← Back to feed

HASSH 03a80b21afa8… — SSH-2.0-libssh_0.11.1 (57 IPs, 15 countries)

HASSH Active high
Why this campaign was detected
57 IPs are running an identical SSH client (HASSH fingerprint 03a80b21afa8…). Top network: Chinanet (AS4134). Geographic and ASN spread across distinct /16 subnets indicates a single operator running shared tooling on rented infrastructure — exactly the disguise that subnet/ASN clustering misses.
Primary ASN
AS4134 · Chinanet
Subnet
Country
🇨🇳 CN
Cloud Provider
DO
Member Count
57 IPs
Average
Total Events
32051
Average by volume
Started / Ended
2026-02-27 19:55 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
182.93.50.90 credential_harvester 80% 1x OSINT 4907 3 ssh:bruteforce 2026-07-15 21:41 evidence →
182.93.7.194 credential_harvester 79% 1x OSINT 6061 3 ssh:bruteforce n18293z7l194.static.ctmip.net 2026-07-15 13:28 evidence →
70.54.182.130 credential_harvester 77% 1x OSINT 1373 3 ssh:bruteforce ipagstaticip-0e05dd42-0a3b-c881-e51c-fdd5f9e43762.sdsl.bell.ca 2026-07-14 09:30 evidence →
118.145.144.95 scanner 73% 401 3 ssh:bruteforce 2026-07-15 13:39 evidence →
186.22.19.183 credential_harvester 72% 1x OSINT 107 3 ssh:bruteforce 2026-07-13 19:09 evidence →
88.147.30.59 credential_harvester 71% 1x OSINT 1730 3 ssh:bruteforce 88-147-30-59.static.eolo.it 2026-07-08 03:48 evidence →
120.48.175.122 credential_harvester 71% 1x OSINT 296 3 ssh:bruteforce 2026-07-12 00:03 evidence →
14.103.127.204 scanner 69% 160 3 ssh:bruteforce 2026-07-14 08:19 evidence →
187.212.1.182 credential_harvester 69% 1x OSINT 710 2 ssh:bruteforce 2026-07-18 03:25 evidence →
14.103.114.231 scanner 66% 1x OSINT 169 2 ssh:bruteforce 2026-07-18 03:32 evidence →
14.29.181.34 scanner 65% 348 3 ssh:bruteforce 2026-07-08 02:44 evidence →
115.190.64.245 credential_harvester 63% 1x OSINT 497 2 ssh:bruteforce 2026-07-15 12:23 evidence →
121.227.152.250 credential_harvester 63% 1x OSINT 339 2 ssh:bruteforce 2026-07-15 20:22 evidence →
36.64.131.68 credential_harvester 63% 1x OSINT 1165 2 ssh:bruteforce 2026-07-14 17:03 evidence →
183.232.212.207 scanner 61% 1x OSINT 124 2 ssh:bruteforce 2026-07-15 16:01 evidence →
14.116.189.74 scanner 61% 1x OSINT 452 2 ssh:bruteforce 2026-07-14 04:17 evidence →
180.76.170.111 scanner 60% 1x OSINT 123 2 ssh:bruteforce 2026-07-15 05:36 evidence →
121.227.152.171 scanner 60% 1x OSINT 198 2 ssh:bruteforce 2026-07-14 17:49 evidence →
106.12.29.184 scanner 60% 1x OSINT 204 2 ssh:bruteforce 2026-07-14 09:44 evidence →
115.190.172.63 scanner 59% 1x OSINT 107 2 ssh:bruteforce 2026-07-14 22:58 evidence →
124.45.39.194 credential_harvester 59% 1x OSINT 439 1 ssh:bruteforce 2026-07-17 20:58 evidence →
79.125.162.32 credential_harvester 58% 1302 2 ssh:bruteforce 2026-07-14 11:10 evidence →
106.37.72.234 credential_harvester 57% 1x OSINT 903 2 ssh:bruteforce 2026-07-11 17:49 evidence →
101.126.14.37 scanner 57% 1x OSINT 182 2 ssh:bruteforce 2026-07-13 04:56 evidence →
