IntrusionLabs IntrusionLabs
← Back to feed

31.59.40.94

TAGGED SUSPICIOUS how we decide →
Threat Confidence
59%
Location
🇺🇸 US / Kansas City
ASN
AS56971 · Cgi Global Limited
Cloud Provider
Total Events
402
Top 10% by volume
Agent Count
1
First / Last Seen
2026-06-02 13:42 — 2026-06-02 14:55
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1046
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-06-02 15:02
blocklist_de:reported
Campaigns
HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (1001 IPs, 88 countries) HASSH Active high 🇨🇳 CN
1001 IPs 424221 events
http:scanssh:bruteforce
2026-02-25 — ongoing · 1001 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …
Session Forensics
scanner ×1 malware_dropper ×14 credential_probe ×29 opportunistic_bruter ×14
Sessions
58 (28 with login)
Avg Depth Score
0.46
Commands Executed
42
Files Downloaded
14
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
f555226df1963d1d3c09daf865abdc9a
SSH Client
SSH-2.0-libssh_0.9.6
Evidence Timeline
Credential Probe 684bf52a8254 newark_01 · 2026-06-02 14:55
1 20%
Loading events...
Malware Dropper b868bb25573f newark_01 · 2026-06-02 14:52
3 1 1 100%
Loading events...
Opportunistic Bruter 658ec0cf7b4b newark_01 · 2026-06-02 14:52
1 50%
Loading events...
Credential Probe a30a73bd010f newark_01 · 2026-06-02 14:52
1 20%
Loading events...
Opportunistic Bruter 46583a220e06 newark_01 · 2026-06-02 14:50
1 50%
Loading events...
Malware Dropper 9256e77da9ba newark_01 · 2026-06-02 14:50
3 1 1 100%
Loading events...
Credential Probe 7e8ef9cbd297 newark_01 · 2026-06-02 14:50
1 20%
Loading events...
Opportunistic Bruter 06871ff6b22c newark_01 · 2026-06-02 14:48
1 50%
Loading events...
Malware Dropper 1c80de472365 newark_01 · 2026-06-02 14:48
3 1 1 100%
Loading events...
Credential Probe e2cdd30554a5 newark_01 · 2026-06-02 14:48
1 20%
Loading events...
Credential Probe 4a83efb4df52 newark_01 · 2026-06-02 14:46
1 20%
Loading events...
Credential Probe 7755c57c7b92 newark_01 · 2026-06-02 14:43
1 20%
Loading events...
Credential Probe 5f0a3a62d3bd newark_01 · 2026-06-02 14:41
1 20%
Loading events...
Credential Probe 42592d93ecb5 newark_01 · 2026-06-02 14:39
1 20%
Loading events...
Credential Probe fa8f1975d3d2 newark_01 · 2026-06-02 14:37
1 20%
Loading events...
Credential Probe 32e3eff1a5df newark_01 · 2026-06-02 14:34
1 20%
Loading events...
Credential Probe 1db7f4c9f2d0 newark_01 · 2026-06-02 14:32
1 20%
Loading events...
Opportunistic Bruter 30f738e16f31 newark_01 · 2026-06-02 14:29
1 50%
Loading events...
Malware Dropper fe95edb277be newark_01 · 2026-06-02 14:29
3 1 1 100%
Loading events...
Credential Probe c09731a2d207 newark_01 · 2026-06-02 14:29
1 20%
Loading events...
Opportunistic Bruter bd982a9b7e19 newark_01 · 2026-06-02 14:26
1 50%
Loading events...
Malware Dropper 7ea390294389 newark_01 · 2026-06-02 14:26
3 1 1 100%
Loading events...
Credential Probe e62d87b98a43 newark_01 · 2026-06-02 14:26
1 20%
Loading events...
Opportunistic Bruter 4aa8156c1c87 newark_01 · 2026-06-02 14:24
1 50%
Loading events...
Malware Dropper a6aaeb355f20 newark_01 · 2026-06-02 14:24
3 1 1 100%
Loading events...
Credential Probe f9377c10292d newark_01 · 2026-06-02 14:24
1 20%
Loading events...
Opportunistic Bruter b7aa33e65e0c newark_01 · 2026-06-02 14:21
1 50%
Loading events...
Malware Dropper 285e58ff5534 newark_01 · 2026-06-02 14:21
3 1 1 100%
Loading events...
Credential Probe 5b2720c52871 newark_01 · 2026-06-02 14:21
1 20%
Loading events...
Credential Probe 4262cf27b187 newark_01 · 2026-06-02 14:19
1 20%
Loading events...
Opportunistic Bruter 2986e85d09ed newark_01 · 2026-06-02 14:17
1 50%
Loading events...
Malware Dropper 3549de82417e newark_01 · 2026-06-02 14:17
3 1 1 100%
Loading events...
Credential Probe 4bd2c84a1c51 newark_01 · 2026-06-02 14:17
1 20%
Loading events...
Opportunistic Bruter f851a7184289 newark_01 · 2026-06-02 14:14
1 50%
Loading events...
Malware Dropper 5902688a6e27 newark_01 · 2026-06-02 14:14
3 1 1 100%
Loading events...
Credential Probe 3d17c1b9ad70 newark_01 · 2026-06-02 14:14
1 20%
Loading events...
Credential Probe b8a23994924e newark_01 · 2026-06-02 14:12
1 20%
Loading events...
Credential Probe 74fced9439d3 newark_01 · 2026-06-02 14:09
1 20%
Loading events...
Opportunistic Bruter 2b59719d2725 newark_01 · 2026-06-02 14:07
1 50%
Loading events...
Malware Dropper 47cbcce33cd4 newark_01 · 2026-06-02 14:07
3 1 1 100%
Loading events...
Credential Probe be1f9e9ea36f newark_01 · 2026-06-02 14:07
1 20%
Loading events...
Opportunistic Bruter 4d4ae8b33625 newark_01 · 2026-06-02 14:05
1 50%
Loading events...
Malware Dropper 0a36a4c6faad newark_01 · 2026-06-02 14:05
3 1 1 100%
Loading events...
Credential Probe 9e25fccf767e newark_01 · 2026-06-02 14:05
1 20%
Loading events...
Opportunistic Bruter f1b51092c04b newark_01 · 2026-06-02 14:02
1 50%
Loading events...
Malware Dropper ee47b53901e8 newark_01 · 2026-06-02 14:02
3 1 1 100%
Loading events...
Credential Probe fe811050bffd newark_01 · 2026-06-02 14:02
1 20%
Loading events...
Credential Probe a37a75480fd2 newark_01 · 2026-06-02 14:00
1 20%
Loading events...
Credential Probe 5b10663e7fd4 newark_01 · 2026-06-02 13:58
1 20%
Loading events...
Credential Probe 6b55def15926 newark_01 · 2026-06-02 13:56
1 20%
Loading events...