Check an IP Address, Domain Name, Subnet, or ASN

103.110.221.191 was found in our database!

$ whois 103.110.221.191

country·🇯🇵 Japan

city·Tokyo

isp·JT TELECOM INTERNATIONAL PTE.LTD.

asn·AS137535

network·Standard

$ sikker risk 103.110.221.191scoring →

confidence

61%High

first_seen·Apr 22, 2026

last_seen·49m ago

sessions·3

events·3

$ sikker protocols 103.110.221.191

RDP

3 / 3

$ sikker summary 103.110.221.191

103.110.221.191 has a threat confidence score of 61%. This IP address from Japan (AS137535, JT TELECOM INTERNATIONAL PTE.LTD.) has been observed in 3 honeypot sessions targeting RDP protocols. First observed on April 22, 2026, most recently active May 5, 2026.

$ sikker behaviors 103.110.221.191catalog →

mediumRdp Nla Ntlm Authentication Attempt2x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

$ sikker primitives 103.110.221.191

rdp_nla_ntlm_auth2 rdp_legacy_plaintext_authenthication1

$ sikker related 103.110.221.191

🇯🇵·More threats fromJapan→AS·More threats fromJT TELECOM INTERNATIONAL PTE.LTD.→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
142.248.136.189	94%	278
142.248.136.131	54%	3
142.248.136.117	89%	33

IP Address	Confidence	Events
118.193.61.87	66%	4
116.80.72.226	96%	5,043
210.149.87.235	93%	1,202
18.183.117.73	95%	76
49.212.205.206	95%	732