← Back to feed
20.172.6.64
Location
🇺🇸 US / Phoenix
ASN
AS8075 · Microsoft Corporation
Cloud Provider
Microsoft Azure
Total Events
3820
Top 1% by volume
Agent Count
1
First / Last Seen
2026-04-29 04:46 — 2026-04-29 06:45
Attack Types
MITRE ATT&CK Techniques
External Corroboration
Not flagged by any external feeds
Session Forensics
Sessions
425 (100 with login)
Avg Depth Score
0.62
Commands Executed
187
Files Downloaded
0
Notable Commands
- ssh -V 2>&1 || echo unknown
- uptime -p 2>/dev/null | sed 's/up //' || echo unknown
- if command -v yum >/dev/null 2>&1; then echo yum; elif command -v apt >/dev/null 2>&1; then echo apt; elif command -v dnf >/dev/null 2>&1; then echo dnf; elif command -v pacman >/dev/null 2>&1; then echo pacman; else echo none; fi
- if command -v yum
- then echo yum
- elif command -v apt
- then echo apt
- elif command -v dnf
- then echo dnf
- elif command -v pacman
- then echo pacman
- else echo none
- lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*: //' | head -1 || nvidia-smi --query-gpu=name --format=csv,noheader 2>/dev/null | head -1 || echo 'No GPU found'
- nvidia-smi --query-gpu=name --format=csv,noheader
- uname -a 2>/dev/null || echo unknown
- hostname 2>/dev/null || echo unknown
- free -m | awk '/^Mem:/{printf "%.1f", $2/1024}' 2>/dev/null || echo 0
- bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"' 2>/dev/null || echo 0
- df -k / | tail -1 | awk "{print int(\$2/1048576)}"
- nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 0
Fingerprints
HASSH
SSH Client
Evidence Timeline
Reconnaissance
13567ee174e3
LOGIN
1
1
60%
Loading events...
Reconnaissance
ba00b8f90c42
LOGIN
1
1
60%
Loading events...
Reconnaissance
7095359bf41d
LOGIN
1
1
60%
Loading events...
Interactive Operator
b80afe1b7fbf
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
95b64e97f06c
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*…$ nvidia-smi --query-gpu=name --format=csv,noheader
Reconnaissance
fa79ba599952
LOGIN
1
1
60%
Loading events...
Reconnaissance
0197890c9cfc
LOGIN
1
1
60%
Loading events...
Reconnaissance
37ced40c08c8
LOGIN
1
1
60%
Loading events...
Reconnaissance
76c303f9d3f2
LOGIN
1
1
60%
Loading events...
Reconnaissance
77133772ab95
LOGIN
1
1
60%
Loading events...
Reconnaissance
801336427489
LOGIN
1
1
60%
Loading events...
Interactive Operator
f81320244489
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
c08c76d582bc
LOGIN
1
1
60%
Loading events...
Reconnaissance
232f3c6df6a9
LOGIN
1
1
60%
Loading events...
Reconnaissance
abd1beab5005
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
9f64215eff36
LOGIN
1
1
60%
Loading events...
Reconnaissance
2f0984309597
LOGIN
1
1
60%
Loading events...
Reconnaissance
61a11cb85d08
LOGIN
1
1
60%
Loading events...
Reconnaissance
c3906086bf8f
LOGIN
1
1
60%
Loading events...
Reconnaissance
a7132b7a7603
LOGIN
1
1
60%
Loading events...
Interactive Operator
c0957f2f8061
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
ae933909c292
LOGIN
1
1
60%
Loading events...
Reconnaissance
5fe92c6d2bd7
LOGIN
1
1
60%
Loading events...
Reconnaissance
afb8ef1f3785
LOGIN
1
1
60%
Loading events...
Reconnaissance
c30aa4aab874
LOGIN
1
1
60%
Loading events...
Reconnaissance
02890dfea101
LOGIN
1
1
60%
Loading events...
Reconnaissance
c0fc326dccdc
LOGIN
1
1
60%
Loading events...
Reconnaissance
14be035a7ebd
LOGIN
1
1
60%
Loading events...
Reconnaissance
8153d1fabf6f
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
4d1ecb1b445c
LOGIN
1
1
60%
Loading events...
Reconnaissance
35f46d9d9800
LOGIN
1
1
60%
Loading events...
Reconnaissance
e50f5fb01145
LOGIN
1
1
60%
Loading events...
Reconnaissance
eb5453bcff53
LOGIN
1
1
60%
Loading events...
Reconnaissance
866a3f2e574b
LOGIN
1
1
60%
Loading events...
Reconnaissance
a56b9d3b7e91
LOGIN
1
1
60%
Loading events...
Reconnaissance
1bfd7f54d816
LOGIN
1
1
60%
Loading events...
Reconnaissance
5607f29a661d
LOGIN
1
1
60%
Loading events...
Reconnaissance
d643f8a889f5
LOGIN
1
1
60%
Loading events...
Reconnaissance
49a13a95ee78
LOGIN
1
1
60%
Loading events...
Interactive Operator
2d100409507d
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
70731dea4526
LOGIN
1
1
60%
Loading events...
Reconnaissance
8d40572bbcf8
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
41124f1afd52
LOGIN
1
1
60%
Loading events...
Reconnaissance
e2c48698b60e
LOGIN
1
1
60%
Loading events...
Interactive Operator
aa5238ab5558
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
48fc91f85fc0
LOGIN
1
1
60%
Loading events...
Reconnaissance
489e51990ac4
LOGIN
1
1
60%
Loading events...
Reconnaissance
59b32aab965a
LOGIN
1
1
60%
Loading events...
Reconnaissance
585ac3b3af1f
LOGIN
1
1
60%
Loading events...
Reconnaissance
3f7d61f6bbaf
LOGIN
1
1
60%
Loading events...