Check an IP Address, Domain Name, Subnet, or ASN

116.196.85.94 was found in our database!

$ whois 116.196.85.94

country·🇨🇳 China

isp·China Unicom Beijing Province Network

asn·AS4808

network·Standard

$ sikker risk 116.196.85.94scoring →

confidence

50%Medium

first_seen·Mar 29, 2026

last_seen·1h ago

sessions·8

events·8

$ sikker protocols 116.196.85.94

SSH

8 / 8

$ sikker summary 116.196.85.94

116.196.85.94 has a threat confidence score of 50%. This IP address from China (AS4808, China Unicom Beijing Province Network) has been observed in 8 honeypot sessions targeting SSH protocols. First observed on March 29, 2026, most recently active April 2, 2026.

$ sikker behaviors 116.196.85.94catalog →

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 116.196.85.94

unix_home_ssh_directory_attribute_modification_attempt1

$ sikker related 116.196.85.94

🇨🇳·More threats fromChina→AS·More threats fromChina Unicom Beijing Province Network→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
113.209.196.69	91%	14
43.247.250.115	100%	174
114.254.2.251	99%	44
117.50.185.16	100%	231
106.75.11.100	78%	239

IP Address	Confidence	Events
139.129.13.203	84%	43,440
182.121.252.3	100%	29
115.190.233.64	100%	329
112.46.214.24	80%	190
113.249.113.119	73%	53