Check an IP Address, Domain Name, Subnet, or ASN

13.89.125.17 was found in our database!

Confidence Level

60%

High?

Geolocation

🇺🇸

United StatesDes Moines

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenJan 21, 2026, 12:39 AM

Last seen2h ago

71Sessions

112Events

Protocol Breakdown

HTTPS

13 / 23

SMTP

10 / 20

HTTP

5 / 13

FTP

6 / 12

SSH

12 / 12

IMAP

7 / 9

TELNET

4 / 6

SMB

4 / 5

MSSQL

4 / 4

DOCKER

1 / 3

POSTGRES

2 / 2

ELASTICSEARCH

2 / 2

MONGODB

1 / 1

13.89.125.17 has a threat confidence score of 60%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 71 honeypot sessions targeting HTTPS, SMTP, HTTP, FTP, SSH and 8 other protocols. First observed on January 21, 2026, most recently active March 12, 2026.

Behaviors

Classified behavioral patterns observed

Http Root Path Request

info2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Smtp Ehlo Greeting6 Http Method Get2 Elastic Http Get Request2 Elastic Http Bad Request Path Probe2 Ftp Auth Tls1 Https Path Root1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
20.115.45.115	52%	39
52.138.202.102	87%	28
172.191.94.172	100%	129
172.174.17.234	100%	206
135.222.40.33	49%	29

IP Address	Confidence	Events
130.12.180.101	91%	26,993
130.12.180.71	91%	27,935
130.12.180.92	91%	26,653
205.210.31.147	89%	125
130.12.180.19	91%	27,841