Ssh Echo Shell Environment Variable

Matches execution of echo $SHELL over an SSH session. This command reveals the user’s current default shell (e.g., /bin/bash, /bin/sh, /bin/zsh) and is typically used during post-authentication reconnaissance to fingerprint the runtime environment before executing more complex payloads. It provides low-impact environmental context and is commonly observed early in automated enumeration sequences.

Observed IPs

Avg Confidence

80%

Protocol

SSH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
167.71.115.113	100%	1,691	1,617	🇺🇸 US	AS14061	2026-03-05
106.192.118.140	99%	1,389	253	🇮🇳 IN	AS45609	2026-02-08
217.76.13.8	85%	448	448	🇦🇲 AM	AS43733	2026-02-16
106.192.126.194	99%	255	51	🇮🇳 IN	AS45609	2026-02-08
223.228.132.140	78%	251	32	🇮🇳 IN	AS45609	2026-02-07
185.20.12.97	66%	228	68	🇸🇪 SE	AS44136	2026-02-25
95.162.176.56	98%	225	35	🇮🇷 IR	AS57218	2026-02-10
106.192.141.241	99%	220	43	🇮🇳 IN	AS45609	2026-02-10
106.192.133.195	99%	209	42	🇮🇳 IN	AS45609	2026-02-11
106.192.131.120	98%	130	26	🇮🇳 IN	AS45609	2026-02-10
49.37.11.87	76%	114	114	🇮🇳 IN	AS55836	2026-02-14
45.21.30.49	72%	112	112	🇺🇸 US	AS7018	2026-02-15
223.228.143.109	99%	70	70	🇮🇳 IN	AS45609	2026-02-16
46.225.130.104	91%	69	69	🇩🇪 DE	AS24940	2026-02-14
223.228.137.2	99%	67	67	🇮🇳 IN	AS45609	2026-02-16
223.228.43.133	99%	52	52	🇮🇳 IN	AS45609	2026-02-27
106.216.247.28	98%	48	48	🇮🇳 IN	AS45609	2026-03-03
95.162.191.42	91%	46	10	🇮🇷 IR	AS57218	2026-02-09
223.228.35.140	98%	44	44	🇮🇳 IN	AS45609	2026-02-18
117.99.254.230	98%	40	40	🇮🇳 IN	AS45609	2026-02-27