Check an IP Address, Domain Name, Subnet, or ASN

135.237.127.112 was found in our database!

$ whois 135.237.127.112

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 135.237.127.112scoring →

confidence

72%High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·122

events·163

$ sikker protocols 135.237.127.112

HTTPS

36 / 52

SSH

13 / 21

HTTP

14 / 20

POSTGRES

16 / 16

SMTP

7 / 11

TELNET

10 / 10

SMB

8 / 8

REDIS

3 / 8

DOCKER

3 / 5

MONGODB

5 / 5

ELASTICSEARCH

5 / 5

IMAP

2 / 2

$ sikker summary 135.237.127.112

135.237.127.112 has a threat confidence score of 72%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 122 honeypot sessions targeting HTTPS, SSH, HTTP, POSTGRES, SMTP and 7 other protocols. First observed on January 23, 2026, most recently active March 22, 2026.

$ sikker behaviors 135.237.127.112catalog →

lowRedis Mglndd Campaign Activity1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 135.237.127.112

elastic_http_get_request6 smtp_ehlo_greeting5 http_method_get4 elastic_http_bad_request_path_probe4 docker_get_method3 mongodb_buildinfo3 https_path_root2 http_path_bad_request2 elastic_root_path_probe1 redis_mglndd_client_identifier_tag1

$ sikker related 135.237.127.112

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	1,526
40.82.214.8	100%	799
13.83.90.155	98%	30
172.191.132.202	100%	182
135.222.182.210	98%	73

IP Address	Confidence	Events
34.82.98.110	79%	5,903
92.118.39.62	100%	373,034
167.94.138.59	50%	1,675
96.0.160.144	87%	21,113
65.49.1.145	51%	67