Ssh Post Auth System Census With Credential Probe

Automated SSH session performing a structured full-system census following successful authentication. The activity enumerates kernel, hardware, memory, environment variables, network topology, listening services, running processes, mounted filesystems, and root directories while probing /etc/passwd and /etc/shadow, validating command availability, and performing temporary file write/delete tests. The pattern indicates scripted post-compromise host inventory and credential surface validation prior to persistence or payload deployment.

Observed IPs

Avg Confidence

97%

Severity

high

Top IPs by event countSSH

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
103.179.119.185	100%	88,813	3,425	🇮🇳 IN	AS151106	2026-02-06
43.228.157.22	100%	47,647	1,258	🇵🇰 PK	AS205759	2026-02-10
207.46.224.87	100%	33,679	970	🇸🇬 SG	AS8075	2026-02-22
125.212.248.44	100%	29,679	808	🇻🇳 VN	AS7552	2026-02-22
103.91.248.29	100%	25,641	676	🇮🇳 IN	AS151106	2026-02-11
103.192.199.143	100%	22,493	841	🇮🇳 IN	AS59187	2026-02-07
60.204.251.28	100%	8,403	595	🇨🇳 CN	AS55990	2026-02-09
103.61.122.229	100%	7,842	6,034	🇻🇳 VN	AS135905	2026-03-02
103.99.37.82	100%	5,482	210	🇮🇳 IN	AS151734	2026-02-02
23.97.62.138	100%	4,561	129	🇸🇬 SG	AS8075	2026-02-03
207.46.224.88	100%	3,767	157	🇸🇬 SG	AS8075	2026-02-05
207.46.224.81	100%	2,888	76	🇸🇬 SG	AS8075	2026-02-05
23.97.62.113	100%	2,804	88	🇸🇬 SG	AS8075	2026-02-07
207.46.224.85	98%	2,696	261	🇸🇬 SG	AS8075	2026-02-19
207.46.224.84	99%	2,444	70	🇸🇬 SG	AS8075	2026-02-04
157.66.191.140	99%	2,168	58	🇮🇳 IN	AS152510	2026-02-11
89.167.30.188	100%	1,852	1,662	🇫🇮 FI	AS24940	2026-02-16
23.97.62.151	100%	1,836	54	🇸🇬 SG	AS8075	2026-02-02
23.97.62.146	98%	1,350	40	🇸🇬 SG	AS8075	2026-02-04
194.60.210.23	95%	1,324	1,312	🇮🇷 IR	AS200370	2026-02-19