Check an IP Address, Domain Name, Subnet, or ASN

147.185.133.212 was found in our database!

$ whois 147.185.133.212

country·🇺🇸 United States

isp·Google LLC

asn·AS396982

network·Standard

$ sikker risk 147.185.133.212scoring →

confidence

96%Very High

first_seen·Jan 29, 2026

last_seen·1h ago

first_reported·Mar 1, 2026

last_reported·24d ago

sessions·154

events·192

reports·1

$ sikker protocols 147.185.133.212

SIP

25 / 47

SMTP

38 / 47

ELASTICSEARCH

21 / 21

RTSP

20 / 20 / 1r

TELNET

16 / 16

RDP

12 / 12

DOCKER

2 / 6

MSSQL

5 / 5

REDIS

5 / 5

HTTP

2 / 4

FTP

3 / 3

HTTPS

2 / 3

MONGODB

2 / 2

SSH

1 / 1

$ sikker summary 147.185.133.212

147.185.133.212 has a threat confidence score of 96%. This IP address from United States (AS396982, Google LLC) has been observed in 154 honeypot sessions and reported 1 times targeting SIP, SMTP, ELASTICSEARCH, RTSP, TELNET and 9 other protocols. First observed on January 29, 2026, most recently active March 26, 2026.

$ sikker behaviors 147.185.133.212catalog →

mediumRdp Legacy Plaintext Authentication Attempt2x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

lowRtsp Options Probe20x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 147.185.133.212

elastic_root_path_probe21 elastic_http_get_request21 rtsp_options20 sip_call_id_alphanumeric_entropy14 docker_get_method12 smtp_ehlo_greeting12 docker_bad_request_uri11 redis_info_uppercase3 http_method_get2 https_path_root2 rdp_legacy_plaintext_authenthication2 redis_command_ff1 redis_command_32c03840666aa2a3351 redis_command_cc676b33393c3d2f35c01

$ sikker reports 147.185.133.212submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 1, 2026, 16:45	Brute Force	RTSP	SikkerGuard: 2 blocked packets

$ sikker related 147.185.133.212

Report IP WHOIS Lookup →

IP Address	Confidence	Events
162.216.150.220	63%	110
147.185.132.181	70%	114
205.210.31.94	97%	340
205.210.31.197	98%	332
198.235.24.159	95%	159

IP Address	Confidence	Events
167.94.146.55	50%	3,331
92.118.39.63	100%	57,471
45.61.184.223	99%	13,178
65.49.1.182	100%	1,652
172.69.70.89	6%	24