← Back to feed
172.182.225.192
Location
🇺🇸 US / Phoenix
ASN
AS8075 · Microsoft Corporation
Cloud Provider
Microsoft Azure
Total Events
2913
Top 1% by volume
Agent Count
1
First / Last Seen
2026-04-29 04:47 — 2026-04-29 06:39
Attack Types
MITRE ATT&CK Techniques
Initial Access
Execution
External Corroboration
Not flagged by any external feeds
Session Forensics
Sessions
354 (100 with login)
Avg Depth Score
0.61
Commands Executed
159
Files Downloaded
0
Notable Commands
- hostname 2>/dev/null || echo unknown
- uptime -p 2>/dev/null | sed 's/up //' || echo unknown
- nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 0
- ssh -V 2>&1 || echo unknown
- uname -a 2>/dev/null || echo unknown
- bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"' 2>/dev/null || echo 0
- df -k / | tail -1 | awk "{print int(\$2/1048576)}"
- if command -v yum >/dev/null 2>&1; then echo yum; elif command -v apt >/dev/null 2>&1; then echo apt; elif command -v dnf >/dev/null 2>&1; then echo dnf; elif command -v pacman >/dev/null 2>&1; then echo pacman; else echo none; fi
- if command -v yum
- then echo yum
- elif command -v apt
- then echo apt
- elif command -v dnf
- then echo dnf
- elif command -v pacman
- then echo pacman
- else echo none
- grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown
- free -m | awk '/^Mem:/{printf "%.1f", $2/1024}' 2>/dev/null || echo 0
- uname -m 2>/dev/null || echo unknown
Fingerprints
HASSH
SSH Client
Evidence Timeline
Reconnaissance
ebfe91c9a251
LOGIN
1
1
60%
Loading events...
Reconnaissance
3984a9a8f2fc
LOGIN
1
1
60%
Loading events...
Reconnaissance
5d62e6bf2ec9
LOGIN
1
1
60%
Loading events...
Reconnaissance
cdba0956d02d
LOGIN
1
1
60%
Loading events...
Reconnaissance
a950c6b0a398
LOGIN
1
1
60%
Loading events...
Reconnaissance
e41565f59970
LOGIN
1
1
60%
Loading events...
Reconnaissance
81acd07bc3d8
LOGIN
1
1
60%
Loading events...
Reconnaissance
6239a0a64c75
LOGIN
1
1
60%
Loading events...
Reconnaissance
85172555a6c4
LOGIN
1
1
60%
Loading events...
Reconnaissance
7dc171c9e1e0
LOGIN
1
1
60%
Loading events...
Reconnaissance
e378c71705e8
LOGIN
1
1
60%
Loading events...
Reconnaissance
9d8ee58241f0
LOGIN
1
1
60%
Loading events...
Reconnaissance
8026d37b6e15
LOGIN
1
1
60%
Loading events...
Reconnaissance
7846e0aaebf7
LOGIN
1
1
60%
Loading events...
Reconnaissance
0d73df40dbff
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Interactive Operator
50c799e59d3d
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
9a46af53d1fd
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
4d1d5cf354c5
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ ssh -V 2>&1 || echo unknown$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…
Reconnaissance
f4852cbaf401
LOGIN
1
1
60%
Loading events...
Reconnaissance
ad45e7b76efa
LOGIN
1
1
60%
Loading events...
Interactive Operator
a361284cf881
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
6469dc439762
LOGIN
1
1
60%
Loading events...
Reconnaissance
5c641f79d9ce
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
69e86a339598
LOGIN
1
1
60%
Loading events...
Reconnaissance
6a036a8627d6
LOGIN
1
1
60%
Loading events...
Reconnaissance
81d274918311
LOGIN
1
1
60%
Loading events...
Reconnaissance
b24498e2e479
LOGIN
1
1
60%
Loading events...
Reconnaissance
a9ec8dc7c27b
LOGIN
1
1
60%
Loading events...
Reconnaissance
6f57c98ab29d
LOGIN
1
1
60%
Loading events...
Reconnaissance
efb35ef53c59
LOGIN
1
1
60%
Loading events...
Reconnaissance
e4069d67bbf4
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
8291a7c2d4ab
LOGIN
1
1
60%
Loading events...
Reconnaissance
df5bb2d06689
LOGIN
1
1
60%
Loading events...
Reconnaissance
9a22cf619484
LOGIN
1
1
60%
Loading events...
Reconnaissance
6456395e8f1a
LOGIN
1
1
60%
Loading events...
Reconnaissance
f4977affa6cc
LOGIN
1
1
60%
Loading events...
Reconnaissance
de29ed3d34b9
LOGIN
1
1
60%
Loading events...
Reconnaissance
0fcf1e025390
LOGIN
1
1
60%
Loading events...
Reconnaissance
d2c556e3f9b8
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*…$ nvidia-smi --query-gpu=name --format=csv,noheader
Interactive Operator
616034d47672
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
c3c7b8c94501
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Interactive Operator
e6e5cf598d64
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
5f12b00f29e5
LOGIN
1
1
60%
Loading events...
Reconnaissance
7002fa49347f
LOGIN
1
1
60%
Loading events...
Reconnaissance
5939644ceb79
LOGIN
1
1
60%
Loading events...
Reconnaissance
6b247abae6fb
LOGIN
1
1
60%
Loading events...
Reconnaissance
5f29d8a3de76
LOGIN
1
1
60%
Loading events...
Reconnaissance
68394cd8979a
LOGIN
1
1
60%
Loading events...
Reconnaissance
39c5dc2be0c9
LOGIN
1
1
60%
Loading events...
Reconnaissance
fb1a7efb1349
LOGIN
1
1
60%
Loading events...