Check an IP Address, Domain Name, Subnet, or ASN

147.185.132.245 was found in our database!

$ whois 147.185.132.245

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 147.185.132.245scoring →

confidence

77%High

first_seen·Jan 22, 2026

last_seen·53m ago

sessions·80

events·106

$ sikker protocols 147.185.132.245

SMTP

30 / 35

RTSP

8 / 22

SIP

10 / 10

MONGODB

3 / 7

SMB

4 / 6

MSSQL

6 / 6

SSH

5 / 5

FTP

4 / 4

HTTPS

2 / 2

TR069

1 / 2

TELNET

2 / 2

ELASTICSEARCH

2 / 2

RDP

1 / 1

HTTP

1 / 1

DOCKER

1 / 1

$ sikker summary 147.185.132.245

147.185.132.245 has a threat confidence score of 77%. This IP address from United States (AS396982, Google LLC) has been observed in 80 honeypot sessions targeting SMTP, RTSP, SIP, MONGODB, SMB and 10 other protocols. First observed on January 22, 2026, most recently active April 30, 2026.

$ sikker behaviors 147.185.132.245catalog →

lowRtsp Options Probe8x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 147.185.132.245

rtsp_options22 smtp_ehlo_greeting7 sip_call_id_alphanumeric_entropy6 mongodb_serverstatus3 ftp_auth_tls2 https_path_root2 docker_get_method2 docker_bad_request_uri2 elastic_root_path_probe2 elastic_http_get_request2 http_method_get1

$ sikker related 147.185.132.245

Report IP WHOIS Lookup →

IP Address	Confidence	Events
205.210.31.152	99%	428
34.77.166.77	100%	542
34.41.211.48	48%	489
205.210.31.89	100%	466
205.210.31.238	99%	417

IP Address	Confidence	Events
104.22.17.36	6%	3
162.158.167.184	4%	2
77.239.106.153	33%	3
162.159.119.19	25%	22
185.218.138.19	97%	29,439