Check an IP Address, Domain Name, Subnet, or ASN

135.233.112.26 was found in our database!

$ whois 135.233.112.26

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 135.233.112.26scoring →

confidence

91%Very High

first_seen·Jan 22, 2026

last_seen·1h ago

first_reported·Mar 13, 2026

last_reported·26d ago

sessions·74

events·115

reports·1

$ sikker protocols 135.233.112.26

HTTPS

24 / 45

HTTP

9 / 15

SSH

6 / 9

FTP

4 / 7

SMTP

6 / 6

ELASTICSEARCH

5 / 5

TELNET

2 / 4 / 1r

REDIS

2 / 4

WINRM

2 / 4

POSTGRES

4 / 4

MONGODB

1 / 3

RDP

2 / 2

IMAP

2 / 2

MSSQL

2 / 2

DOCKER

2 / 2

RTSP

1 / 1

$ sikker summary 135.233.112.26

135.233.112.26 has a threat confidence score of 91%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 74 honeypot sessions and reported 1 times targeting HTTPS, HTTP, SSH, FTP, SMTP and 11 other protocols. Detected attack patterns include https autodiscover powershell probe. First observed on January 22, 2026, most recently active April 8, 2026.

$ sikker behaviors 135.233.112.26catalog →

highHttps Autodiscover Powershell Probe1x

HTTPS request to /autodiscover/autodiscover.json with a query string containing @zdi/Powershell.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Http Method Get1x

HTTP request using GET method.

$ sikker primitives 135.233.112.26

elastic_http_get_request7 http_method_get5 elastic_http_bad_request_path_probe4 docker_get_method2 redis_info_lowercase2 ftp_auth_tls1 rtsp_options1 http_path_bad_request1 elastic_root_path_probe1 https_autodiscover_json_path_probe1 https_query_powershell_reference_zdi1

$ sikker reports 135.233.112.26submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 22:23	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 135.233.112.26

Report IP WHOIS Lookup →

IP Address	Confidence	Events
23.97.62.137	99%	71
23.97.62.113	100%	3,063
20.64.105.152	73%	132
20.84.152.213	67%	140
172.202.118.47	88%	210

IP Address	Confidence	Events
216.180.246.195	81%	102
104.248.48.89	94%	128
167.172.150.46	54%	5
199.45.155.87	49%	536
79.127.147.210	77%	998