170.64.234.144 — DigitalOcean, LLC, AU — Very High (100%)

Check an IP Address, Domain Name, Subnet, or ASN

170.64.234.144 was found in our database!

Confidence Level

100%

Very High?

Geolocation

🇦🇺

AustraliaSydney

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenMar 3, 2026, 10:31 PM

Last seen1h ago

210Sessions

210Events

Protocol Breakdown

SSH

210 / 210

170.64.234.144 has a very high threat confidence level of 100%, originating from Sydney, Australia, on the DigitalOcean, LLC network (14061). It has been observed across 210 sessions targeting SSH, with detected attack patterns including ssh hardened host profiling and shell rc immutability bypass, First observed on March 3, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Hardened Host Profiling And Shell Rc Immutability Bypass

high53x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

Scp Quiet Remote File Upload

medium51x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

Primitives

Individual actions observed

Ssh Uname Single Flag Query Via Awk312 Scp Quiet To Mode File Transfer153 Ssh Uname S V N R M104 Ssh Nproc Available Cpu Count104 Ssh Uname Machine Architecture104 Ssh Uptime Text Parsing Pipeline104 Ssh Nvidia Smi Product Name Filter104 Ssh Lscpu Model Name Field Extraction104 Ssh Lspci Vga And 3d Controller Enumeration104 Ssh Nvidia Smi Product Name Gpu Count Query104 Unix Chattr Remove Immutable Flag Home Shell Rc53 Hardened Cpu Enumeration With Explicit Nproc Path53

Related Threats

Explore related threat intelligence

🇦🇺More threats fromAustralia ASMore threats fromDigitalOcean, LLC SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
161.35.62.119	94%	15
138.68.139.240	89%	10
198.211.106.137	92%	13
139.59.2.90	90%	10
198.211.103.133	97%	28

IP Address	Confidence	Events
209.38.25.246	99%	118
209.38.31.99	99%	190
120.151.110.46	80%	203
139.99.133.77	99%	97
130.162.195.131	96%	37