Check an IP Address, Domain Name, Subnet, or ASN

134.199.166.116 was found in our database!

$ whois 134.199.166.116

country·🇦🇺 Australia

city·Sydney

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 134.199.166.116scoring →

confidence

95%Very High

first_seen·Mar 8, 2026

last_seen·1h ago

sessions·54

events·62

$ sikker protocols 134.199.166.116

HTTP

32 / 32

SSH

20 / 28

HTTPS

2 / 2

$ sikker summary 134.199.166.116

134.199.166.116 has a threat confidence score of 95%. This IP address from Australia (AS14061, DigitalOcean, LLC) has been observed in 54 honeypot sessions targeting HTTP, SSH, HTTPS protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass. First observed on March 8, 2026, most recently active April 15, 2026.

$ sikker behaviors 134.199.166.116catalog →

highSsh Hardened Host Profiling And Shell Rc Immutability Bypass13x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

infoHttp Http Method Get13x

HTTP request using GET method.

infoHttp Root Path Request13x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 134.199.166.116

unix_chattr_remove_immutable_flag_home_shell_rc15 hardened_cpu_enumeration_with_explicit_nproc_path15 http_method_get13 https_path_root2 ssh_scp_target_mode_tmp_directory2 ssh_echo_home_environment_variable2 ssh_scp_target_mode_dev_shm_directory2 ssh_scp_target_mode_var_tmp_directory2

$ sikker related 134.199.166.116

🇦🇺·More threats fromAustralia→AS·More threats fromDigitalOcean, LLC→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.227.145.246	100%	581
142.93.145.126	94%	1,408
159.223.169.93	99%	1,099
104.248.48.89	99%	1,071
64.227.3.53	72%	222

IP Address	Confidence	Events
40.82.214.8	100%	904
210.0.90.82	50%	522
170.64.167.72	75%	1,224
210.0.90.81	50%	481
170.64.134.120	53%	69