Check an IP Address, Domain Name, Subnet, or ASN

104.248.194.6 was found in our database!

$ whois 104.248.194.6

country·🇳🇱 The Netherlands

city·Amsterdam

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 104.248.194.6scoring →

confidence

100%Very High

first_seen·Mar 16, 2026

last_seen·1h ago

sessions·340

events·340

$ sikker protocols 104.248.194.6

SSH

226 / 226

HTTP

104 / 104

HTTPS

10 / 10

$ sikker summary 104.248.194.6

104.248.194.6 has a threat confidence score of 100%. This IP address from The Netherlands (AS14061, DigitalOcean, LLC) has been observed in 340 honeypot sessions targeting SSH, HTTP, HTTPS protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass, http git repository config exposure probe. First observed on March 16, 2026, most recently active March 25, 2026.

$ sikker behaviors 104.248.194.6catalog →

highSsh Hardened Host Profiling And Shell Rc Immutability Bypass212x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

highHttp Git Repository Config Exposure Probe5x

Identifies HTTP GET requests targeting /.git/config, indicating attempts to access exposed Git repository configuration files. Successful access may enable repository reconstruction, credential harvesting, or source code disclosure.

infoHttp Root Path Request83x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 104.248.194.6

unix_chattr_remove_immutable_flag_home_shell_rc214 hardened_cpu_enumeration_with_explicit_nproc_path214 http_method_get99 http_path_dotgit_config5 ssh_scp_target_mode_tmp_directory2 ssh_echo_home_environment_variable2 ssh_scp_target_mode_dev_shm_directory2 ssh_scp_target_mode_var_tmp_directory2 http_path_dotaws_credentials1

$ sikker related 104.248.194.6

🇳🇱·More threats fromThe Netherlands→AS·More threats fromDigitalOcean, LLC→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
174.138.53.142	75%	3
170.64.167.72	76%	1,121
207.154.254.44	100%	1,079
165.232.185.46	75%	13
157.230.60.143	75%	3

IP Address	Confidence	Events
94.154.35.215	93%	36,388
93.174.93.12	96%	10,989
46.151.178.13	90%	297
45.148.10.192	100%	21,330
194.50.16.198	100%	47,374