Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
216.180.127.201 has a threat confidence score of 100%. This IP address from United States (AS152586, Kuroit) has been observed in 2,392 honeypot sessions and reported 1 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established. First observed on March 3, 2026, most recently active April 15, 2026.
Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.
Execution of uname -a to retrieve full kernel and host identification details (kernel name, release, version, hostname, architecture, and OS) as a single lightweight system fingerprinting action.
| Reporter | Date | Category | Protocol | Comment |
|---|---|---|---|---|
| User | Mar 23, 2026, 20:40 | Brute Force | SSH | Fail2Ban Report - Bruteforce attempt |