Check an IP Address, Domain Name, Subnet, or ASN

185.214.96.187 was found in our database!

$ whois 185.214.96.187

country·🇱🇻 Latvia

city·Riga

isp·PacketHub S.A.

asn·AS207137

network·Standard

$ sikker risk 185.214.96.187scoring →

confidence

86%Very High

first_seen·Mar 11, 2026

last_seen·10d ago

sessions·26

events·26

$ sikker protocols 185.214.96.187

RDP

26 / 26

$ sikker summary 185.214.96.187

185.214.96.187 has a threat confidence score of 86%. This IP address from Latvia (AS207137, PacketHub S.A.) has been observed in 26 honeypot sessions targeting RDP protocols. First observed on March 11, 2026, most recently active March 11, 2026.

$ sikker behaviors 185.214.96.187catalog →

mediumRdp Legacy Plaintext Authentication Attempt13x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

$ sikker primitives 185.214.96.187

rdp_legacy_plaintext_authenthication13

$ sikker related 185.214.96.187

🇱🇻·More threats fromLatvia→AS·More threats fromPacketHub S.A.→RDP·More threats targetingRDP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.214.96.228	23%	1
45.10.157.45	79%	3
94.156.150.69	30%	2
89.46.8.108	38%	3
89.46.8.97	41%	1

IP Address	Confidence	Events
91.135.22.131	96%	133
91.218.142.154	35%	3
185.113.139.51	100%	848
31.59.102.138	100%	133
86.54.25.210	45%	19