Check an IP Address, Domain Name, Subnet, or ASN

182.92.202.149 was found in our database!

$ whois 182.92.202.149

country·🇨🇳 China

city·Beijing

isp·Hangzhou Alibaba Advertising Co.,Ltd.

asn·AS37963

network·Standard

$ sikker risk 182.92.202.149scoring →

confidence

88%Very High

first_seen·Jan 21, 2026

last_seen·9h ago

first_reported·Mar 16, 2026

last_reported·3d ago

sessions·391

events·547

reports·1

$ sikker protocols 182.92.202.149

REDIS

111 / 223

MSSQL

117 / 117

SSH

56 / 70

MONGODB

49 / 63 / 1r

MYSQL

30 / 46

RDP

28 / 28

$ sikker summary 182.92.202.149

182.92.202.149 has a threat confidence score of 88%. This IP address from China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.) has been observed in 391 honeypot sessions and reported 1 times targeting REDIS, MSSQL, SSH, MONGODB, MYSQL and 1 other protocols. First observed on January 21, 2026, most recently active March 20, 2026.

$ sikker behaviors 182.92.202.149catalog →

mediumMysql User Schema Table Footprint Reconnaissance2x

Attacker enumerates non-system MySQL database schemas and associated table statistics (row counts, storage size, average row size) via metadata queries against the TABLES catalog. This activity indicates targeted discovery of accessible application datasets and data volume profiling to prioritize exfiltration, credential harvesting, or destructive actions against high-value databases.

infoRedis Info Command Invocation29x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 182.92.202.149

redis_info_lowercase47 redis_command_http_host_header_port_63792 mysql_select_tables_metadata_excluding_system_schemas2

$ sikker reports 182.92.202.149submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 16:08	Brute Force	MONGODB	SikkerGuard: 2 blocked packets

$ sikker related 182.92.202.149

🇨🇳·More threats fromChina→AS·More threats fromHangzhou Alibaba Advertising Co.,Ltd.→REDI·More threats targetingREDIS→MSSQ·More threats targetingMSSQL→SSH·More threats targetingSSH→MONG·More threats targetingMONGODB→MYSQ·More threats targetingMYSQL→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.112.212.56	83%	2,775
47.93.250.117	96%	47
47.93.1.160	81%	17,968
39.101.187.162	75%	7
121.43.116.220	57%	39

IP Address	Confidence	Events
120.195.161.46	93%	94,675
47.112.212.56	83%	2,768
106.58.219.148	93%	283
36.212.221.233	95%	106
219.155.202.167	100%	22