Check an IP Address, Domain Name, Subnet, or ASN

130.131.162.156 was found in our database!

$ whois 130.131.162.156

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 130.131.162.156scoring →

confidence

75%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·101

events·141

$ sikker protocols 130.131.162.156

HTTPS

38 / 60

HTTP

8 / 14

SMTP

8 / 12

DOCKER

4 / 8

REDIS

4 / 7

RDP

6 / 6

TELNET

6 / 6

ELASTICSEARCH

6 / 6

SMB

4 / 5

POSTGRES

5 / 5

SSH

4 / 4

MONGODB

3 / 3

FTP

2 / 2

IMAP

2 / 2

MSSQL

1 / 1

$ sikker summary 130.131.162.156

130.131.162.156 has a threat confidence score of 75%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 101 honeypot sessions targeting HTTPS, HTTP, SMTP, DOCKER, REDIS and 10 other protocols. First observed on January 23, 2026, most recently active April 15, 2026.

$ sikker behaviors 130.131.162.156catalog →

lowHttps Path Developmentserver Metadatauploader Probe2x

HTTPS request to /developmentserver/metadatauploader.

lowRedis Mglndd Campaign Activity1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 130.131.162.156

elastic_http_get_request9 elastic_http_bad_request_path_probe5 http_method_get3 docker_get_method3 elastic_root_path_probe2 redis_mglndd_client_identifier_tag2 https_path_developmentserver_metadatauploader2 smtp_ehlo_greeting1 http_path_bad_request1

$ sikker related 130.131.162.156

Report IP WHOIS Lookup →

IP Address	Confidence	Events
4.229.232.110	97%	38
172.173.200.62	100%	204
23.97.62.135	100%	96
20.65.194.167	88%	197
20.169.105.90	90%	218

IP Address	Confidence	Events
148.153.56.58	68%	568
104.248.48.89	99%	1,093
45.205.1.28	86%	366
50.116.57.9	32%	2
66.240.236.116	100%	2,752