Confidence Level

93%

Very High?

Geolocation

🇦🇺

AustraliaSydney

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenMar 9, 2026, 10:40 PM

Last seen1h ago

42Sessions

42Events

Protocol Breakdown

SSH

42 / 42

170.64.153.218 has a very high threat confidence level of 93%, originating from Sydney, Australia, on the DigitalOcean, LLC network (14061). It has been observed across 42 sessions targeting SSH, First observed on March 9, 2026, most recently active March 9, 2026.

Behaviors

Classified behavioral patterns observed

Scp Quiet Remote File Upload

medium18x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

Primitives

Individual actions observed

Ssh Uname Single Flag Query Via Awk69 Scp Quiet To Mode File Transfer54 Ssh Uname S V N R M23 Ssh Nproc Available Cpu Count23 Ssh Uname Machine Architecture23 Ssh Uptime Text Parsing Pipeline23 Ssh Nvidia Smi Product Name Filter23 Ssh Lscpu Model Name Field Extraction23 Ssh Lspci Vga And 3d Controller Enumeration23 Ssh Nvidia Smi Product Name Gpu Count Query23

Related Threats

Explore related threat intelligence

🇦🇺More threats fromAustralia ASMore threats fromDigitalOcean, LLC SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
143.198.176.65	60%	17
170.64.177.126	80%	118
139.59.146.174	86%	77
157.230.117.128	88%	104
46.101.178.169	85%	89

IP Address	Confidence	Events
170.64.177.126	80%	118
170.64.150.52	97%	28
170.64.226.171	100%	238
170.64.236.145	92%	19
209.38.95.63	100%	163