Check an IP Address, Domain Name, Subnet, or ASN

176.65.139.103 was found in our database!

$ whois 176.65.139.103

country·🇩🇪 Germany

isp·Pfcloud UG (haftungsbeschrankt)

asn·AS51396

network·Standard

$ sikker risk 176.65.139.103scoring →

confidence

100%Very High

first_seen·Mar 31, 2026

last_seen·3h ago

first_reported·Apr 3, 2026

last_reported·14d ago

sessions·4,845

events·4,845

reports·1

$ sikker protocols 176.65.139.103

SSH

4,845 / 4,845 / 1r

$ sikker summary 176.65.139.103

176.65.139.103 has a threat confidence score of 100%. This IP address from Germany (AS51396, Pfcloud UG (haftungsbeschrankt)) has been observed in 4,845 honeypot sessions and reported 1 times targeting SSH protocols. First observed on March 31, 2026, most recently active April 17, 2026.

$ sikker behaviors 176.65.139.103catalog →

mediumScp Quiet Remote File Upload1207x

Identifies the use of SCP in quiet mode (-q) with “to” mode (-t), indicating the remote system is receiving a file. This pattern is commonly associated with post-authentication payload delivery, lateral movement staging, or tool transfer to a compromised host.

lowSsh Uname Full System Fingerprint1x

Identifies SSH sessions where the actor executes uname -s -v -n -r -m to retrieve detailed kernel, hostname, architecture, and OS version information for environment profiling and post-access decision making.

$ sikker primitives 176.65.139.103

ssh_uname_single_flag_query_via_awk6138 scp_quiet_to_mode_file_transfer3624 ssh_uname_s_v_n_r_m3531 ssh_nproc_available_cpu_count2047 ssh_uptime_text_parsing_pipeline2047 ssh_lspci_vga_and_3d_controller_enumeration2047 ssh_nvidia_smi_product_name_filter2046 ssh_lscpu_model_name_field_extraction2046 ssh_nvidia_smi_product_name_gpu_count_query2046 ssh_uname_machine_architecture1193

$ sikker reports 176.65.139.103submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	Apr 3, 2026, 13:34	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 176.65.139.103

🇩🇪·More threats fromGermany→AS·More threats fromPfcloud UG (haftungsbeschrankt)→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
176.65.149.253	98%	1,858
176.65.148.51	83%	349
45.156.87.7	100%	3,641
192.109.200.219	65%	1,204
176.65.132.39	100%	5,702

IP Address	Confidence	Events
146.0.42.48	86%	73,149
172.86.67.130	96%	481
216.24.213.226	88%	10,720
87.98.242.75	97%	26,244
85.215.253.149	66%	603