Ssh Ip Route Cidr Extraction Via Grep Regex

Extracts IPv4 CIDR ranges from the local routing table by piping ip r (ip route) output into a regex-based grep -Eo pattern that matches dotted-quad addresses followed by a subnet mask (e.g., 192.168.0.0/24). The -o flag ensures only the matched CIDR blocks are returned. This is indicative of automated local network discovery to enumerate internal subnets for lateral movement or environment profiling.

Observed IPs

Avg Confidence

76%

Protocol

SSH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
186.96.145.241	100%	29,153	28,007	🇲🇽 MX	AS22884	2026-04-20
187.191.2.213	100%	5,781	1,545	🇲🇽 MX	AS22884	2026-04-20
170.64.177.23	100%	941	941	🇦🇺 AU	AS14061	2026-03-15
62.171.134.145	86%	923	97	🇩🇪 DE	AS51167	2026-02-22
209.38.24.183	99%	889	889	🇦🇺 AU	AS14061	2026-03-07
209.38.89.63	81%	243	26	🇦🇺 AU	AS14061	2026-03-06
184.174.33.105	96%	101	101	🇫🇷 FR	AS51167	2026-03-19
187.191.2.214	84%	94	94	🇲🇽 MX	AS22884	2026-04-20
170.64.191.68	98%	90	78	🇦🇺 AU	AS14061	2026-03-15
170.64.185.235	97%	83	83	🇦🇺 AU	AS14061	2026-03-07
176.65.132.7	94%	74	74	🇩🇪 DE	AS51396	2026-03-04
134.199.152.99	93%	71	71	🇦🇺 AU	AS14061	2026-04-09
170.64.171.189	90%	39	39	🇦🇺 AU	AS14061	2026-04-09
173.212.216.66	95%	32	32	🇫🇷 FR	AS51167	2026-03-02
209.38.91.208	54%	12	12	🇦🇺 AU	AS14061	2026-03-20
170.64.188.24	67%	11	11	🇦🇺 AU	AS14061	2026-03-07
134.199.164.96	67%	5	5	🇦🇺 AU	AS14061	2026-03-07
209.38.25.83	57%	3	3	🇦🇺 AU	AS14061	2026-03-20
159.223.12.157	57%	3	3	🇳🇱 NL	AS14061	2026-03-23
170.64.196.178	57%	3	3	🇦🇺 AU	AS14061	2026-04-09