Ssh Uname Kernel And Architecture Discovery

Identifies SSH session activity where the attacker executes uname -s -m to retrieve the operating system name and machine architecture for host fingerprinting and payload targeting.

Observed IPs

1,212

Avg Confidence

62%

Severity

medium

Top IPs by event countSSH

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
37.111.53.110	93%	12,993	12,935	🇲🇲 MM	AS133385	2026-03-03
154.221.23.136	85%	3,744	3,714	🇭🇰 HK	AS142403	2026-02-22
159.65.119.52	100%	1,605	217	🇩🇪 DE	AS14061	2026-03-03
183.66.165.134	94%	1,440	683	🇨🇳 CN	AS4134	2026-03-02
104.248.80.163	81%	1,241	312	🇳🇱 NL	AS14061	2026-02-04
14.103.123.232	100%	1,062	538	🇨🇳 CN	AS4811	2026-03-03
218.87.194.83	93%	1,044	602	🇨🇳 CN	AS4134	2026-03-02
14.103.114.227	100%	991	456	🇨🇳 CN	AS4811	2026-03-03
106.12.6.79	100%	933	367	🇨🇳 CN	AS38365	2026-03-03
106.12.173.59	100%	770	379	🇨🇳 CN	AS38365	2026-03-02
221.228.10.226	93%	688	539	🇨🇳 CN	AS4134	2026-03-03
106.75.162.193	80%	576	313	🇨🇳 CN	AS58466	2026-03-02
173.212.216.158	99%	565	23	🇫🇷 FR	AS51167	2026-02-06
120.224.42.110	91%	491	285	🇨🇳 CN	AS24444	2026-03-02
111.35.7.46	86%	429	242	🇨🇳 CN	AS24444	2026-03-02
14.103.117.97	100%	420	278	🇨🇳 CN	AS4811	2026-03-03
45.61.184.133	95%	415	226	🇺🇸 US	AS53667	2026-03-02
116.129.253.200	81%	388	185	🇨🇳 CN	AS4837	2026-02-09
14.103.116.173	100%	375	244	🇨🇳 CN	AS4811	2026-03-02
104.131.37.35	92%	370	275	🇺🇸 US	AS14061	2026-03-03

Loading threats