IntrusionLabs / threat intelligence

Sign in

← Back to feed

116.1.148.172

Threat Confidence

32%

Location

🇨🇳 CN

ASN

AS4134 · Chinanet

Cloud Provider

—

Total Events

10

Below average by volume

Agent Count

1

First / Last Seen

2026-05-08 18:02 — 2026-05-08 18:02

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

External Corroboration

Not flagged by any external feeds

Campaigns

HASSH 98f63c4d9c87… — SSH-2.0-Go (50 IPs, 6 countries) HASSH Active high 🇨🇳 CN

50 IPs 990 events

2026-02-27 — ongoing · 50 IPs are running an identical SSH client (HASSH fingerprint 98f63c4d9c87…). Top network: China Mobile Communications Group Co., …

AS4134 Chinanet ASN Active medium 🇨🇳 CN

50 IPs 5924 events

ftp:bruteforcessh:bruteforce

2026-02-18 — ongoing · 50 IPs from the same network (Chinanet, AS4134) were active during overlapping time periods. Temporal correlation across a …

Session Forensics

scanner ×1 reconnaissance ×1

Sessions

2 (1 with login)

Avg Depth Score

0.38

Commands Executed

1

Files Downloaded

0

Notable Commands

uname -s -m

Fingerprints

HASSH

98f63c4d9c87edbd97ed4747fa031019

SSH Client

SSH-2.0-Go

Evidence Timeline

Reconnaissance 9b6acf9ceed9 newark_01 · 2026-05-08 18:02

1 1 60%

Loading events...

Scanner 92ebb29818d7 newark_01 · 2026-05-08 18:02

15%

Loading events...