Check an IP Address, Domain Name, Subnet, or ASN

5.216.80.46 was found in our database!

$ whois 5.216.80.46

country·🇮🇷 Iran

isp·Mobile Communication Company of Iran PLC

asn·AS197207

network·Standard

$ sikker risk 5.216.80.46scoring →

confidence

91%Very High

first_seen·Feb 18, 2026

last_seen·Feb 18, 2026

sessions·13

events·13

$ sikker protocols 5.216.80.46

SSH

13 / 13

$ sikker summary 5.216.80.46

5.216.80.46 has a threat confidence score of 91%. This IP address from Iran (AS197207, Mobile Communication Company of Iran PLC) has been observed in 13 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh shell history tampering via environment reload. First observed on February 18, 2026, most recently active February 18, 2026.

$ sikker behaviors 5.216.80.46catalog →

highSsh Shell History Tampering Via Environment Reload10x

Identifies an SSH session where the actor manipulates shell environment variables (such as HISTFILE, HISTSIZE, HISTCONTROL, or related variables) and reloads or reinitializes shell history in order to suppress, overwrite, or control command logging. The combination of explicitly setting environment variables and triggering a history reload indicates deliberate command history tampering rather than normal shell usage.

$ sikker primitives 5.216.80.46

ssh_echo_shell_environment_variable11 ssh_history_environment_manipulation_and_reload11

$ sikker related 5.216.80.46

🇮🇷·More threats fromIran→AS·More threats fromMobile Communication Company of Iran PLC→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
188.229.79.110	23%	1
188.229.87.39	35%	3
5.209.246.27	42%	5
83.120.189.128	57%	12
89.196.79.8	48%	6

IP Address	Confidence	Events
172.94.9.253	100%	2,679
185.93.89.152	72%	126
77.90.185.17	92%	31,634
212.16.87.65	100%	58
77.90.185.16	84%	4,093