Check an IP Address, Domain Name, Subnet, or ASN

20.64.104.31 was found in our database!

$ whois 20.64.104.31

country·🇺🇸 United States

city·San Antonio

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.64.104.31scoring →

confidence

78%High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·5d ago

sessions·124

events·153

reports·1

$ sikker protocols 20.64.104.31

HTTPS

43 / 55

SSH

8 / 12

SMTP

10 / 12

MONGODB

9 / 11

HTTP

7 / 9 / 1r

FTP

8 / 8

SIP

6 / 8

SMB

6 / 7

IMAP

4 / 6

POSTGRES

6 / 6

ELASTICSEARCH

6 / 6

DOCKER

2 / 4

TELNET

4 / 4

MSSQL

3 / 3

RDP

2 / 2

$ sikker summary 20.64.104.31

20.64.104.31 has a threat confidence score of 78%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 124 honeypot sessions and reported 1 times targeting HTTPS, SSH, SMTP, MONGODB, HTTP and 10 other protocols. First observed on January 21, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.64.104.31catalog →

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade3x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 20.64.104.31

elastic_http_get_request8 http_method_get6 elastic_http_bad_request_path_probe6 ftp_auth_tls3 smtp_ehlo_greeting3 docker_get_method2 https_path_root1 http_path_bad_request1 elastic_root_path_probe1 sip_call_id_token_at_ip1

$ sikker reports 20.64.104.31submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 12:11	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 20.64.104.31

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.42.84.49	22%	44
20.175.203.24	99%	84
20.49.0.100	100%	146
52.177.119.222	95%	37
104.208.108.166	100%	1,115

IP Address	Confidence	Events
34.123.42.157	95%	633
34.182.102.90	84%	4,001
52.36.5.236	58%	439
45.131.194.49	81%	512
20.102.112.104	82%	1,404