Loading threats
Identifies structured post-authentication SSH activity consistent with automated environment profiling. The session performs comprehensive host enumeration including operating system and kernel queries, CPU and process inspection, network configuration and listening service discovery, credential file probing, service inventory via systemctl, connectivity validation via ping, temporary file creation and removal, and filesystem inspection to assess system capabilities and exploitation potential.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 158.160.185.180 | 100% | 99,732 | 2,850 | 🇷🇺 RU | AS200350 | 2026-02-06 |
| 103.53.231.159 | 100% | 33,878 | 3,548 | 🇻🇳 VN | AS131427 | 2026-02-27 |
| 115.73.218.193 | 100% | 20,054 | 573 | 🇻🇳 VN | AS7552 | 2026-02-06 |
| 212.41.9.111 | 100% | 9,800 | 280 | 🇷🇺 RU | AS49505 | 2026-02-04 |
| 45.146.165.45 | 99% | 6,207 | 190 | 🇷🇺 RU | AS198610 | 2026-02-20 |
| 178.140.220.34 | 98% | 2,309 | 66 | 🇷🇺 RU | AS42610 | 2026-02-06 |
| 103.252.93.81 | 96% | 1,653 | 67 | 🇻🇳 VN | AS135918 | 2026-02-10 |
| 95.163.236.136 | 86% | 245 | 7 | 🇷🇺 RU | AS197695 | 2026-02-05 |