Check an IP Address, Domain Name, Subnet, or ASN

20.15.164.68 was found in our database!

$ whois 20.15.164.68

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.15.164.68scoring →

confidence

78%High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·15d ago

sessions·145

events·194

reports·1

$ sikker protocols 20.15.164.68

HTTPS

70 / 91

SMTP

16 / 30

HTTP

14 / 20

SSH

8 / 11

IMAP

6 / 8

TELNET

6 / 8

ELASTICSEARCH

6 / 6

FTP

4 / 4

POSTGRES

4 / 4

SMB

2 / 3 / 1r

MSSQL

3 / 3

REDIS

2 / 2

DOCKER

2 / 2

SIP

1 / 1

MONGODB

1 / 1

$ sikker summary 20.15.164.68

20.15.164.68 has a threat confidence score of 78%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 145 honeypot sessions and reported 1 times targeting HTTPS, SMTP, HTTP, SSH, IMAP and 10 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 20.15.164.68catalog →

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.15.164.68

http_method_get9 smtp_ehlo_greeting9 elastic_http_get_request7 elastic_http_bad_request_path_probe5 docker_get_method2 http_path_bad_request2 https_path_root1 docker_bad_request_uri1 redis_mglndd_client_identifier_tag1

$ sikker reports 20.15.164.68submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 8, 2026, 24:42	Brute Force	SMB	SikkerGuard: 2 blocked packets

$ sikker related 20.15.164.68

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	2,013
20.163.76.6	72%	140
52.172.244.12	99%	97
20.64.104.177	76%	202
20.65.194.46	72%	127

IP Address	Confidence	Events
92.118.39.63	100%	51,912
185.150.189.115	100%	19,450
136.109.125.170	81%	434
154.16.112.232	100%	340,066
185.238.231.121	80%	4,573