.15 has a threat confidence score of 77%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 141 honeypot sessions targeting HTTPS, HTTP, SMTP, SSH, IMAP and 9 other protocols. First observed on January 21, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.124.87.15catalog →

lowRedis Info Reconnaissance1x

The client authenticated to a Redis service and executed the INFO command (info / redis_info_lowercase) without attempting configuration changes, data access, or command execution. The INFO command retrieves server metadata including version, role (master/replica), connected clients, memory usage, persistence settings, and replication status. This behavior is consistent with automated reconnaissance activity where a bot validates exposure, fingerprints the Redis instance, and determines whether it is a viable target for follow-up exploitation (e.g., replication abuse, module loading, or persistence manipulation). No destructive or modification activity was observed in this session.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.124.87.15

http_method_get11 elastic_http_get_request7 elastic_http_bad_request_path_probe5 docker_get_method3 http_path_bad_request3 ftp_auth_tls1 https_path_root1 smtp_ehlo_greeting1 redis_info_lowercase1

$ sikker related 20.124.87.15

Report IP WHOIS Lookup →

IP Address	Confidence	Events
40.119.24.130	43%	404
172.190.89.127	100%	843
172.191.132.202	100%	170
20.175.203.24	99%	78
20.116.34.103	99%	73

IP Address	Confidence	Events
16.58.56.214	100%	32,143
67.223.121.152	30%	2
96.0.160.144	87%	20,478
92.118.39.72	100%	116,872
18.218.118.203	100%	31,638