Check an IP Address, Domain Name, Subnet, or ASN

130.131.162.184 was found in our database!

$ whois 130.131.162.184

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 130.131.162.184scoring →

confidence

80%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·24d ago

sessions·117

events·164

reports·2

$ sikker protocols 130.131.162.184

HTTPS

40 / 58

HTTP

17 / 28

MONGODB

11 / 17

SMTP

12 / 14 / 1r

DOCKER

4 / 10

TELNET

6 / 8

SMB

6 / 6

SSH

4 / 4

IMAP

4 / 4

REDIS

2 / 4

ELASTICSEARCH

4 / 4

MSSQL

3 / 3 / 1r

FTP

2 / 2

RDP

2 / 2

$ sikker summary 130.131.162.184

130.131.162.184 has a threat confidence score of 80%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 117 honeypot sessions and reported 2 times targeting HTTPS, HTTP, MONGODB, SMTP, DOCKER and 9 other protocols. First observed on January 23, 2026, most recently active April 15, 2026.

$ sikker behaviors 130.131.162.184catalog →

lowHttps Path Developmentserver Metadatauploader Probe2x

HTTPS request to /developmentserver/metadatauploader.

lowRedis Info Reconnaissance1x

The client authenticated to a Redis service and executed the INFO command (info / redis_info_lowercase) without attempting configuration changes, data access, or command execution. The INFO command retrieves server metadata including version, role (master/replica), connected clients, memory usage, persistence settings, and replication status. This behavior is consistent with automated reconnaissance activity where a bot validates exposure, fingerprints the Redis instance, and determines whether it is a viable target for follow-up exploitation (e.g., replication abuse, module loading, or persistence manipulation). No destructive or modification activity was observed in this session.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 130.131.162.184

elastic_http_get_request6 elastic_http_bad_request_path_probe5 mongodb_buildinfo3 http_method_get2 smtp_ehlo_greeting2 redis_info_lowercase2 http_path_bad_request2 https_path_developmentserver_metadatauploader2 docker_get_method1

$ sikker reports 130.131.162.184submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 15:02	Brute Force	MSSQL	SikkerGuard: 2 blocked packets
User	Mar 14, 2026, 15:58	Brute Force	SMTP	SikkerGuard: 2 blocked packets

$ sikker related 130.131.162.184

Report IP WHOIS Lookup →

IP Address	Confidence	Events
135.237.126.217	84%	244
40.74.212.73	91%	214
48.217.87.78	51%	511
52.224.109.126	100%	877
20.228.193.165	84%	53

IP Address	Confidence	Events
205.210.31.226	98%	347
185.218.138.21	97%	16,018
164.90.155.248	100%	8,674
92.118.39.63	100%	77,346
157.230.55.143	100%	8,719