Check an IP Address, Domain Name, Subnet, or ASN

64.225.100.217 was found in our database!

$ whois 64.225.100.217

country·🇩🇪 Germany

city·Frankfurt am Main

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 64.225.100.217scoring →

confidence

98%Very High

first_seen·Mar 2, 2026

last_seen·1h ago

sessions·61

events·61

$ sikker protocols 64.225.100.217

SSH

37 / 37

HTTP

7 / 7

SIP

5 / 5

IMAP

4 / 4

SMTP

4 / 4

HTTPS

2 / 2

FTP

1 / 1

SMB

1 / 1

$ sikker summary 64.225.100.217

64.225.100.217 has a threat confidence score of 98%. This IP address from Germany (AS14061, DigitalOcean, LLC) has been observed in 61 honeypot sessions targeting SSH, HTTP, SIP, IMAP, SMTP and 3 other protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass. First observed on March 2, 2026, most recently active March 29, 2026.

$ sikker behaviors 64.225.100.217catalog →

highSsh Hardened Host Profiling And Shell Rc Immutability Bypass35x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 64.225.100.217

unix_chattr_remove_immutable_flag_home_shell_rc35 hardened_cpu_enumeration_with_explicit_nproc_path35 http_method_get1 https_path_root1

$ sikker related 64.225.100.217

🇩🇪·More threats fromGermany→AS·More threats fromDigitalOcean, LLC→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→SIP·More threats targetingSIP→IMAP·More threats targetingIMAP→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
209.38.250.231	98%	5,131
165.22.252.236	67%	35
165.227.197.65	94%	196
157.230.7.142	75%	50
128.199.82.37	100%	290

IP Address	Confidence	Events
157.90.98.118	74%	163
217.160.200.43	98%	9,587
87.106.147.36	99%	268,354
146.0.42.48	87%	63,920
152.53.135.48	97%	3,613