Loading threats
Identifies an SSH session where the attacker executes uname -m to retrieve the system’s machine architecture, suppressing errors via 2>/dev/null and falling back to echo unknown if the command fails. This pattern is commonly used in automated post-compromise reconnaissance to determine CPU architecture (e.g., x86, x86_64, arm, mips) for selecting an appropriate malware payload binary.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 91.99.73.218 | 100% | 47,576 | 1,163 | 🇩🇪 DE | AS24940 | 2026-02-09 |
| 64.236.141.177 | 100% | 32,510 | 795 | 🇺🇸 US | AS8075 | 2026-02-08 |
| 20.109.38.241 | 99% | 24,487 | 603 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 135.232.232.48 | 98% | 23,927 | 651 | 🇺🇸 US | AS8075 | 2026-02-08 |
| 52.159.229.56 | 99% | 17,787 | 440 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 20.55.15.97 | 98% | 13,808 | 337 | 🇺🇸 US | AS8075 | 2026-02-08 |
| 68.220.62.150 | 98% | 8,585 | 210 | 🇺🇸 US | AS8075 | 2026-02-11 |
| 172.184.209.163 | 98% | 6,654 | 168 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 172.212.163.16 | 97% | 6,560 | 160 | 🇺🇸 US | AS8075 | 2026-02-08 |
| 20.168.108.228 | 100% | 3,829 | 1,698 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 52.225.25.104 | 98% | 3,526 | 86 | 🇺🇸 US | AS8075 | 2026-02-11 |
| 172.215.211.54 | 99% | 3,134 | 79 | 🇺🇸 US | AS8075 | 2026-02-08 |
| 172.182.225.4 | 97% | 2,797 | 90 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 64.236.176.232 | 97% | 2,706 | 81 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 40.65.61.32 | 84% | 2,219 | 59 | 🇺🇸 US | AS8075 | 2026-02-21 |
| 135.232.201.33 | 97% | 2,209 | 189 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 172.184.209.167 | 100% | 2,130 | 2,130 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 52.159.247.225 | 100% | 2,127 | 2,004 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 57.151.137.146 | 97% | 1,730 | 1,438 | 🇺🇸 US | AS8075 | 2026-02-12 |
| 172.184.213.176 | 100% | 1,685 | 1,311 | 🇺🇸 US | AS8075 | 2026-02-19 |