← Back to feed

192.42.116.16

TAGGED SUSPICIOUS how we decide →

Threat Confidence

55%

Location

🇳🇱 NL

ASN

AS215125 · Church of Cyberology

Cloud Provider

—

Total Events

Average by volume

Agent Count

First / Last Seen

2026-03-13 15:42 — 2026-05-05 07:21

Attack Types

http:scan ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Initial Access

T1078 T1190

Credential Access

T1110 T1110.001

Discovery

T1016 T1082 T1083

Command and Control

T1090 T1572

External Corroboration

Tor Exit Nodes

Reported 2026-05-11 17:08

tor:exit_node

Campaigns

Subnet 192.42.116.0/24 SUBNET Active high 🇳🇱 NL

14 IPs 259 events

http:scanssh:bruteforce

2026-04-11 — ongoing · 14 IPs from the same /24 subnet (192.42.116.0/24) were observed attacking our sensors within the same time window. …

Session Forensics

web_probe ×1 proxy_abuser ×1 reconnaissance ×1

Sessions

3 (2 with login)

Avg Depth Score

0.57

Commands Executed

Files Downloaded

Notable Commands

echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1777965702829399580" | sh
bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1777965702829399580
CMD:

Fingerprints

HASSH

087ab61de4f8afa9ac8f30c1b7c418eb 1cc79c7da9b5d5eead2c60983332a556

SSH Client

SSH-2.0-GoSSH-2.0-OpenSSH_9.9

JA4

t12d3112h2_e8f1e7e78f70_64f78f54e6a2

Evidence Timeline

Reconnaissance 362dae6d5844 w4m_seattle_01 · 2026-05-05 07:21

3 1 60%

Loading events...

Proxy Abuser c2873a6698ad w4m_singapore_01 · 2026-04-26 20:29

2 85%

Loading events...

Web Probe adba06aa66fd546b w4m_seattle_01 · 2026-03-13 15:42

25%

Loading events...

Non-Session Events

Timestamp	Port	Proto	Event	Source	Location
2026-03-13 15:42:11	:80	http	HTTP GET request	opencanary	sea