Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
134.199.151.181 has a very high threat confidence level of 100%, originating from Sydney, Australia, on the DigitalOcean, LLC network (14061). It has been observed across 1,140 sessions targeting SSH, with detected attack patterns including pci and nvidia gpu identification with host metadata, ssh hardened host profiling and shell rc immutability bypass, First observed on February 25, 2026, most recently active March 2, 2026.
Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for system uptime, lspci queries to extract and count VGA-class PCI devices, and nvidia-smi -q filtering for product name to identify NVIDIA GPU models. This pattern reflects layered GPU identification using both PCI enumeration and NVIDIA driver-level queries, combined with basic host system metadata collection.
Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.
Execution of uname -s -v -n -r -m to collect kernel and architecture details, uptime -p for human-readable system uptime, and lspci queries to extract VGA-class PCI device descriptions and count the number of VGA devices. This pattern reflects PCI-level GPU identification combined with basic host system metadata collection.
Execution of uname -s -v -n -r -m to retrieve kernel and architecture details, uptime -p for human-readable system uptime, and lspci | grep VGA | cut -f5- -d ' ' to extract VGA-class PCI device information. This pattern reflects lightweight host profiling combined with basic GPU identification.