Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
159.223.188.186 has a threat confidence score of 96%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 42 honeypot sessions targeting SSH, HTTPS protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass. First observed on March 10, 2026, most recently active April 7, 2026.
Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.
Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration