IntrusionLabs / threat intelligence

Sign in

← Back to feed

123.234.3.106

Threat Confidence

33%

Location

🇨🇳 CN / Qingdao

ASN

AS4837 · CHINA UNICOM China169 Backbone

Cloud Provider

—

Total Events

12

Below average by volume

Agent Count

1

First / Last Seen

2026-03-07 09:23 — 2026-05-09 01:17

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

External Corroboration

Not flagged by any external feeds

Campaigns

HASSH 98f63c4d9c87… — SSH-2.0-Go (50 IPs, 6 countries) HASSH Active high 🇨🇳 CN

50 IPs 990 events

2026-02-27 — ongoing · 50 IPs are running an identical SSH client (HASSH fingerprint 98f63c4d9c87…). Top network: China Mobile Communications Group Co., …

AS4837 CHINA UNICOM China169 Backbone ASN Active medium 🇨🇳 CN

16 IPs 940 events

2026-02-16 — ongoing · 16 IPs from the same network (CHINA UNICOM China169 Backbone, AS4837) were active during overlapping time periods. Temporal …

Session Forensics

scanner ×2 reconnaissance ×1

Sessions

3 (1 with login)

Avg Depth Score

0.3

Commands Executed

1

Files Downloaded

0

Notable Commands

uname -s -m

Fingerprints

HASSH

98f63c4d9c87edbd97ed4747fa031019

SSH Client

SSH-2.0-Go

Evidence Timeline

Reconnaissance d4c04b5cfcd0 w4m_singapore_01 · 2026-05-09 01:17

1 1 60%

Loading events...

Scanner ff8297b239e6 w4m_singapore_01 · 2026-05-09 01:17

15%

Loading events...

Scanner 61ec54b41bb9 w4m_singapore_01 · 2026-03-07 09:23

15%

Loading events...