Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
217.216.111.68 has a threat confidence score of 93%. This IP address from Germany (AS141995, Contabo Asia Private Limited) has been observed in 13 honeypot sessions and reported 1 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established. First observed on February 26, 2026, most recently active March 25, 2026.
Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.
Identifies SSH session activity where the attacker executes uname -s -m to retrieve the operating system name and machine architecture for host fingerprinting and payload targeting.
| Reporter | Date | Category | Protocol | Comment |
|---|---|---|---|---|
| User | Mar 25, 2026, 19:38 | Brute Force | SSH | Fail2Ban Report - Bruteforce attempt |