Confidence Level

98%

Very High?

Geolocation

🇬🇧

United KingdomSlough

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenFeb 17, 2026, 01:57 AM

Last seen1h ago

107Sessions

111Events

Protocol Breakdown

SSH

105 / 109

HTTP

2 / 2

139.59.173.250 has a very high threat confidence level of 98%, originating from Slough, United Kingdom, on the DigitalOcean, LLC network (14061). It has been observed across 107 sessions targeting SSH, HTTP, with detected attack patterns including ssh hardened host profiling and shell rc immutability bypass, First observed on February 17, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Hardened Host Profiling And Shell Rc Immutability Bypass

high102x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

Http Root Path Request

info2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Primitives

Individual actions observed

Unix Chattr Remove Immutable Flag Home Shell Rc102 Hardened Cpu Enumeration With Explicit Nproc Path102 Http Method Get2

Related Threats

Explore related threat intelligence

🇬🇧More threats fromUnited Kingdom ASMore threats fromDigitalOcean, LLC SSHMore threats targetingSSH HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
188.166.218.64	100%	709
159.89.224.117	100%	31
146.190.23.157	95%	56
142.93.40.46	97%	27
143.198.176.235	78%	51

IP Address	Confidence	Events
142.93.40.46	97%	27
78.153.140.251	99%	704
2a06:4883:9000::a1	64%	123
165.232.43.198	67%	157
193.104.222.139	98%	1,343