Check an IP Address, Domain Name, Subnet, or ASN

190.179.159.163 was found in our database!

$ whois 190.179.159.163

country·🇦🇷 Argentina

city·Cipolletti

isp·Telefonica de Argentina

asn·AS22927

network·Standard

$ sikker risk 190.179.159.163scoring →

confidence

99%Very High

first_seen·Feb 23, 2026

last_seen·21d ago

sessions·88

events·88

$ sikker protocols 190.179.159.163

SSH

88 / 88

$ sikker summary 190.179.159.163

190.179.159.163 has a threat confidence score of 99%. This IP address from Argentina (AS22927, Telefonica de Argentina) has been observed in 88 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh interactive environment profiling with access consolidation. First observed on February 23, 2026, most recently active February 27, 2026.

$ sikker behaviors 190.179.159.163catalog →

very_highSsh Authorized Keys Persistence Established17x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Interactive Environment Profiling With Access Consolidation1x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

$ sikker primitives 190.179.159.163

ssh_authorized_keys_replacement_home18 unix_home_ssh_directory_attribute_modification_attempt18 ssh_uname_all1 ssh_whoami_user_identity1 ssh_uname_basic_invocation1 ssh_lscpu_model_field_filter1 ssh_cpuinfo_name_count_via_wc1 ssh_crontab_list_current_user1 ssh_uname_machine_architecture1 ssh_cpuinfo_model_name_line_count1 ssh_w_logged_in_users_enumeration1 ssh_free_mem_multi_field_extraction_mb1 ssh_df_head_second_line_field_extraction1 ssh_cpuinfo_model_field_subset_extraction1 ssh_chpasswd_password_update_via_echo_pipe1 ssh_top_interactive_process_monitor_invocation1 ssh_ls_binary_path_resolution_and_metadata_listing1 ssh_script_cleanup_process_kill_and_hosts_deny_clear1

$ sikker related 190.179.159.163

🇦🇷·More threats fromArgentina→AS·More threats fromTelefonica de Argentina→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
190.178.28.224	35%	3
186.57.137.136	72%	4
181.24.64.63	39%	4
179.36.56.47	39%	4
186.57.109.154	56%	23

IP Address	Confidence	Events
200.32.59.112	57%	1,137
161.22.7.129	35%	3
190.111.203.33	100%	440
200.69.236.207	100%	938
190.103.16.46	21%	44