IntrusionLabs / threat intelligence

← Back to feed

172.182.226.138

Threat Confidence

50%

Location

🇺🇸 US / Phoenix

ASN

AS8075 · Microsoft Corporation

Cloud Provider

Microsoft Azure

Total Events

718

Top 5% by volume

Agent Count

1

First / Last Seen

2026-03-31 16:07 — 2026-03-31 18:22

Attack Types

ssh:bruteforce

External Corroboration

Blocklist.de

Reported 2026-03-31 18:26

blocklist_de:reported

Campaigns

Not associated with any campaigns

Session Forensics

reconnaissance ×89

Sessions

89 (89 with login)

Avg Depth Score

0.6

Commands Executed

95

Files Downloaded

0

Notable Commands

ls -la /
uptime
nproc 2>/dev/null || (grep -c '^processor' /proc/cpuinfo 2>/dev/null) || echo 0
grep -c ^processor /proc/cpuinfo 2 > /dev/null
hostname
ssh -V
uname -a
pwd
env | head -10
whoami
mount | head -5
history | tail -5
ps aux | head -10
netstat -tulpn | head -10
grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown
xargs
uname -m 2>/dev/null || echo unknown

Fingerprints

HASSH

16443846184eafde36765c9bab2f4397

SSH Client

SSH-2.0-Go

Recent Events (last 50)

Timestamp	Port	Proto	Event	Location
2026-03-31 18:25:13	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:25:13	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:25:13	:22	ssh	cowrie.command.input	sin
2026-03-31 18:25:13	:22	ssh	cowrie.session.params	sin
2026-03-31 18:25:12	:22	ssh	cowrie.login.success	sin
2026-03-31 18:25:12	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:25:12	:22	ssh	cowrie.client.version	sin
2026-03-31 18:25:12	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:24:36	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:24:36	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:24:36	:22	ssh	cowrie.command.input	sin
2026-03-31 18:24:36	:22	ssh	cowrie.session.params	sin
2026-03-31 18:24:36	:22	ssh	cowrie.login.success	sin
2026-03-31 18:24:35	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:24:35	:22	ssh	cowrie.client.version	sin
2026-03-31 18:24:35	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:22:05	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:22:05	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:22:05	:22	ssh	cowrie.command.input	sin
2026-03-31 18:22:05	:22	ssh	cowrie.session.params	sin
2026-03-31 18:22:04	:22	ssh	cowrie.login.success	sin
2026-03-31 18:22:04	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:22:04	:22	ssh	cowrie.client.version	sin
2026-03-31 18:22:04	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:21:30	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:21:30	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:21:30	:22	ssh	cowrie.command.input	sin
2026-03-31 18:21:30	:22	ssh	cowrie.session.params	sin
2026-03-31 18:21:29	:22	ssh	cowrie.login.success	sin
2026-03-31 18:21:28	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:21:28	:22	ssh	cowrie.client.version	sin
2026-03-31 18:21:28	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:19:33	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:19:33	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:19:33	:22	ssh	cowrie.command.input	sin
2026-03-31 18:19:33	:22	ssh	cowrie.command.input	sin
2026-03-31 18:19:33	:22	ssh	cowrie.session.params	sin
2026-03-31 18:19:33	:22	ssh	cowrie.login.success	sin
2026-03-31 18:19:32	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:19:32	:22	ssh	cowrie.client.version	sin
2026-03-31 18:19:32	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:13:18	:22	ssh	cowrie.session.closed	sin
2026-03-31 18:13:18	:22	ssh	cowrie.log.closed	sin
2026-03-31 18:13:17	:22	ssh	cowrie.command.input	sin
2026-03-31 18:13:17	:22	ssh	cowrie.session.params	sin
2026-03-31 18:13:17	:22	ssh	cowrie.login.success	sin
2026-03-31 18:13:16	:22	ssh	cowrie.client.kex	sin
2026-03-31 18:13:16	:22	ssh	cowrie.client.version	sin
2026-03-31 18:13:16	:22	ssh	cowrie.session.connect	sin
2026-03-31 18:12:40	:22	ssh	cowrie.session.closed	sin