Check an IP Address, Domain Name, Subnet, or ASN
5.216.80.46 has a threat confidence score of 91%. This IP address from Iran (AS197207, Mobile Communication Company of Iran PLC) has been observed in 13 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh shell history tampering via environment reload. First observed on February 18, 2026, most recently active February 18, 2026.
Identifies an SSH session where the actor manipulates shell environment variables (such as HISTFILE, HISTSIZE, HISTCONTROL, or related variables) and reloads or reinitializes shell history in order to suppress, overwrite, or control command logging. The combination of explicitly setting environment variables and triggering a history reload indicates deliberate command history tampering rather than normal shell usage.