Check an IP Address, Domain Name, Subnet, or ASN

20.163.15.107 was found in our database!

$ whois 20.163.15.107

country·🇺🇸 United States

city·Phoenix

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.163.15.107scoring →

confidence

82%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 18, 2026

last_reported·Mar 18, 2026

sessions·156

events·187

reports·1

$ sikker protocols 20.163.15.107

HTTPS

52 / 60

IMAP

16 / 25

SMTP

20 / 24

SSH

8 / 12

HTTP

6 / 10

SMB

9 / 9

ELASTICSEARCH

9 / 9

RDP

8 / 8

REDIS

8 / 8

POSTGRES

5 / 5

DOCKER

4 / 4

MONGODB

2 / 4

SIP

3 / 3

FTP

2 / 2

MSSQL

2 / 2

TELNET

2 / 2

MYSQL

0 / 0 / 1r

$ sikker summary 20.163.15.107

20.163.15.107 has a threat confidence score of 82%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 156 honeypot sessions and reported 1 times targeting HTTPS, IMAP, SMTP, SSH, HTTP and 12 other protocols. First observed on January 20, 2026, most recently active April 20, 2026.

$ sikker behaviors 20.163.15.107catalog →

lowHttps Path Developmentserver Metadatauploader Probe1x

HTTPS request to /developmentserver/metadatauploader.

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get2x

HTTP request using GET method.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.163.15.107

elastic_http_get_request13 elastic_http_bad_request_path_probe8 http_method_get5 docker_get_method5 smtp_ehlo_greeting4 redis_info_lowercase4 elastic_root_path_probe3 docker_bad_request_uri2 redis_mglndd_client_identifier_tag2 https_path_developmentserver_metadatauploader1

$ sikker reports 20.163.15.107submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 03:05	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

$ sikker related 20.163.15.107

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.24.137.18	100%	177
20.169.106.110	48%	46
20.168.120.211	59%	58
20.169.107.190	65%	39
52.188.231.41	63%	60

IP Address	Confidence	Events
66.132.172.184	100%	684
38.146.219.190	77%	3,321
45.56.105.58	46%	4
54.245.212.234	39%	2
144.172.95.158	100%	7,268