Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
103.53.231.159 has a very high threat confidence level of 100%, originating from Vietnam, on the AOHOAVIET network (131427). It has been observed across 3,548 sessions targeting SSH, TELNET, with detected attack patterns including ssh post auth environment profiling sweep, ssh post auth comprehensive host profiling, ssh comprehensive host reconnaissance sequence and 1 more, First observed on January 23, 2026, most recently active February 27, 2026.
Identifies structured post-authentication SSH activity consistent with automated environment profiling. The session performs comprehensive host enumeration including operating system and kernel queries, CPU and process inspection, network configuration and listening service discovery, credential file probing, service inventory via systemctl, connectivity validation via ping, temporary file creation and removal, and filesystem inspection to assess system capabilities and exploitation potential.
Identifies structured post-authentication SSH activity consistent with automated host qualification and capability assessment. The session performs broad system enumeration including kernel and version queries, CPU and process inspection, network configuration and listening service discovery, service inventory via systemctl, credential file probing (/etc/passwd, /etc/shadow), hostname retrieval (command and file read), root and filesystem inspection, connectivity validation via ping, temporary file creation and cleanup, and command resolution checks to evaluate system suitability for further exploitation or staging.
Identifies an SSH session performing broad system, network, identity, filesystem, and service enumeration in a single execution sequence. The behavior combines environment fingerprinting (kernel, CPU, uptime), user and credential surface inspection (/etc/passwd, /etc/shadow, history), network topology discovery (interfaces, routes, listening ports), process and service inventory, writable directory validation, and connectivity testing. This pattern reflects automated post-compromise host profiling used by botnets, cryptominers, and lateral-movement frameworks to determine system suitability and operational value.
Identifies structured post-authentication SSH activity consistent with automated host profiling. The session executes a broad enumeration sequence including system versioning, CPU details, network configuration, listening services, process snapshots, identity context, environment variables, filesystem inspection, and credential file probing to fingerprint the host and assess exploitation potential.