Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
38.114.121.110 has a threat confidence score of 100%. This IP address from United States (AS63023, GTHost) has been observed in 478 honeypot sessions and reported 3 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established. First observed on February 18, 2026, most recently active April 12, 2026.
Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.
Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.
| Reporter | Date | Category | Protocol | Comment |
|---|---|---|---|---|
| Anonymous | Apr 8, 2026, 22:01 | Brute Force | SSH | — |
| Anonymous | Mar 29, 2026, 20:48 | Brute Force | SSH | — |
| Anonymous | Mar 26, 2026, 09:34 | Brute Force | SSH | SikkerGuard: 8 blocked packets |