Loading threats
Comprehensive post-authentication SSH reconnaissance behavior where an actor performs broad system, network, and environment enumeration in a single session. This includes kernel and OS fingerprinting, CPU and memory inspection, network interface and routing discovery, open port enumeration, process listing, credential file probing, service enumeration, and temporary file write/delete testing. The pattern indicates automated host profiling for capability assessment and potential lateral movement preparation.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 46.225.223.32 | 100% | 936 | 936 | 🇩🇪 DE | AS24940 | 2026-02-25 |
| 178.156.254.210 | 100% | 612 | 612 | 🇺🇸 US | AS213230 | 2026-03-16 |
| 46.225.87.94 | 98% | 179 | 179 | 🇩🇪 DE | AS24940 | 2026-02-26 |
| 91.99.52.134 | 97% | 128 | 112 | 🇩🇪 DE | AS24940 | 2026-02-17 |
| 144.91.72.148 | 98% | 92 | 92 | 🇫🇷 FR | AS51167 | 2026-02-28 |
| 142.132.188.104 | 94% | 42 | 42 | 🇩🇪 DE | AS24940 |
| 2026-03-19 |
| 89.167.50.55 | 83% | 6 | 6 | 🇩🇪 DE | AS24940 | 2026-02-17 |