190.244.39.224 credential_harvester 56% 1x OSINT 2277 2 ssh:bruteforce 2026-07-07 20:54 evidence →
180.167.207.234 credential_harvester 56% 1x OSINT 514 2 ssh:bruteforce 2026-07-11 15:45 evidence →
106.243.155.71 credential_harvester 56% 1x OSINT 681 2 ssh:bruteforce 2026-06-12 13:44 evidence →
117.62.22.127 scanner 56% 1x OSINT 311 2 ssh:bruteforce 2026-07-11 19:42 evidence →
61.155.106.101 credential_harvester 55% 1x OSINT 534 2 ssh:bruteforce 2026-07-09 14:24 evidence →
113.141.171.139 scanner 55% 1x OSINT 147 2 ssh:bruteforce 2026-07-12 08:05 evidence →
58.221.60.25 scanner 55% 1x OSINT 139 2 ssh:bruteforce 2026-07-12 08:31 evidence →
221.229.218.50 scanner 55% 264 2 ssh:bruteforce 2026-07-14 05:50 evidence →
219.150.93.157 scanner 55% 1x OSINT 416 2 ssh:bruteforce 2026-07-01 09:09 evidence →
138.84.53.67 credential_harvester 54% 1x OSINT 502 1 ssh:bruteforce 2026-07-15 13:05 evidence →
111.32.153.180 scanner 54% 1x OSINT 289 2 ssh:bruteforce 2026-06-25 06:43 evidence →
122.13.25.186 credential_harvester 54% 1x OSINT 259 2 ssh:bruteforce 2026-07-05 02:05 evidence →
154.124.239.186 credential_harvester 54% 1x OSINT 29 1 ssh:bruteforce 2026-07-18 00:38 evidence →
182.42.93.139 scanner 53% 184 2 ssh:bruteforce 2026-07-13 16:54 evidence →
183.250.89.44 scanner 53% 1x OSINT 139 2 ssh:bruteforce 2026-07-08 07:39 evidence →
211.95.159.159 scanner 53% 1x OSINT 121 2 ssh:bruteforce 2026-06-12 23:15 evidence →
49.64.169.153 credential_harvester 52% 933 2 ssh:bruteforce 2026-07-11 17:18 evidence →
118.145.238.60 scanner 51% 1x OSINT 50 2 ssh:bruteforce 2026-06-11 03:52 evidence →
149.78.8.0 credential_harvester 49% 1x OSINT 23 1 ssh:bruteforce 2026-07-15 16:53 evidence →
27.128.171.39 scanner 48% 167 2 ssh:bruteforce 2026-07-03 11:30 evidence →
121.229.25.10 scanner 47% 97 2 ssh:bruteforce 2026-06-08 07:14 evidence →
115.190.113.93 scanner 46% 19 2 ssh:bruteforce 2026-07-11 23:29 evidence →
87.156.182.84 credential_harvester 45% 492 1 ssh:bruteforce 2026-07-13 04:03 evidence →
181.23.37.218 credential_harvester 44% 682 1 ssh:bruteforce 2026-07-12 04:29 evidence →
154.124.191.173 malware_dropper 43% 18 1 ssh:bruteforce 2026-07-15 05:30 evidence →
14.103.114.89 credential_harvester 43% 1x OSINT 144 2 ssh:bruteforce 2026-06-26 05:35 evidence →
198.211.98.137 opportunistic_bruter 37% 23 1 ssh:bruteforce 2026-07-11 20:54 evidence →
120.48.39.73 scanner 36% 152 2 ssh:bruteforce 2026-07-15 02:11 evidence →
114.220.238.21 reconnaissance 32% 13 1 ssh:bruteforce 2026-07-14 19:16 evidence →
101.126.54.66 scanner 32% 1x OSINT 76 1 ssh:bruteforce 2026-07-15 23:32 evidence →
171.15.52.193 scanner 29% 1x OSINT 4 1 ssh:bruteforce 2026-07-16 12:05 evidence →
115.190.179.68 scanner 22% 1x OSINT 45 1 ssh:bruteforce 2026-06-16 12:32 evidence →
154.124.85.42 credential_probe 16% 10 1 ssh:bruteforce 2026-07-13 00:06 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds