Check an IP Address, Domain Name, Subnet, or ASN

13.89.125.18 was found in our database!

$ whois 13.89.125.18

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 13.89.125.18scoring →

confidence

84%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·148

events·203

$ sikker protocols 13.89.125.18

HTTPS

51 / 79

MONGODB

11 / 17

HTTP

10 / 16

IMAP

14 / 16

SIP

6 / 12

SMTP

10 / 12

SSH

8 / 10

TELNET

6 / 8

SMB

6 / 6

POSTGRES

5 / 6

DOCKER

5 / 5

ELASTICSEARCH

5 / 5

FTP

4 / 4

RDP

2 / 2

MSSQL

2 / 2

REDIS

2 / 2

RTSP

1 / 1

$ sikker summary 13.89.125.18

13.89.125.18 has a threat confidence score of 84%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 148 honeypot sessions targeting HTTPS, MONGODB, HTTP, IMAP, SIP and 12 other protocols. First observed on January 20, 2026, most recently active April 17, 2026.

$ sikker behaviors 13.89.125.18catalog →

mediumSip Call Id Token At Ip1x

SIP activity where the Call-ID follows a token@IP format, a pattern commonly generated by automated scanners and SIP tooling rather than standard client implementations, indicating non-human or enumeration-driven behavior.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe4x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get1x

HTTP request using GET method.

$ sikker primitives 13.89.125.18

http_method_get6 elastic_http_get_request6 docker_get_method5 docker_bad_request_uri4 mongodb_buildinfo3 https_path_root2 http_path_bad_request2 elastic_http_bad_request_path_probe2 rtsp_options1 elastic_root_path_probe1 sip_call_id_token_at_ip1 redis_mglndd_client_identifier_tag1

$ sikker related 13.89.125.18

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.12.240.184	77%	135
20.84.119.5	78%	237
20.65.194.128	86%	262
20.163.4.176	72%	238
13.81.183.29	100%	1,338

IP Address	Confidence	Events
3.143.162.210	100%	10,926
107.175.79.36	98%	8,068
92.118.39.87	100%	268,445
92.118.39.95	100%	90,799
147.185.133.191	72%	136