← Back to feed
HASSH 084386fa7ae5… — SSH-2.0-Go (52 IPs, 9 countries)
HASSH Active highWhy this campaign was detected
52 IPs are running an identical SSH client (HASSH fingerprint 084386fa7ae5…). Top network: Microsoft Corporation (AS8075). Geographic and ASN spread across distinct /16 subnets indicates a single operator running shared tooling on rented infrastructure — exactly the disguise that subnet/ASN clustering misses.
Primary ASN
AS8075 · Microsoft Corporation
Subnet
—
HASSH Fingerprint
Country
🇺🇸 US
Cloud Provider
Azure
Member Count
52 IPs
Below average
Total Events
358763
Top 5% by volume
Started / Ended
2026-02-23 00:08 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 103.203.57.2 | scanner | 62% | 1x OSINT | 461 | 3 | ssh:bruteforce | scan-57-2.security.ipip.net | 2026-06-10 05:33 | evidence → |
| 213.177.179.80 | opportunistic_bruter | 60% | DROP | 6466 | 3 | ssh:bruteforce | — | 2026-06-06 15:00 | evidence → |
| 213.209.159.142 | credential_harvester | 60% | DROP | 14980 | 3 | ssh:bruteforce | — | 2026-06-06 08:01 | evidence → |
| 45.156.87.204 | credential_harvester | 60% | DROP | 32447 | 3 | ssh:bruteforce | — | 2026-06-04 22:49 | evidence → |
| 91.92.42.7 | credential_harvester | 59% | 8522 | 2 | ssh:bruteforce | — | 2026-06-08 20:30 | evidence → | |
| 71.6.199.65 | scanner | 58% | 1x OSINT | 60 | 3 | ssh:bruteforce | — | 2026-06-10 05:06 | evidence → |
| 213.177.179.79 | credential_harvester | 58% | DROP | 7898 | 3 | ssh:bruteforce | — | 2026-06-05 05:15 | evidence → |
| 165.227.98.222 | credential_harvester | 57% | 9929 | 3 | ssh:bruteforce | — | 2026-06-03 19:30 | evidence → | |
| 45.153.34.71 | credential_harvester | 57% | DROP | 29633 | 3 | ssh:bruteforce | — | 2026-06-03 18:33 | evidence → |
| 45.153.34.114 | credential_harvester | 57% | DROP | 23975 | 3 | ssh:bruteforce | — | 2026-06-03 12:43 | evidence → |
| 45.156.87.34 | credential_harvester | 56% | DROP | 96219 | 3 | ssh:bruteforce | — | 2026-05-27 00:05 | evidence → |
| 45.156.87.254 | credential_harvester | 56% | DROP | 29081 | 3 | ssh:bruteforce | — | 2026-06-03 02:14 | evidence → |
| 71.6.199.87 | scanner | 56% | 1x OSINT | 16 | 3 | ssh:bruteforce | — | 2026-06-10 02:06 | evidence → |
| 66.240.223.240 | scanner | 52% | 28 | 3 | ssh:bruteforce | new-ubuntu20223240.aspadmin.net | 2026-06-10 03:35 | evidence → | |
| 66.240.223.208 | scanner | 51% | 2x OSINT | 72 | 3 | ssh:bruteforce | — | 2026-06-04 07:01 | evidence → |
| 91.92.42.195 | credential_harvester | 50% | 4261 | 1 | ssh:bruteforce | — | 2026-06-09 17:12 | evidence → | |
| 45.156.87.93 | credential_harvester | 49% | DROP | 4470 | 1 | ssh:bruteforce | — | 2026-06-09 13:10 | evidence → |
| 45.156.87.216 | credential_harvester | 49% | DROP | 4470 | 1 | ssh:bruteforce | — | 2026-06-09 05:47 | evidence → |
| 45.153.34.149 | credential_harvester | 47% | DROP | 13410 | 2 | ssh:bruteforce | — | 2026-06-06 05:32 | evidence → |
| 91.92.40.202 | credential_harvester | 45% | 4286 | 1 | ssh:bruteforce | — | 2026-06-10 06:29 | evidence → | |
| 91.92.40.171 | credential_harvester | 45% | 4286 | 1 | ssh:bruteforce | — | 2026-06-10 04:46 | evidence → | |
| 143.198.216.98 | scanner | 43% | 28 | 3 | ssh:bruteforce | — | 2026-06-05 10:21 | evidence → | |
