Loading threats
Identifies an SSH session where the attacker extracts the CPU model name from /proc/cpuinfo using grep 'model name', then normalizes the output via cut, sed, and xargs, suppressing errors with 2>/dev/null and falling back to echo unknown if parsing fails. This structured command chain is characteristic of automated post-compromise host profiling used to fingerprint processor type and optimize payload selection.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 40.65.61.32 | 84% | 2,219 | 59 | 🇺🇸 US | AS8075 | 2026-02-21 |
| 20.102.47.195 | 100% | 2,136 | 2,136 | 🇺🇸 US | AS8075 | 2026-03-15 |
| 172.184.213.176 | 100% | 1,685 | 1,311 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 13.83.216.100 | 100% | 1,251 | 1,251 | 🇺🇸 US | AS8075 | 2026-02-28 |
| 172.215.209.243 | 100% | 1,086 | 850 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 172.172.119.97 | 100% | 1,063 | 801 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 172.174.165.226 | 100% | 728 | 696 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 172.183.94.164 | 99% | 621 | 621 | 🇺🇸 US | AS8075 | 2026-02-18 |
| 172.183.91.33 | 100% | 498 | 399 | 🇺🇸 US | AS8075 | 2026-03-07 |
| 52.225.29.7 | 100% | 474 | 474 | 🇺🇸 US | AS8075 | 2026-03-20 |
| 52.238.26.243 | 99% | 442 | 356 | 🇺🇸 US | AS8075 | 2026-02-27 |
| 20.109.38.225 | 100% | 442 | 82 | 🇺🇸 US | AS8075 | 2026-03-21 |
| 20.169.76.179 | 100% | 422 | 422 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 52.238.26.242 | 100% | 417 | 417 | 🇺🇸 US | AS8075 | 2026-03-15 |
| 52.159.229.3 | 100% | 378 | 371 | 🇺🇸 US | AS8075 | 2026-03-20 |
| 64.236.201.57 | 100% | 339 | 299 | 🇺🇸 US | AS8075 | 2026-03-15 |
| 172.214.45.193 | 100% | 327 | 235 | 🇺🇸 US | AS8075 | 2026-03-21 |
| 20.161.58.227 | 100% | 325 | 325 | 🇺🇸 US | AS8075 | 2026-02-28 |
| 135.232.201.51 | 100% | 301 | 301 | 🇺🇸 US | AS8075 | 2026-03-20 |
| 172.172.87.201 | 100% | 298 | 298 | 🇺🇸 US | AS8075 | 2026-03-20 |