Check an IP Address, Domain Name, Subnet, or ASN

147.185.133.181 was found in our database!

$ whois 147.185.133.181

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 147.185.133.181scoring →

confidence

70%High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·67

events·87

$ sikker protocols 147.185.133.181

SMTP

32 / 44

HTTPS

10 / 12

REDIS

7 / 7

MONGODB

3 / 7

SMB

4 / 4

SSH

4 / 4

HTTP

2 / 4

TELNET

2 / 2

RDP

1 / 1

RTSP

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 147.185.133.181

147.185.133.181 has a threat confidence score of 70%. This IP address from United States (AS396982, Google LLC) has been observed in 67 honeypot sessions targeting SMTP, HTTPS, REDIS, MONGODB, SMB and 6 other protocols. First observed on January 22, 2026, most recently active April 7, 2026.

$ sikker behaviors 147.185.133.181catalog →

infoRedis Info Command Invocation6x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Http Method Get1x

HTTP request using GET method.

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 147.185.133.181

smtp_ehlo_greeting13 redis_info_uppercase7 mongodb_serverstatus3 http_method_get2 https_path_root2 elastic_root_path_probe1 elastic_http_get_request1

$ sikker related 147.185.133.181

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.166.82.59	96%	145
205.210.31.2	96%	251
34.38.83.65	100%	944
34.140.251.161	100%	124
147.185.132.197	76%	132

IP Address	Confidence	Events
45.33.67.69	23%	1
45.33.12.122	84%	2,002
79.127.147.207	85%	2,511
206.223.225.190	64%	762
92.118.39.72	100%	120,753