Check an IP Address, Domain Name, Subnet, or ASN

20.163.14.22 was found in our database!

Confidence Level

73%

High?

Geolocation

🇺🇸

United StatesPhoenix

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 25, 2026, 12:22 PM

Last seen1h ago

142Sessions

196Events

Protocol Breakdown

HTTPS

62 / 86

SMTP

13 / 21

SSH

12 / 14

FTP

8 / 13

ELASTICSEARCH

10 / 12

HTTP

8 / 10

SMB

8 / 9

DOCKER

4 / 8

MONGODB

4 / 8

POSTGRES

5 / 5

IMAP

4 / 4

TELNET

2 / 4

MSSQL

2 / 2

20.163.14.22 has a high threat confidence level of 73%, originating from Phoenix, United States, on the Microsoft Corporation network (8075). It has been observed across 142 sessions targeting HTTPS, SMTP, SSH, FTP, ELASTICSEARCH and 8 other protocols, First observed on January 25, 2026, most recently active March 11, 2026.

Behaviors

Classified behavioral patterns observed

Http Root Path Request

info4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Ftp Tls Upgrade

info2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Docker Invalid Protocol Probe

info1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

Primitives

Individual actions observed

Elastic Http Get Request11 Smtp Ehlo Greeting5 Http Method Get4 Elastic Http Bad Request Path Probe4 Ftp Auth Tls3 Docker Get Method3 Https Path Root2 Ftp Auth Ssl1 Docker Bad Request Uri1 Elastic Root Path Probe1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
20.65.195.17	75%	146
40.119.29.137	79%	107
20.163.10.187	79%	204
20.64.105.206	64%	134
57.151.98.114	57%	126

IP Address	Confidence	Events
130.12.180.19	91%	26,415
15.204.144.239	99%	24,303
198.235.24.41	95%	217
130.12.180.74	91%	25,930
130.12.180.92	91%	25,112