Check an IP Address, Domain Name, Subnet, or ASN

170.64.230.187 was found in our database!

$ whois 170.64.230.187

country·🇦🇺 Australia

city·Sydney

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 170.64.230.187scoring →

confidence

100%Very High

first_seen·Feb 23, 2026

last_seen·1h ago

sessions·186

events·186

$ sikker protocols 170.64.230.187

SSH

129 / 129

HTTP

57 / 57

$ sikker summary 170.64.230.187

170.64.230.187 has a threat confidence score of 100%. This IP address from Australia (AS14061, DigitalOcean, LLC) has been observed in 186 honeypot sessions targeting SSH, HTTP protocols. Detected attack patterns include ssh host fingerprint and shell rc immutable removal, ssh hardened host profiling and shell rc immutability bypass. First observed on February 23, 2026, most recently active April 23, 2026.

$ sikker behaviors 170.64.230.187catalog →

very_highSsh Host Fingerprint And Shell Rc Immutable Removal68x

Execution of a multi-command host fingerprinting script that collects kernel details, architecture, uptime, CPU count and model, GPU information, login history, and binary help characteristics, combined with chattr -i $HOME/.bashrc $HOME/.zshrc 2>/dev/null || true to remove the immutable attribute from user shell initialization files in the current user’s home directory.

highSsh Hardened Host Profiling And Shell Rc Immutability Bypass59x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

infoHttp Http Method Get53x

HTTP request using GET method.

infoHttp Root Path Request53x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 170.64.230.187

unix_chattr_remove_immutable_flag_home_shell_rc127 ssh_compute_and_environment_fingerprint_script68 http_method_get60 hardened_cpu_enumeration_with_explicit_nproc_path59 http_git_head_file_access3

$ sikker related 170.64.230.187

🇦🇺·More threats fromAustralia→AS·More threats fromDigitalOcean, LLC→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
143.244.143.145	78%	28
45.55.69.101	52%	12
104.236.40.6	77%	24
165.232.180.241	55%	12
168.144.109.164	82%	46

IP Address	Confidence	Events
170.64.173.237	81%	37
209.38.25.237	83%	52
82.115.24.203	96%	6
209.38.22.4	82%	45
210.0.90.82	50%	556