Check an IP Address, Domain Name, Subnet, or ASN

142.248.80.104 was found in our database!

$ whois 142.248.80.104

country·🇺🇸 United States

isp·Advin Services LLC

asn·AS22295

network·Standard

$ sikker risk 142.248.80.104scoring →

confidence

99%Very High

first_seen·Apr 11, 2026

last_seen·2m ago

sessions·1,087

events·1,089

$ sikker protocols 142.248.80.104

SSH

1,087 / 1,089

$ sikker summary 142.248.80.104

142.248.80.104 has a threat confidence score of 99%. This IP address from United States (AS22295, Advin Services LLC) has been observed in 1,087 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh post auth comprehensive host profiling, ssh post auth full host reconnaissance sweep. First observed on April 11, 2026, most recently active April 14, 2026.

$ sikker behaviors 142.248.80.104catalog →

highSsh Post Auth Comprehensive Host Profiling7x

Identifies structured post-authentication SSH activity consistent with automated host qualification and capability assessment. The session performs broad system enumeration including kernel and version queries, CPU and process inspection, network configuration and listening service discovery, service inventory via systemctl, credential file probing (/etc/passwd, /etc/shadow), hostname retrieval (command and file read), root and filesystem inspection, connectivity validation via ping, temporary file creation and cleanup, and command resolution checks to evaluate system suitability for further exploitation or staging.

highSsh Post Auth Full Host Reconnaissance Sweep2x

Identifies structured post-authentication SSH activity consistent with automated host profiling. The session executes a broad enumeration sequence including system versioning, CPU details, network configuration, listening services, process snapshots, identity context, environment variables, filesystem inspection, and credential file probing to fingerprint the host and assess exploitation potential.

$ sikker primitives 142.248.80.104

ssh_which_command_resolution39 ssh_whoami_user_identity31 ssh_pwd_current_directory30 ssh_rm_force_tmp_file_deletion23 ssh_id_identity_query21 ssh_ls_long_all_directory_listing_absolute14 ssh_hostname13 ssh_uname_all13 ssh_client_version13 ssh_uptime_default13 ssh_env_head_truncated13 ssh_mount_top_entries_snapshot13 ssh_ps_aux_top_process_snapshot13 ssh_history_tail_recent_commands13 ssh_netstat_tulpn_listener_snapshot13 ssh_netstat_listen_ports_head12 ssh_cpu_model_name_enumeration12 ssh_ip_route_table_enumeration12 ssh_passwd_file_first_line_read12 ssh_shadow_file_first_line_read12

$ sikker related 142.248.80.104

🇺🇸·More threats fromUnited States→AS·More threats fromAdvin Services LLC→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
142.248.80.144	84%	70
142.248.80.38	71%	64
142.248.80.163	79%	280
142.248.80.31	63%	12
23.137.105.248	11%	5

IP Address	Confidence	Events
70.166.167.35	36%	304
185.218.138.3	97%	15,172
87.121.84.21	98%	633
66.132.172.111	100%	423
104.234.32.241	72%	109