// Notes from the inside

IntrusionLabs Blog

Threat intelligence engineering, what fell out of the data this week, and notes from building a public honeypot network in the open. RSS.

2026-04-19 ·hassh,fingerprinting,botnet,ssh,honeypot

I added one field and found a 4,154-IP botnet

The first HASSH fingerprint I clicked on returned 4,154 source IPs, all running the same SSH client across 10 ASNs and 74 countries. Here's what that means and how the detector works.