Check an IP Address, Domain Name, Subnet, or ASN

94.143.231.253 was found in our database!

$ whois 94.143.231.253

country·🇩🇪 Germany

city·Frankfurt am Main

isp·dataforest GmbH

asn·AS58212

network·Standard

$ sikker risk 94.143.231.253scoring →

confidence

93%Very High

first_seen·Feb 20, 2026

last_seen·Feb 20, 2026

sessions·21

events·21

$ sikker protocols 94.143.231.253

SSH

18 / 18

HTTPS

3 / 3

$ sikker summary 94.143.231.253

94.143.231.253 has a threat confidence score of 93%. This IP address from Germany (AS58212, dataforest GmbH) has been observed in 21 honeypot sessions targeting SSH, HTTPS protocols. Detected attack patterns include ssh shell history tampering via environment reload. First observed on February 20, 2026, most recently active February 20, 2026.

$ sikker behaviors 94.143.231.253catalog →

highSsh Shell History Tampering Via Environment Reload11x

Identifies an SSH session where the actor manipulates shell environment variables (such as HISTFILE, HISTSIZE, HISTCONTROL, or related variables) and reloads or reinitializes shell history in order to suppress, overwrite, or control command logging. The combination of explicitly setting environment variables and triggering a history reload indicates deliberate command history tampering rather than normal shell usage.

$ sikker primitives 94.143.231.253

ssh_echo_shell_environment_variable18 ssh_history_environment_manipulation_and_reload18

$ sikker related 94.143.231.253

🇩🇪·More threats fromGermany→AS·More threats fromdataforest GmbH→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.254.96.178	73%	20
176.96.136.202	27%	1
5.231.70.68	96%	102
185.254.97.196	85%	13
2.59.134.147	44%	6

IP Address	Confidence	Events
152.53.191.128	83%	55,215
87.106.147.36	99%	206,488
64.188.83.244	100%	382
87.98.242.75	97%	19,107
62.171.133.1	96%	9,046