← Back to feed
4.227.135.147
Location
🇺🇸 US / Washington
ASN
AS8075 · Microsoft Corporation
Cloud Provider
Microsoft Azure
Total Events
2605
Top 1% by volume
Agent Count
1
First / Last Seen
2026-04-29 04:47 — 2026-04-29 06:45
Attack Types
MITRE ATT&CK Techniques
Initial Access
Execution
External Corroboration
Not flagged by any external feeds
Session Forensics
Sessions
289 (100 with login)
Avg Depth Score
0.62
Commands Executed
218
Files Downloaded
0
Notable Commands
- hostname 2>/dev/null || echo unknown
- grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown
- xargs
- nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 0
- uptime -p 2>/dev/null | sed 's/up //' || echo unknown
- sed s/up //
- free -m | awk '/^Mem:/{printf "%.1f", $2/1024}' 2>/dev/null || echo 0
- uname -a 2>/dev/null || echo unknown
- if command -v yum >/dev/null 2>&1; then echo yum; elif command -v apt >/dev/null 2>&1; then echo apt; elif command -v dnf >/dev/null 2>&1; then echo dnf; elif command -v pacman >/dev/null 2>&1; then echo pacman; else echo none; fi
- if command -v yum
- then echo yum
- elif command -v apt
- then echo apt
- elif command -v dnf
- then echo dnf
- elif command -v pacman
- then echo pacman
- else echo none
- uname -m 2>/dev/null || echo unknown
- bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"' 2>/dev/null || echo 0
Fingerprints
HASSH
SSH Client
Evidence Timeline
Reconnaissance
1a99485840e9
LOGIN
1
1
60%
Loading events...
Reconnaissance
ae02ebe96c89
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…$ xargs
Reconnaissance
3bd3379c4481
LOGIN
1
1
60%
Loading events...
Reconnaissance
5f9d7f048e5d
LOGIN
1
1
60%
Loading events...
Reconnaissance
181be00a3171
LOGIN
1
1
60%
Loading events...
Reconnaissance
5f4de91eaf42
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ uptime -p 2>/dev/null | sed 's/up //' || echo unknown$ sed s/up //
Reconnaissance
d4d50eb029f9
LOGIN
1
1
60%
Loading events...
Reconnaissance
401524a3c4bd
LOGIN
1
1
60%
Loading events...
Interactive Operator
908383957c92
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
9644ddd412d9
LOGIN
1
1
60%
Loading events...
Reconnaissance
af078bbdc279
LOGIN
1
1
60%
Loading events...
Reconnaissance
1555f62d7f01
LOGIN
1
1
60%
Loading events...
Reconnaissance
9248955b12b7
LOGIN
1
1
60%
Loading events...
Reconnaissance
e7a4d6e622c4
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ uptime -p 2>/dev/null | sed 's/up //' || echo unknown$ sed s/up //
Reconnaissance
bc1e27ef1eac
LOGIN
1
1
60%
Loading events...
Interactive Operator
e0eb74e1f536
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
5d2ac1e777cd
LOGIN
1
1
60%
Loading events...
Reconnaissance
e74769d1baf3
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ uptime -p 2>/dev/null | sed 's/up //' || echo unknown$ sed s/up //
Reconnaissance
c830bf145cf8
LOGIN
1
1
60%
Loading events...
Reconnaissance
36bf5f09a2bf
LOGIN
1
1
60%
Loading events...
Reconnaissance
610771b56707
LOGIN
1
1
60%
Loading events...
Reconnaissance
07a87ca651d7
LOGIN
1
1
60%
Loading events...
Reconnaissance
02535d756a97
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…$ xargs
Reconnaissance
a4a3f8e4ad57
LOGIN
1
1
60%
Loading events...
Reconnaissance
29c38e58e1fe
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…$ xargs
Reconnaissance
b3ff9dcb122c
LOGIN
1
1
60%
Loading events...
Reconnaissance
f260df617ccd
LOGIN
1
1
60%
Loading events...
Reconnaissance
ec6855f556b3
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Reconnaissance
140c21b6999b
LOGIN
1
1
60%
Loading events...
Reconnaissance
8e4e94907987
LOGIN
1
1
60%
Loading events...
Reconnaissance
39c6d150ba92
LOGIN
1
1
60%
Loading events...
Reconnaissance
0de13005b7a1
LOGIN
3
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ cat /etc/redhat-release 2>/dev/null || cat /etc/os-release …$ tr -d "$ sed s/^/Debian /
Reconnaissance
007cb183a7c4
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…$ xargs
Reconnaissance
21afd97386a3
LOGIN
1
1
60%
Loading events...
Reconnaissance
3ee894326309
LOGIN
1
1
60%
Loading events...
Reconnaissance
d33d83579a7a
LOGIN
3
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*…$ sed s/^.*: //$ nvidia-smi --query-gpu=name --format=csv,noheader
Reconnaissance
897b0af65066
LOGIN
1
1
60%
Loading events...
Reconnaissance
9979aea5a415
LOGIN
1
1
60%
Loading events...
Reconnaissance
1534ec44496f
LOGIN
1
1
60%
Loading events...
Reconnaissance
c35c8dca42ee
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ bash -c 'df -k / | tail -1 | awk "{print int(\$2/1048576)}"…$ df -k / | tail -1 | awk "{print int(\$2/1048576)}"
Interactive Operator
53448ffa81a5
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
4b4ac0252eb1
LOGIN
1
1
60%
Loading events...
Reconnaissance
da280f97ea59
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ uptime -p 2>/dev/null | sed 's/up //' || echo unknown$ sed s/up //
Reconnaissance
23417d1888b4
LOGIN
1
1
60%
Loading events...
Reconnaissance
e65802a28fd7
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ uptime -p 2>/dev/null | sed 's/up //' || echo unknown$ sed s/up //
Reconnaissance
48c378d9e45a
LOGIN
3
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*…$ sed s/^.*: //$ nvidia-smi --query-gpu=name --format=csv,noheader
Interactive Operator
c52fcc4b37fa
LOGIN
11
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ if command -v yum >/dev/null 2>&1; then echo yum; elif comm…$ if command -v yum$ then echo yum$ elif command -v apt$ then echo apt
Reconnaissance
7dd64352a779
LOGIN
2
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut…$ xargs
Reconnaissance
b25abb621725
LOGIN
3
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ lspci 2>/dev/null | grep -i 'vga\|3d\|display' | sed 's/^.*…$ sed s/^.*: //$ nvidia-smi --query-gpu=name --format=csv,noheader
Reconnaissance
1e3a95249bba
LOGIN
3
1
60%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ cat /etc/redhat-release 2>/dev/null || cat /etc/os-release …$ tr -d "$ sed s/^/Debian /