← Back to feed

120.48.140.232

TAGGED SUSPICIOUS how we decide →

Threat Confidence

55%

Location

🇨🇳 CN / Beijing

ASN

AS38365 · Beijing Baidu Netcom Science and Technology Co., Ltd.

Cloud Provider

—

Total Events

Average by volume

Agent Count

First / Last Seen

2026-05-20 15:02 — 2026-05-24 14:08

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

External Corroboration

Blocklist.de

Reported 2026-05-24 16:01

blocklist_de:reported

Campaigns

Multi-Agent Scan SCAN Active medium

82 IPs 30702 events

2026-04-10 — ongoing · 82 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

104 IPs 190743 events

2026-03-02 — ongoing · 104 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

104 IPs 190656 events

2026-03-02 — ongoing · 104 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on AWS. Scanning the same …

Multi-Agent Scan SCAN Active medium

77 IPs 39439 events

2026-03-02 — ongoing · 77 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

100 IPs 189615 events

2026-03-02 — ongoing · 100 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

178 IPs 90341 events

2026-03-02 — ongoing · 178 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

102 IPs 189666 events

2026-03-02 — ongoing · 102 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

101 IPs 190092 events

2026-03-02 — ongoing · 101 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (1323 IPs, 94 countries) HASSH Active high 🇺🇸 US

1323 IPs 422522 events

ssh:bruteforce

2026-02-25 — ongoing · 1323 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: Tencent Building, Kejizhongyi Avenue (AS132203). …

AS38365 Beijing Baidu Netcom Science and Technology Co., Ltd. ASN Active medium 🇨🇳 CN

42 IPs 2905 events

ssh:bruteforce

2026-02-18 — ongoing · 42 IPs from the same network (Beijing Baidu Netcom Science and Technology Co., Ltd., AS38365) were active during …

Session Forensics

scanner ×5 reconnaissance ×4 credential_probe ×1

Sessions

10 (4 with login)

Avg Depth Score

0.33

Commands Executed

Files Downloaded

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh

Fingerprints

HASSH

f555226df1963d1d3c09daf865abdc9a

SSH Client

SSH-2.0-libssh_0.9.6

Evidence Timeline

Reconnaissance 93f6a924d7d1 newark_01 · 2026-05-24 14:03

2 1 60%

Loading events...

Reconnaissance 7fad1228c69d newark_01 · 2026-05-24 13:52

2 1 60%

Loading events...

Scanner f947acce4f65 newark_01 · 2026-05-24 13:47

15%

Loading events...

Scanner 4c82e5589ba0 newark_01 · 2026-05-24 13:41

15%

Loading events...

Scanner 4866e7758c37 newark_01 · 2026-05-24 13:36

15%

Loading events...

Reconnaissance dcfcb7108c2e newark_01 · 2026-05-24 13:31

2 1 60%

Loading events...

Reconnaissance 01029d19ce0e newark_01 · 2026-05-24 13:25

2 1 60%

Loading events...

Credential Probe 997a6e072a5c newark_01 · 2026-05-24 13:20

1 20%

Loading events...

Scanner 65ac5961bf9f newark_01 · 2026-05-24 13:07

15%

Loading events...

Scanner 3d1bf06514a7 w4m_singapore_01 · 2026-05-20 15:02

15%

Loading events...