| 176.65.132.17 | credential_harvester | 42% | DROP | 24612 | 2 | ssh:bruteforce | — | 2026-06-02 21:43 | evidence → |
| 45.156.87.13 | credential_harvester | 41% | DROP | 12493 | 1 | ssh:bruteforce | — | 2026-06-07 23:59 | evidence → |
| 104.248.158.38 | scanner | 41% | 16 | 3 | ssh:bruteforce | — | 2026-06-04 16:11 | evidence → | |
| 66.240.236.116 | scanner | 40% | 60 | 3 | ssh:bruteforce | — | 2026-06-02 00:23 | evidence → | |
| 176.65.139.47 | credential_harvester | 35% | DROP | 4261 | 1 | ssh:bruteforce | — | 2026-06-04 20:48 | evidence → |
| 176.65.132.22 | credential_harvester | 35% | DROP | 4470 | 1 | ssh:bruteforce | — | 2026-06-04 18:59 | evidence → |
| 176.65.139.79 | credential_harvester | 35% | DROP | 4239 | 1 | ssh:bruteforce | — | 2026-06-04 18:29 | evidence → |
| 172.202.118.18 | scanner | 34% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-10 04:49 | evidence → |
| 20.163.32.168 | scanner | 33% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-09 01:44 | evidence → |
| 20.65.194.180 | scanner | 33% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-09 01:39 | evidence → |
| 20.64.105.174 | scanner | 33% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-09 01:13 | evidence → |
| 45.153.34.186 | credential_harvester | 33% | DROP | 8940 | 1 | ssh:bruteforce | — | 2026-05-31 13:03 | evidence → |
| 45.156.87.166 | credential_harvester | 33% | DROP | 4470 | 1 | ssh:bruteforce | — | 2026-05-27 19:05 | evidence → |
| 103.52.89.114 | scanner | 32% | 24 | 2 | ssh:bruteforce | — | 2026-06-07 19:51 | evidence → | |
| 20.171.8.182 | scanner | 31% | 1x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-10 06:08 | evidence → |
| 20.65.193.176 | scanner | 31% | 1x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-10 05:55 | evidence → |
| 135.237.126.224 | scanner | 30% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-07 22:18 | evidence → |
| 13.89.125.31 | scanner | 30% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-07 22:17 | evidence → |
| 39.104.64.139 | scanner | 28% | 26 | 2 | ssh:bruteforce | — | 2026-06-05 11:28 | evidence → | |
| 20.65.195.16 | scanner | 25% | 2x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-05 10:25 | evidence → |
| 40.124.173.251 | scanner | 22% | 1x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-05 09:49 | evidence → |
| 20.169.105.0 | scanner | 21% | 7 | 1 | ssh:bruteforce | — | 2026-06-07 22:20 | evidence → | |
| 168.144.114.172 | scanner | 21% | 4 | 1 | ssh:bruteforce | — | 2026-06-07 20:36 | evidence → | |
| 192.81.210.247 | scanner | 20% | 4 | 1 | ssh:bruteforce | — | 2026-06-07 17:31 | evidence → | |
| 20.171.25.78 | scanner | 20% | 1x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-04 07:30 | evidence → |
| 20.106.32.153 | scanner | 19% | 1x OSINT | 7 | 1 | ssh:bruteforce | — | 2026-06-04 06:40 | evidence → |
| 116.62.56.228 | scanner | 17% | 16 | 1 | ssh:bruteforce | — | 2026-06-04 22:16 | evidence → | |
| 20.163.76.6 | scanner | 17% | 7 | 1 | ssh:bruteforce | — | 2026-06-05 10:45 | evidence → | |
| 14.103.230.55 | scanner | 15% | 25 | 1 | ssh:bruteforce | — | 2026-06-03 14:47 | evidence → | |
| 40.80.207.25 | scanner | 15% | 7 | 1 | ssh:bruteforce | — | 2026-06-04 06:35 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds