Check an IP Address, Domain Name, Subnet, or ASN

167.71.33.239 was found in our database!

$ whois 167.71.33.239

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 167.71.33.239scoring →

confidence

100%Very High

first_seen·Feb 24, 2026

last_seen·1h ago

sessions·320

events·320

$ sikker protocols 167.71.33.239

SSH

299 / 299

SMB

14 / 14

FTP

5 / 5

SMTP

2 / 2

$ sikker summary 167.71.33.239

167.71.33.239 has a threat confidence score of 100%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 320 honeypot sessions targeting SSH, SMB, FTP, SMTP protocols. Detected attack patterns include dual source gpu validation with host context. First observed on February 24, 2026, most recently active April 6, 2026.

$ sikker behaviors 167.71.33.239catalog →

highDual Source Gpu Validation With Host Context153x

Combined execution of lspci (VGA and 3D controller extraction and device count) and nvidia-smi -q (product name extraction and non-empty count validation), together with kernel/architecture (uname -s -v -n -r -m) and uptime collection. This pattern reflects cross-validation of GPU presence using both PCI-level and NVIDIA driver-level queries, enriched with host system context.

mediumSsh Host Kernel Uptime And Vga Profile94x

Execution of uname -s -v -n -r -m to retrieve kernel and architecture details, uptime -p for human-readable system uptime, and lspci | grep VGA | cut -f5- -d ' ' to extract VGA-class PCI device information. This pattern reflects lightweight host profiling combined with basic GPU identification.

mediumSsh Host Kernel Uptime And Vga Device Count17x

Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for human-readable system uptime, and lspci queries to extract VGA-class PCI device descriptions and count the number of VGA devices. This pattern reflects PCI-level GPU identification combined with basic host system metadata collection.

mediumSsh Pci And Nvidia Gpu Count Cross Validation3x

Identifies SSH sessions where the actor performs structured hardware reconnaissance including CPU core enumeration, GPU detection via nvidia-smi, VGA/3D controller inspection via lspci, system uptime queries, and kernel/architecture fingerprinting to assess computational capabilities of the compromised host.

$ sikker primitives 167.71.33.239

unix_uname_s_v_n_r_m_flags286 ssh_uptime_pretty_format_query283 unix_lspci_vga_field_extraction270 ssh_lspci_vga_count176 ssh_nvidia_smi_product_name_extraction159 ssh_lspci_3d_controller_field_extraction159 ssh_nvidia_smi_product_name_count156 ssh_nproc_all_cpu_count_query3 ftp_help_request1

$ sikker related 167.71.33.239

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→SSH·More threats targetingSSH→SMB·More threats targetingSMB→FTP·More threats targetingFTP→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
159.223.184.140	94%	43
161.35.119.70	98%	340
178.128.146.59	76%	194
161.35.175.50	67%	32
134.122.4.65	42%	5

IP Address	Confidence	Events
84.200.73.111	78%	197
139.19.117.197	52%	1,009
158.173.154.36	83%	5,625
176.65.132.93	100%	7,410
193.142.146.230	100%	37,959