Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
170.64.169.201 has a threat confidence score of 99%. This IP address from Australia (AS14061, DigitalOcean, LLC) has been observed in 59 honeypot sessions and reported 1 times targeting SSH protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass. First observed on March 9, 2026, most recently active March 12, 2026.
Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.
Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.
| Date | Category | Protocol | Comment |
|---|---|---|---|
| Mar 12, 2026 | Brute Force | SSH | SikkerGuard: 2 blocked packets |