I received a report from Qrator saying that portmap was exposed on 185.15.57.20.
I wasn't able to reproduce it (and it says "Last seen: 2022-08-22 14:00:34") but that IP is not documented in DNS nor Netbox.
That IP replies to pings and is routed to wan.cloudgw.codfw1dev.wikimediacloud.org.
185.15.57.16/29 *[Static/5] 3w5d 09:35:28 > to 208.80.153.190 via ae2.2120
Please make sure this IP and any others are documented in Netbox, DNS or ideally both. And double check that portmap isn't exposed as it's a DDoS vector.