Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
170.64.174.42 has a threat confidence score of 100%. This IP address from Australia (AS14061, DigitalOcean, LLC) has been observed in 524 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh host fingerprint and shell rc immutable removal, ssh hardened host profiling and shell rc immutability bypass. First observed on February 20, 2026, most recently active March 12, 2026.
Execution of a multi-command host fingerprinting script that collects kernel details, architecture, uptime, CPU count and model, GPU information, login history, and binary help characteristics, combined with chattr -i $HOME/.bashrc $HOME/.zshrc 2>/dev/null || true to remove the immutable attribute from user shell initialization files in the current user’s home directory.
Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.