Check an IP Address, Domain Name, Subnet, or ASN

13.89.125.225 was found in our database!

$ whois 13.89.125.225

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 13.89.125.225scoring →

confidence

73%High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·118

events·171

$ sikker protocols 13.89.125.225

HTTPS

30 / 42

SMTP

16 / 27

SSH

14 / 20

HTTP

12 / 18

FTP

6 / 12

REDIS

4 / 9

IMAP

6 / 8

TELNET

6 / 8

SMB

6 / 7

ELASTICSEARCH

5 / 5

POSTGRES

4 / 4

SIP

1 / 3

RDP

2 / 2

MSSQL

2 / 2

DOCKER

2 / 2

MONGODB

2 / 2

$ sikker summary 13.89.125.225

13.89.125.225 has a threat confidence score of 73%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 118 honeypot sessions targeting HTTPS, SMTP, SSH, HTTP, FTP and 11 other protocols. First observed on January 21, 2026, most recently active March 26, 2026.

$ sikker behaviors 13.89.125.225catalog →

lowRedis Mglndd Campaign Activity1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 13.89.125.225

smtp_ehlo_greeting10 http_method_get8 elastic_http_get_request6 elastic_http_bad_request_path_probe5 https_path_root3 docker_get_method2 redis_info_lowercase1 elastic_root_path_probe1 redis_mglndd_client_identifier_tag1

$ sikker related 13.89.125.225

Report IP WHOIS Lookup →

IP Address	Confidence	Events
4.204.200.32	46%	32
135.237.124.223	56%	38
137.135.124.92	95%	1,209
172.211.56.214	100%	638
20.171.28.177	64%	116

IP Address	Confidence	Events
43.166.137.151	100%	210
54.161.202.8	51%	23
66.132.172.201	98%	175
66.132.172.129	89%	137
66.132.224.224	87%	60