Check an IP Address, Domain Name, Subnet, or ASN

48.214.144.191 was found in our database!

$ whois 48.214.144.191

country·🇺🇸 United States

city·Des Moines

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 48.214.144.191scoring →

confidence

83%Very High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Mar 9, 2026

last_reported·6d ago

sessions·130

events·199

reports·2

$ sikker protocols 48.214.144.191

HTTP

15 / 28 / 2r

HTTPS

22 / 29

SSH

12 / 21

SMTP

8 / 21

SMB

11 / 12

FTP

6 / 11

DOCKER

5 / 11

MONGODB

7 / 11

IMAP

8 / 10

TELNET

10 / 10

SIP

4 / 8

REDIS

4 / 8

POSTGRES

6 / 7

MSSQL

6 / 6

ELASTICSEARCH

4 / 4

RDP

2 / 2

$ sikker summary 48.214.144.191

48.214.144.191 has a threat confidence score of 83%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 130 honeypot sessions and reported 2 times targeting HTTP, HTTPS, SSH, SMTP, SMB and 11 other protocols. First observed on January 24, 2026, most recently active March 23, 2026.

$ sikker behaviors 48.214.144.191catalog →

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation3x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 48.214.144.191

http_method_get8 elastic_http_get_request5 redis_info_lowercase4 elastic_http_bad_request_path_probe4 mongodb_buildinfo3 ftp_auth_tls2 docker_get_method2 ftp_auth_ssl1 http_path_bad_request1

$ sikker reports 48.214.144.191submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 21:01	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 9, 2026, 09:12	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 48.214.144.191

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.84.144.171	56%	90
52.185.213.71	92%	39
40.124.186.155	72%	191
20.102.112.104	82%	2,427
20.171.25.78	65%	170

IP Address	Confidence	Events
144.202.82.88	77%	15,444
45.61.184.223	98%	1,174
20.102.112.104	82%	2,427
3.130.168.2	100%	26,419
172.245.195.18	100%	6,368