Check an IP Address, Domain Name, Subnet, or ASN

4.194.4.255 was found in our database!

$ whois 4.194.4.255

country·🇸🇬 Singapore

city·Singapore

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 4.194.4.255scoring →

confidence

100%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 25, 2026

last_reported·6h ago

sessions·467

events·627

reports·1

$ sikker protocols 4.194.4.255

SSH

467 / 627 / 1r

$ sikker summary 4.194.4.255

4.194.4.255 has a threat confidence score of 100%. This IP address from Singapore (AS8075, Microsoft Corporation) has been observed in 467 honeypot sessions and reported 1 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established. First observed on January 20, 2026, most recently active March 26, 2026.

$ sikker behaviors 4.194.4.255catalog →

very_highSsh Authorized Keys Persistence Established106x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 4.194.4.255

unix_home_ssh_directory_attribute_modification_attempt107 ssh_authorized_keys_replacement_home106

$ sikker reports 4.194.4.255submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 25, 2026, 22:18	Brute Force	SSH	Fail2Ban Report - Bruteforce attempt

$ sikker related 4.194.4.255

🇸🇬·More threats fromSingapore→AS·More threats fromMicrosoft Corporation→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.219.16.35	95%	1,298
135.237.126.127	75%	156
40.71.90.11	97%	86
137.135.124.92	95%	1,234
74.7.227.19	24%	2

IP Address	Confidence	Events
101.47.142.76	99%	417
190.92.200.153	91%	12
103.210.22.17	100%	1,194
47.237.96.27	75%	3
97.74.87.212	94%	676