Check an IP Address, Domain Name, Subnet, or ASN

185.226.196.14 was found in our database!

$ whois 185.226.196.14

country·🇵🇹 Portugal

isp·Zenlayer Inc

asn·AS21859

network·Standard

$ sikker risk 185.226.196.14scoring →

confidence

95%Very High

first_seen·Jan 21, 2026

last_seen·26m ago

first_reported·Mar 7, 2026

last_reported·Mar 7, 2026

sessions·364

events·405

reports·1

$ sikker protocols 185.226.196.14

HTTPS

146 / 157

IMAP

87 / 87

FTP

57 / 57 / 1r

REDIS

7 / 30

TELNET

19 / 24

SIP

23 / 23

RTSP

6 / 8

SMB

6 / 6

MONGODB

6 / 6

HTTP

3 / 3

SSH

2 / 2

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 185.226.196.14

185.226.196.14 has a threat confidence score of 95%. This IP address from Portugal (AS21859, Zenlayer Inc) has been observed in 364 honeypot sessions and reported 1 times targeting HTTPS, IMAP, FTP, REDIS, TELNET and 8 other protocols. First observed on January 21, 2026, most recently active April 20, 2026.

$ sikker behaviors 185.226.196.14catalog →

mediumSip Request Uri Sip Nm1x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Options Probe6x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Upgrade52x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request8x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get2x

HTTP request using GET method.

$ sikker primitives 185.226.196.14

ftp_auth_tls54 https_favicon_ico_request9 https_path_root8 rtsp_options6 http_method_get3 redis_command_ff1 docker_get_method1 sip_request_uri_sip_nm1 elastic_http_get_request1 elastic_http_favicon_path_probe1

$ sikker reports 185.226.196.14submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 7, 2026, 14:12	Brute Force	FTP	SikkerGuard: 16 blocked packets

$ sikker related 185.226.196.14

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.226.196.12	100%	941
185.226.196.15	90%	343
185.226.196.13	96%	420
185.226.197.12	100%	902
185.226.197.15	89%	352

IP Address	Confidence	Events
185.226.196.12	100%	941
185.226.196.15	90%	343
185.226.196.13	96%	420
185.226.197.12	100%	902
185.226.197.15	89%	352