Check an IP Address, Domain Name, Subnet, or ASN

185.104.63.91 was found in our database!

$ whois 185.104.63.91

country·🇦🇹 Austria

city·Vienna

isp·Interkvm Host Srl

asn·AS25198

network·Standard

$ sikker risk 185.104.63.91scoring →

confidence

97%Very High

first_seen·Apr 29, 2026

last_seen·1m ago

sessions·543

events·543

$ sikker protocols 185.104.63.91

TELNET

543 / 543

$ sikker summary 185.104.63.91

185.104.63.91 has a threat confidence score of 97%. This IP address from Austria (AS25198, Interkvm Host Srl) has been observed in 543 honeypot sessions targeting TELNET protocols. First observed on April 29, 2026, most recently active April 29, 2026.

$ sikker behaviors 185.104.63.91catalog →

mediumTelnet Proc Cmdline Discovery With Directory Navigation539x

Telnet-based shell activity where the actor enumerates process execution context via cat /proc/self/cmdline (or equivalent) and performs directory navigation using cd. This pattern reflects post-access discovery behavior, where the session is inspecting runtime parameters and exploring filesystem layout to understand the execution environment before staging or executing additional actions. The combination indicates environmental reconnaissance rather than immediate payload deployment.

$ sikker primitives 185.104.63.91

telnet_command_cd543 telnet_command_cat_proc_cmdline543

$ sikker related 185.104.63.91

🇦🇹·More threats fromAustria→AS·More threats fromInterkvm Host Srl→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
86.107.178.69	47%	8
188.211.233.37	39%	4
188.211.233.35	39%	4
86.107.178.68	39%	4
46.229.243.199	41%	3

IP Address	Confidence	Events
152.53.248.193	96%	7,266
152.53.230.56	97%	14,602
2.59.22.234	100%	2,755
152.53.177.77	97%	6,691
185.230.219.29	100%	99