Loading threats
Identifies an SSH session where the attacker executes uname -m to retrieve the system’s machine architecture, suppressing errors via 2>/dev/null and falling back to echo unknown if the command fails. This pattern is commonly used in automated post-compromise reconnaissance to determine CPU architecture (e.g., x86, x86_64, arm, mips) for selecting an appropriate malware payload binary.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 23.97.62.113 | 100% | 3,071 | 355 | 🇸🇬 SG | AS8075 | 2026-04-14 |
| 207.46.224.85 | 99% | 2,780 | 345 | 🇸🇬 SG | AS8075 | 2026-04-10 |
| 40.65.61.32 | 84% | 2,219 | 59 | 🇺🇸 US | AS8075 | 2026-02-21 |
| 20.102.47.195 | 100% | 2,136 | 2,136 | 🇺🇸 US | AS8075 | 2026-03-15 |
| 172.184.213.176 | 100% | 1,685 | 1,311 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 13.83.216.100 | 100% | 1,251 | 1,251 | 🇺🇸 US | AS8075 | 2026-02-28 |
| 172.215.209.243 | 100% | 1,086 | 850 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 172.172.119.97 | 100% | 1,063 | 801 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 23.97.62.148 | 100% | 1,040 | 383 | 🇸🇬 SG | AS8075 | 2026-04-26 |
| 23.97.62.115 | 91% | 731 | 330 | 🇸🇬 SG | AS8075 | 2026-04-09 |
| 172.174.165.226 | 100% | 728 | 696 | 🇺🇸 US | AS8075 | 2026-02-19 |
| 172.183.94.164 | 99% | 621 | 621 | 🇺🇸 US | AS8075 | 2026-02-18 |
| 207.46.224.80 | 92% | 585 | 583 | 🇸🇬 SG | AS8075 | 2026-04-05 |
| 23.97.62.152 | 100% | 560 | 560 | 🇸🇬 SG | AS8075 | 2026-03-27 |
| 20.168.115.114 | 100% | 525 | 488 | 🇺🇸 US | AS8075 | 2026-04-09 |
| 172.183.91.33 | 100% | 498 | 399 | 🇺🇸 US | AS8075 | 2026-03-07 |
| 52.225.29.7 | 100% | 474 | 474 | 🇺🇸 US | AS8075 | 2026-03-20 |
| 20.109.38.225 | 100% | 471 | 111 | 🇺🇸 US | AS8075 | 2026-03-21 |
| 52.238.26.243 | 99% | 442 | 356 | 🇺🇸 US | AS8075 | 2026-02-27 |
| 20.169.76.179 | 100% | 422 | 422 | 🇺🇸 US | AS8075 | 2026-02-19 |