Loading threats
Comprehensive post-access host reconnaissance over SSH focused on system fingerprinting and GPU capability validation. The activity enumerates OS and kernel details, CPU model and core count, uptime, interactive users, routing information, and performs conditional GPU detection via lspci or nvidia-smi. It also validates binary availability (e.g., kill) and performs external IP organization lookups. This pattern is consistent with operators assessing compute capacity (including GPU suitability), system stability, and execution environment before payload deployment such as cryptomining, AI workload abuse, or resource-intensive tooling.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 187.191.2.213 | 100% | 5,276 | 1,040 | 🇲🇽 MX | AS22884 | 2026-03-17 |
| 176.65.132.7 | 97% | 74 | 74 | 🇩🇪 DE | AS51396 | 2026-03-04 |
| 173.212.216.66 | 95% | 32 | 32 | 🇫🇷 FR | AS51167 | 2026-03-02 |
| 209.38.18.110 | 79% | 7 | 7 | 🇦🇺 AU | AS14061 | 2026-02-17 |