Check an IP Address, Domain Name, Subnet, or ASN

147.185.132.25 was found in our database!

Confidence Level

92%

Very High?

Geolocation

🇺🇸

United States

ISPGoogle LLC

ASNAS396982

Activity Timeline

First seenJan 21, 2026, 08:23 PM

Last seen2h ago

181Sessions

278Events

Protocol Breakdown

HTTP

26 / 36

HTTPS

22 / 35

SSH

25 / 32

FTP

15 / 29

SMTP

10 / 26

IMAP

15 / 25

SMB

18 / 20

SIP

10 / 15

REDIS

5 / 11

TELNET

8 / 10

MONGODB

4 / 10

RDP

8 / 8

RTSP

5 / 7

WINRM

2 / 4

MSSQL

3 / 3

TR069

1 / 3

POSTGRES

2 / 2

ELASTICSEARCH

2 / 2

147.185.132.25 has a threat confidence score of 92%. This IP address from United States (AS396982, Google LLC) has been observed in 181 honeypot sessions targeting HTTP, HTTPS, SSH, FTP, SMTP and 13 other protocols. First observed on January 21, 2026, most recently active March 12, 2026.

Behaviors

Classified behavioral patterns observed

Rdp Legacy Plaintext Authentication Attempt

medium2x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

Rtsp Options Probe

low5x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Http Root Path Request

info8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Ftp Tls Upgrade

info7x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Redis Info Command Invocation

info5x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

Https Root Path Request

info3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Http Method Get9 Ftp Auth Tls8 Mongodb Buildinfo8 Mongodb Listdatabases8 Rtsp Options5 Redis Info Lowercase5 Sip Call Id Alphanumeric Entropy4 Https Path Root3 Imap Capability Probe2 Elastic Root Path Probe2 Elastic Http Get Request2 Rdp Legacy Plaintext Authenthication2 Http Path Bad Request1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
162.216.150.182	64%	119
198.235.24.24	79%	117
147.185.132.127	80%	240
198.235.24.102	92%	250
205.210.31.81	96%	245

IP Address	Confidence	Events
65.49.1.80	99%	1,417
130.12.180.44	91%	28,311
130.12.180.89	91%	27,590
130.12.181.85	86%	1,532
130.12.180.109	91%	27,681