Check an IP Address, Domain Name, Subnet, or ASN

135.222.182.210 was found in our database!

$ whois 135.222.182.210

country·🇺🇸 United States

city·Boydton

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 135.222.182.210scoring →

confidence

98%Very High

first_seen·Feb 28, 2026

last_seen·1h ago

sessions·73

events·73

$ sikker protocols 135.222.182.210

REDIS

72 / 72

HTTP

1 / 1

$ sikker summary 135.222.182.210

135.222.182.210 has a threat confidence score of 98%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 73 honeypot sessions targeting REDIS, HTTP protocols. Detected attack patterns include redis cron persistence direct config abuse. First observed on February 28, 2026, most recently active March 22, 2026.

$ sikker behaviors 135.222.182.210catalog →

very_highRedis Cron Persistence Direct Config Abuse7x

Detects direct Redis configuration abuse where an exposed instance is reconfigured to write malicious cron entries (including root-executed variants using curl or wget-style binaries), followed by SAVE/FLUSHALL to persist the cron file to disk. This behavior identifies automated cron-based persistence and recurring remote code execution without requiring prior reconnaissance commands.

infoRedis Info Command Invocation17x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 135.222.182.210

redis_save115 redis_config_set_dbfilename_custom92 redis_flushall46 redis_info_lowercase24 redis_config_set_dir_etc23 redis_config_set_dir_cron23 redis_config_set_dbfilename23 redis_set_cron_http_pipe_sh23 redis_set_cron_wget_pipe_sh23 redis_config_set_dir_crontabs23 redis_config_set_dir_etc_cron_d23 redis_config_set_dbfilename_root23 redis_set_cron_root_http_pipe_sh23 redis_set_cron_root_wget_pipe_sh23 redis_cron_set_backup4_wd1_pipe_sh23 redis_config_set_dbfilename_crontab23 redis_cron_set_backup3_curl_kworker_sh23 redis_cron_set_backup4_root_wd1_pipe_sh23 redis_cron_set_backup3_root_curl_pipe_sh23 redis_config_set_stop_writes_on_bgsave_error23

$ sikker related 135.222.182.210

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→REDI·More threats targetingREDIS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
52.165.81.92	83%	154
172.190.216.105	100%	96
20.102.112.104	82%	1,560
52.165.81.251	82%	166
20.24.100.112	97%	40

IP Address	Confidence	Events
43.135.144.126	32%	60
157.254.223.79	95%	650
208.3.195.65	100%	98,550
45.131.194.49	84%	822
20.65.194.104	76%	143