IntrusionLabs / threat intelligence

Sign in

← Back to feed

213.183.63.153

TAGGED SUSPICIOUS how we decide →

Threat Confidence

33%

Location

🇧🇬 BG / Sofia

ASN

AS56630 · Melbikomas UAB

Cloud Provider

—

Total Events

76

Above average by volume

Agent Count

1

First / Last Seen

2026-05-05 03:26 — 2026-05-14 16:53

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Credential Access

T1110 T1110.001

External Corroboration

Not flagged by any external feeds

Campaigns

Subnet 213.183.63.0/24 SUBNET Active high 🇧🇬 BG

3 IPs 102 events

2026-05-05 — ongoing · 3 IPs from the same /24 subnet (213.183.63.0/24) were observed attacking our sensors within the same time window. …

HASSH 14b2ddda386a… — SSH-2.0-libssh2_1.11.0 (627 IPs, 55 countries) HASSH Active high 🇺🇸 US

627 IPs 53211 events

2026-04-22 — ongoing · 627 IPs are running an identical SSH client (HASSH fingerprint 14b2ddda386a…). Top network: OVH SAS (AS16276). Geographic and …

Session Forensics

credential_probe ×1 credential_harvester ×5

Sessions

6

Avg Depth Score

0.37

Commands Executed

0

Files Downloaded

0

Fingerprints

HASSH

14b2ddda386a4d1006108ccd231b42fc

SSH Client

SSH-2.0-libssh2_1.11.0

Evidence Timeline

Credential Harvester ad4d06fb8808 w4m_singapore_01 · 2026-05-14 16:53

5 40%

Loading events...

Credential Harvester 7199ecefc293 w4m_singapore_01 · 2026-05-14 04:56

5 40%

Loading events...

Credential Harvester a8eb4cd078e4 w4m_singapore_01 · 2026-05-13 20:19

5 40%

Loading events...

Credential Probe e8a7603af5bb w4m_singapore_01 · 2026-05-13 00:16

1 20%

Loading events...

Credential Harvester 728b3d352c23 w4m_singapore_01 · 2026-05-10 04:43

5 40%

Loading events...

Credential Harvester d66c188ad3b4 w4m_singapore_01 · 2026-05-05 03:26

5 40%

Loading events...