Confidence Level

83%

Very High?

Geolocation

🇳🇱

The NetherlandsAmsterdam

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenFeb 26, 2026, 03:15 AM

Last seen2h ago

19Sessions

19Events

Protocol Breakdown

HTTPS

12 / 12

SSH

7 / 7

167.71.9.203 has a very high threat confidence level of 83%, originating from Amsterdam, The Netherlands, on the DigitalOcean, LLC network (14061). It has been observed across 19 sessions targeting HTTPS, SSH, with detected attack patterns including ssh hardened host profiling and shell rc immutability bypass, First observed on February 26, 2026, most recently active March 11, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Hardened Host Profiling And Shell Rc Immutability Bypass

high6x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

Https Root Path Request

info1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Primitives

Individual actions observed

Unix Chattr Remove Immutable Flag Home Shell Rc6 Hardened Cpu Enumeration With Explicit Nproc Path6 Https Path Root1

Related Threats

Explore related threat intelligence

🇳🇱More threats fromThe Netherlands ASMore threats fromDigitalOcean, LLC HTTPSMore threats targetingHTTPS SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
142.93.125.163	77%	67
167.71.84.143	100%	234
167.71.96.208	100%	265
165.227.102.246	99%	97
139.59.57.66	100%	251

IP Address	Confidence	Events
178.16.54.89	91%	23,668
178.16.54.139	90%	23,420
45.153.34.226	65%	877
178.16.54.170	91%	23,068
178.16.54.247	91%	22,736