209.38.22.12 — DigitalOcean, LLC, AU — Very High (97%)

Check an IP Address, Domain Name, Subnet, or ASN

209.38.22.12 was found in our database!

Confidence Level

97%

Very High?

Geolocation

🇦🇺

AustraliaSydney

ISPDigitalOcean, LLC

ASNAS14061

Activity Timeline

First seenFeb 25, 2026, 04:11 AM

Last seen6d ago

First reportedFeb 27, 2026, 02:26 PM

Last reported6d ago

387Sessions

415Events

1Reports

Protocol Breakdown

SSH

380 / 408

HTTP

7 / 7

209.38.22.12 has a very high threat confidence level of 97%, originating from Sydney, Australia, on the DigitalOcean, LLC network (14061). It has been observed across 387 sessions targeting SSH, HTTP, with detected attack patterns including ssh hardened host profiling and shell rc immutability bypass, First observed on February 25, 2026, most recently active February 26, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Hardened Host Profiling And Shell Rc Immutability Bypass

high3x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

Http Root Path Request

info6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Primitives

Individual actions observed

Http Method Get8 Unix Chattr Remove Immutable Flag Home Shell Rc3 Hardened Cpu Enumeration With Explicit Nproc Path3 Http Git Head File Access1

User Reports

1 report from 1 contributor

Date	Category	Protocol	Comment
Feb 27, 2026	Brute Force	SSH	SikkerGuard: 2 blocked packets

Related Threats

Explore related threat intelligence

🇦🇺More threats fromAustralia ASMore threats fromDigitalOcean, LLC SSHMore threats targetingSSH HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
188.166.3.131	99%	57
146.190.173.112	96%	25
170.64.148.73	99%	125
138.197.156.41	99%	57
134.199.200.246	97%	26

IP Address	Confidence	Events
170.64.148.73	99%	127
134.199.150.213	99%	85
170.64.205.19	88%	15
115.129.77.206	100%	1,196
16.176.125.201	65%	887