Check an IP Address, Domain Name, Subnet, or ASN

185.226.197.50 was found in our database!

$ whois 185.226.197.50

country·🇵🇹 Portugal

isp·Zenlayer Inc

asn·AS21859

network·Standard

$ sikker risk 185.226.197.50scoring →

confidence

84%Very High

first_seen·Jan 24, 2026

last_seen·1h ago

first_reported·Feb 26, 2026

last_reported·22d ago

sessions·169

events·209

reports·1

$ sikker protocols 185.226.197.50

HTTPS

69 / 77

IMAP

34 / 42

FTP

24 / 24

MONGODB

7 / 16

TELNET

12 / 15 / 1r

HTTP

5 / 9

DOCKER

3 / 7

SIP

4 / 6

SMB

5 / 5

SSH

2 / 4

RTSP

4 / 4

$ sikker summary 185.226.197.50

185.226.197.50 has a threat confidence score of 84%. This IP address from Portugal (AS21859, Zenlayer Inc) has been observed in 169 honeypot sessions and reported 1 times targeting HTTPS, IMAP, FTP, MONGODB, TELNET and 6 other protocols. First observed on January 24, 2026, most recently active March 21, 2026.

$ sikker behaviors 185.226.197.50catalog →

lowRtsp Options Probe3x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

$ sikker primitives 185.226.197.50

rtsp_options4 https_path_root4 http_method_get2 imap_logout1 ftp_auth_tls1 docker_get_method1 imap_capability_probe1 mongodb_hello_command1

$ sikker reports 185.226.197.50submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 26, 2026, 09:46	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 185.226.197.50

🇵🇹·More threats fromPortugal→AS·More threats fromZenlayer Inc→HTTP·More threats targetingHTTPS→IMAP·More threats targetingIMAP→FTP·More threats targetingFTP→MONG·More threats targetingMONGODB→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→SIP·More threats targetingSIP→SMB·More threats targetingSMB→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
109.105.210.65	79%	188
109.105.210.64	74%	163
109.105.210.62	99%	441
185.226.196.7	85%	1,996
185.226.197.12	100%	526

IP Address	Confidence	Events
45.156.131.7	84%	2,036
45.156.129.80	99%	512
45.156.129.81	79%	205
45.156.129.83	78%	212
45.156.129.82	74%	171