← Back to feed

165.154.20.228

TAGGED SUSPICIOUS how we decide →

Threat Confidence

41%

Location

🇭🇰 HK / Hong Kong

ASN

AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED

Cloud Provider

—

Total Events

Average by volume

Agent Count

First / Last Seen

2026-05-23 12:42 — 2026-05-26 14:19

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

External Corroboration

Blocklist.de

Reported 2026-05-26 16:01

blocklist_de:reported

Campaigns

Multi-Agent Scan SCAN Active medium

2 IPs 36 events

2026-03-09 — ongoing · 2 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

38 IPs 11116 events

2026-03-09 — ongoing · 38 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

34 IPs 10614 events

2026-03-09 — ongoing · 34 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

89 IPs 153638 events

2026-02-26 — ongoing · 89 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Azure. Scanning the same …

HASSH 19532158b559… — SSH-2.0-libssh2_1.11.1 (50 IPs, 19 countries) HASSH Active high 🇺🇸 US

50 IPs 1312 events

ssh:bruteforce

2026-02-22 — ongoing · 50 IPs are running an identical SSH client (HASSH fingerprint 19532158b559…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …

AS135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED ASN Active medium 🇭🇰 HK

58 IPs 14983 events

ftp:bruteforcehttp:scanmysql:bruteforcessh:bruteforce

2026-02-18 — ongoing · 58 IPs from the same network (UCLOUD INFORMATION TECHNOLOGY HK LIMITED, AS135377) were active during overlapping time periods. …

Session Forensics

credential_probe ×4 opportunistic_bruter ×2

Sessions

6 (2 with login)

Avg Depth Score

0.3

Commands Executed

Files Downloaded

Fingerprints

HASSH

19532158b559096b89b1a5f7d17175b2

SSH Client

SSH-2.0-libssh2_1.11.1

Evidence Timeline

Opportunistic Bruter cee04d0b5eee w4m_seattle_01 · 2026-05-26 14:19

1 50%

Loading events...

Credential Probe d6beecfd8d30 w4m_seattle_01 · 2026-05-26 14:19

1 20%

Loading events...

Credential Probe ce1524e29269 w4m_seattle_01 · 2026-05-26 14:18

1 20%

Loading events...

Opportunistic Bruter 1733638ff980 newark_01 · 2026-05-23 12:43

1 50%

Loading events...

Credential Probe b00b0392d292 newark_01 · 2026-05-23 12:43

1 20%

Loading events...

Credential Probe 0fab4928bc3c newark_01 · 2026-05-23 12:42

1 20%

Loading events...