Loading threats
Matches execution of echo $SHELL over an SSH session. This command reveals the user’s current default shell (e.g., /bin/bash, /bin/sh, /bin/zsh) and is typically used during post-authentication reconnaissance to fingerprint the runtime environment before executing more complex payloads. It provides low-impact environmental context and is commonly observed early in automated enumeration sequences.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 23.97.62.113 | 100% | 3,071 | 355 | 🇸🇬 SG | AS8075 | 2026-04-14 |
| 206.189.82.6 | 98% | 279 | 279 | 🇸🇬 SG | AS14061 | 2026-03-15 |
| 185.20.12.97 | 70% | 228 | 68 | 🇸🇪 SE | AS44136 | 2026-02-25 |
| 109.122.200.74 | 99% | 172 | 172 | 🇸🇪 SE | AS8849 | 2026-04-09 |
| 103.253.27.211 | 98% | 87 | 87 | 🇸🇬 SG | AS133210 | 2026-04-14 |
| 213.167.209.125 | 99% | 63 | 63 | 🇷🇺 RU | AS12389 | 2026-04-08 |
| 223.228.43.133 | 99% | 52 | 52 | 🇮🇳 IN | AS45609 | 2026-02-27 |
| 106.216.247.28 | 98% | 48 | 48 | 🇮🇳 IN | AS45609 | 2026-03-03 |
| 223.228.35.140 | 98% | 44 | 44 | 🇮🇳 IN | AS45609 | 2026-02-18 |
| 117.99.254.230 | 98% | 40 | 40 | 🇮🇳 IN | AS45609 | 2026-02-27 |
| 95.90.238.122 | 94% | 34 | 34 | 🇩🇪 DE | AS3209 | 2026-02-18 |
| 5.77.193.132 | 91% | 32 | 32 | 🇦🇲 AM | AS44395 | 2026-02-26 |
| 106.192.135.153 | 97% | 25 | 25 | 🇮🇳 IN | AS45609 | 2026-02-18 |
| 37.215.43.216 | 93% | 24 | 24 | 🇧🇾 BY | AS6697 | 2026-04-08 |
| 45.135.194.48 | 60% | 24 | 24 | 🇩🇪 DE | AS51396 | 2026-04-08 |
| 113.203.71.126 | 86% | 24 | 24 | 🇮🇷 IR | AS197207 | 2026-02-20 |
| 45.157.233.15 | 93% | 23 | 23 | 🇩🇪 DE | AS58212 | 2026-02-20 |
| 113.30.148.216 | 95% | 22 | 22 | 🇪🇸 ES | AS36007 | 2026-04-20 |
| 185.254.99.219 | 93% | 22 | 22 | 🇩🇪 DE | AS58212 | 2026-02-20 |
| 94.143.231.253 | 93% | 21 | 21 | 🇩🇪 DE | AS58212 | 2026-02-20 |