Check an IP Address, Domain Name, Subnet, or ASN

20.15.163.139 was found in our database!

$ whois 20.15.163.139

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.15.163.139scoring →

confidence

66%High

first_seen·Jan 24, 2026

last_seen·1h ago

sessions·87

events·131

$ sikker protocols 20.15.163.139

HTTPS

29 / 44

SSH

15 / 16

HTTP

7 / 15

SMTP

6 / 10

IMAP

6 / 8

FTP

2 / 7

TELNET

4 / 6

MONGODB

4 / 6

SIP

3 / 3

SMB

2 / 3

MSSQL

3 / 3

REDIS

1 / 3

DOCKER

1 / 3

RDP

2 / 2

ELASTICSEARCH

2 / 2

$ sikker summary 20.15.163.139

20.15.163.139 has a threat confidence score of 66%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 87 honeypot sessions targeting HTTPS, SSH, HTTP, SMTP, IMAP and 10 other protocols. First observed on January 24, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.15.163.139catalog →

lowRedis Info Reconnaissance1x

The client authenticated to a Redis service and executed the INFO command (info / redis_info_lowercase) without attempting configuration changes, data access, or command execution. The INFO command retrieves server metadata including version, role (master/replica), connected clients, memory usage, persistence settings, and replication status. This behavior is consistent with automated reconnaissance activity where a bot validates exposure, fingerprints the Redis instance, and determines whether it is a viable target for follow-up exploitation (e.g., replication abuse, module loading, or persistence manipulation). No destructive or modification activity was observed in this session.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.15.163.139

http_method_get4 https_path_root3 smtp_ehlo_greeting3 elastic_http_get_request3 elastic_http_bad_request_path_probe2 ftp_auth_ssl1 ftp_auth_tls1 redis_info_lowercase1 elastic_root_path_probe1

$ sikker related 20.15.163.139

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.173.116.24	100%	808
20.102.112.104	82%	1,034
20.14.89.71	75%	128
20.175.203.24	98%	56
40.124.174.148	72%	186

IP Address	Confidence	Events
172.236.228.197	90%	1,733
144.172.105.60	98%	37,888
97.74.90.88	96%	2,418
71.6.135.131	100%	2,883
45.205.1.8	95%	5,305