Check an IP Address, Domain Name, Subnet, or ASN

89.111.142.130 was found in our database!

$ whois 89.111.142.130

country·🇷🇺 Russia

city·Moscow

isp·Jsc ru-center

asn·AS39494

network·Standard

$ sikker risk 89.111.142.130scoring →

confidence

93%Very High

first_seen·Mar 26, 2026

last_seen·5d ago

sessions·48

events·48

$ sikker protocols 89.111.142.130

SSH

48 / 48

$ sikker summary 89.111.142.130

89.111.142.130 has a threat confidence score of 93%. This IP address from Russia (AS39494, Jsc ru-center) has been observed in 48 honeypot sessions targeting SSH protocols. First observed on March 26, 2026, most recently active March 26, 2026.

$ sikker behaviors 89.111.142.130catalog →

mediumScp Quiet Remote File Upload21x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

$ sikker primitives 89.111.142.130

ssh_uname_single_flag_query_via_awk78 ssh_nproc_available_cpu_count26 ssh_uname_machine_architecture26 ssh_nvidia_smi_product_name_filter26 ssh_lspci_vga_and_3d_controller_enumeration26 ssh_nvidia_smi_product_name_gpu_count_query26 scp_quiet_to_mode_file_transfer21

$ sikker related 89.111.142.130

🇷🇺·More threats fromRussia→AS·More threats fromJsc ru-center→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
89.111.165.89	69%	24
89.111.142.108	99%	94
89.111.131.83	99%	33
89.111.140.77	88%	76

IP Address	Confidence	Events
77.94.120.206	100%	8,809
90.151.147.41	35%	3
95.215.0.144	98%	11,419
80.66.83.43	100%	5,879
95.26.13.116	32%	12