Check an IP Address, Domain Name, Subnet, or ASN

88.214.25.124 was found in our database!

Confidence Level

92%

Very High?

Geolocation

🇩🇪

Germany

ISPLayer7 Networks GmbH

ASNAS35042

Activity Timeline

First seenJan 20, 2026, 01:48 PM

Last seen5h ago

First reportedMar 1, 2026, 07:45 AM

Last reported2d ago

630Sessions

931Events

2Reports

Protocol Breakdown

HTTPS

184 / 281

SMTP

78 / 120

SIP

56 / 95

HTTP

44 / 88

FTP

42 / 73

SMB

56 / 56

REDIS

31 / 47

SSH

35 / 41

IMAP

34 / 41

RTSP

24 / 30

MONGODB

22 / 30

POSTGRES

9 / 9

TR069

2 / 6

RDP

4 / 4

MSSQL

3 / 3

DOCKER

3 / 3

TELNET

2 / 3

ELASTICSEARCH

1 / 1

88.214.25.124 has a very high threat confidence level of 92%, originating from Germany, on the Layer7 Networks GmbH network (35042). It has been observed across 630 sessions targeting HTTPS, SMTP, SIP, HTTP, FTP and 13 other protocols, First observed on January 20, 2026, most recently active March 9, 2026.

Behaviors

Classified behavioral patterns observed

Rdp Nla Ntlm Authentication Attempt

medium2x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

Http Bad Request Route Probe

info5x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Docker Invalid Protocol Probe

info3x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

Primitives

Individual actions observed

Ftp Control Channel Binary Payload15 Http Method Get5 Http Path Bad Request5 Docker Get Method3 Docker Bad Request Uri3 Rdp Nla Ntlm Auth2 Elastic Http Get Request1 Elastic Http Bad Request Path Probe1

User Reports

2 reports from 1 contributor

Date	Category	Protocol	Comment
Mar 7, 2026	Brute Force	FTP	SikkerGuard: 6 blocked packets
Mar 1, 2026	Brute Force	FTP	SikkerGuard: 4 blocked packets

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
88.214.25.121	92%	992
88.214.25.123	88%	1,192
88.214.25.125	91%	747
193.24.208.56	74%	1,400

IP Address	Confidence	Events
89.163.204.62	88%	73,411
152.53.191.128	84%	47,537
87.106.147.36	100%	93,338
167.71.45.216	85%	85
157.230.22.86	98%	55