Check an IP Address, Domain Name, Subnet, or ASN

158.94.209.131 was found in our database!

$ whois 158.94.209.131

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Omegatech LTD

asn·AS202412

network·Standard

$ sikker risk 158.94.209.131scoring →

confidence

99%Very High

first_seen·Jan 25, 2026

last_seen·1h ago

first_reported·Mar 16, 2026

last_reported·15d ago

sessions·105

events·152

reports·1

$ sikker protocols 158.94.209.131

SSH

79 / 79

SMTP

26 / 73 / 1r

$ sikker summary 158.94.209.131

158.94.209.131 has a threat confidence score of 99%. This IP address from The Netherlands (AS202412, Omegatech LTD) has been observed in 105 honeypot sessions and reported 1 times targeting SSH, SMTP protocols. Detected attack patterns include smtp open relay probe. First observed on January 25, 2026, most recently active March 31, 2026.

$ sikker behaviors 158.94.209.131catalog →

highSmtp Open Relay Probe7x

Automated SMTP interaction sequence consistent with open-relay validation or spam delivery testing. The client performs a full transaction flow (EHLO → RSET → MAIL FROM → RCPT TO → DATA → QUIT) and submits a minimal test message containing known probe markers such as t_Smtp.LocalIP. This pattern indicates scripted activity attempting to confirm whether the server allows unauthenticated message relaying or outbound mail submission. Such behavior is commonly observed from spam bot infrastructure validating targets before larger abuse campaigns.

mediumScp Quiet Remote File Upload38x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

$ sikker primitives 158.94.209.131

ssh_uname_single_flag_query_via_awk117 ssh_uname_s_v_n_r_m39 ssh_nproc_available_cpu_count39 ssh_uname_machine_architecture39 ssh_nvidia_smi_product_name_filter39 ssh_lspci_vga_and_3d_controller_enumeration39 ssh_nvidia_smi_product_name_gpu_count_query39 scp_quiet_to_mode_file_transfer38 smtp_rcpt_to_recipient_declaration26 smtp_data_message_submission17 smtp_mail_from_envelope_sender17 smtp_ehlo_greeting14 smtp_rset_session_reset14 smtp_quit_session_termination10 smtp_body_localip_probe_marker10 smtp_helo_greeting3

$ sikker reports 158.94.209.131submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 01:34	Brute Force	SMTP	SikkerGuard: 6 blocked packets

$ sikker related 158.94.209.131

🇳🇱·More threats fromThe Netherlands→AS·More threats fromOmegatech LTD→SSH·More threats targetingSSH→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
130.12.180.51	100%	23,819
130.12.180.174	91%	4,158
94.154.35.215	93%	38,490
91.92.240.10	96%	290
130.12.180.34	92%	2,684

IP Address	Confidence	Events
62.164.177.27	97%	10,884
45.148.10.192	100%	25,348
45.148.10.240	100%	519,518
45.81.23.7	82%	159
130.12.180.51	100%	23,819