Check an IP Address, Domain Name, Subnet, or ASN

95.85.159.109 was found in our database!

$ whois 95.85.159.109

country·🇷🇸 Serbia

city·Temerin

isp·Sat-Trakt D.O.O.

asn·AS41897

network·Standard

$ sikker risk 95.85.159.109scoring →

confidence

74%High

first_seen·Apr 12, 2026

last_seen·4d ago

sessions·3

events·3

$ sikker protocols 95.85.159.109

SSH

3 / 3

$ sikker summary 95.85.159.109

95.85.159.109 has a threat confidence score of 74%. This IP address from Serbia (AS41897, Sat-Trakt D.O.O.) has been observed in 3 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh routeros cloud probe and telegram sms artifact discovery. First observed on April 12, 2026, most recently active April 14, 2026.

$ sikker behaviors 95.85.159.109catalog →

highSsh Routeros Cloud Probe And Telegram Sms Artifact Discovery3x

SSH post-auth sequence running RouterOS cloud/DDNS commands, Telegram data path checks, GSM/SMS artifact searches, and miner process lookups (`ps | grep miner`), preceded by basic system enumeration.

$ sikker primitives 95.85.159.109

ssh_routeros_ip_cloud_print_probe6 ssh_uname_all3 ssh_cat_proc_cpuinfo3 ssh_ps_ef_grep_miner_bracket_case3 ssh_ifconfig_interface_enumeration3 ssh_routeros_user_set_password_id03 ssh_echo_hi_pipe_cat_numbering_test3 ssh_locate_telegram_tdata_identifier3 ssh_routeros_interface_lte_print_probe3 ssh_routeros_ip_cloud_set_ddns_enabled3 ssh_ps_pipe_grep_miner_case_insensitive3 ssh_ls_telegram_tdata_and_gsm_sms_artifacts3

$ sikker related 95.85.159.109

🇷🇸·More threats fromSerbia→AS·More threats fromSat-Trakt D.O.O.→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
46.240.142.214	26%	107
109.93.143.87	39%	4
89.216.115.87	28%	105
212.200.119.102	50%	842
109.207.41.125	46%	386