Confidence Level

92%

Very High?

Geolocation

🇺🇸

United StatesSanta Clara

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenMar 10, 2026, 03:55 PM

Last seen1h ago

39Sessions

39Events

Protocol Breakdown

SSH

39 / 39

165.232.139.96 has a very high threat confidence level of 92%, originating from Santa Clara, United States, on the DigitalOcean, LLC network (14061). It has been observed across 39 sessions targeting SSH, First observed on March 10, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Scp Quiet Remote File Upload

medium15x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

Primitives

Individual actions observed

Ssh Uname Single Flag Query Via Awk69 Scp Quiet To Mode File Transfer45 Ssh Uname S V N R M23 Ssh Nproc Available Cpu Count23 Ssh Uname Machine Architecture23 Ssh Uptime Text Parsing Pipeline23 Ssh Nvidia Smi Product Name Filter23 Ssh Lscpu Model Name Field Extraction23 Ssh Lspci Vga And 3d Controller Enumeration23 Ssh Nvidia Smi Product Name Gpu Count Query23

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromDigitalOcean, LLC SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
206.189.190.215	42%	5
178.128.219.84	99%	75
142.93.40.46	87%	10
152.42.162.155	69%	19
162.243.236.66	86%	9

IP Address	Confidence	Events
130.12.180.57	91%	17,722
173.245.76.90	98%	95,996
91.92.243.197	91%	17,120
130.12.180.92	91%	16,715
66.228.34.203	73%	759