IntrusionLabs IntrusionLabs
← Back to feed

HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (66 IPs, 32 countries)

HASSH Active high
Why this campaign was detected
66 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED (AS135377). Geographic and ASN spread across distinct /16 subnets indicates a single operator running shared tooling on rented infrastructure — exactly the disguise that subnet/ASN clustering misses.
Primary ASN
AS135377 · UCLOUD INFORMATION TECHNOLOGY HK LIMITED
Subnet
HASSH Fingerprint
f555226df1963d1d3c09daf865abdc9a
Country
🇭🇰 HK
Cloud Provider
Azure
Member Count
66 IPs
Below average
Total Events
31123
Average by volume
Started / Ended
2026-02-25 19:07 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078
Credential Access
T1110 T1110.001
Discovery
T1016 T1046 T1082
Command and Control
T1090 T1105 T1572
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
175.118.127.138 credential_harvester 84% 1x OSINT 1244 3 ssh:bruteforce 2026-05-13 14:49 evidence →
209.97.161.72 credential_harvester 84% 1x OSINT 1221 3 ssh:bruteforce 2026-05-13 12:30 evidence →
20.203.42.204 credential_harvester 84% 1x OSINT 4094 3 ssh:bruteforce 2026-05-13 12:02 evidence →
83.235.16.111 credential_harvester 84% 1x OSINT 1029 3 ssh:bruteforce goevthes.static.otenet.gr 2026-05-13 11:32 evidence →
161.49.89.39 credential_harvester 84% 1x OSINT 1384 3 ssh:bruteforce 2026-05-13 10:48 evidence →
118.193.33.228 credential_harvester 84% 1x OSINT 1048 3 ssh:bruteforce 2026-05-13 09:35 evidence →
51.195.138.37 credential_harvester 83% 1x OSINT 633 3 ssh:bruteforce 2026-05-13 13:09 evidence →
196.196.253.20 credential_harvester 83% 1x OSINT 572 3 ssh:bruteforce 2026-05-13 11:25 evidence →
152.32.171.251 credential_harvester 83% 1x OSINT 542 3 ssh:bruteforce 2026-05-13 11:53 evidence →
195.178.191.5 credential_harvester 83% 1x OSINT 501 3 ssh:bruteforce h-195-178-191-5.NA.cust.bahnhof.se 2026-05-13 10:26 evidence →
197.44.15.210 credential_harvester 83% 1x OSINT 484 3 ssh:bruteforce 2026-05-13 11:08 evidence →
109.175.27.51 credential_harvester 83% 1x OSINT 372 3 ssh:bruteforce 2026-05-13 15:54 evidence →
45.61.52.18 credential_harvester 83% 1x OSINT 435 3 ssh:bruteforce 2026-05-13 12:02 evidence →
136.248.247.188 credential_harvester 83% 1x OSINT 481 3 ssh:bruteforce 2026-05-13 09:34 evidence →
170.79.37.82 credential_harvester 82% 1x OSINT 381 3 ssh:bruteforce 2026-05-13 09:51 evidence →
46.253.45.10 credential_harvester 82% 1x OSINT 361 3 ssh:bruteforce 46-253-45-10.anxanet.com 2026-05-13 08:41 evidence →
101.36.109.176 credential_harvester 81% 1x OSINT 183 3 ssh:bruteforce 2026-05-13 14:20 evidence →
50.84.211.204 credential_harvester 81% 1x OSINT 142 3 ssh:bruteforce 2026-05-13 10:53 evidence →
119.18.55.118 credential_harvester 72% 2x OSINT 578 2 ssh:bruteforce 2026-05-13 10:22 evidence →
196.188.93.169 credential_harvester 71% 2x OSINT 458 2 ssh:bruteforce 2026-05-13 09:32 evidence →
58.229.141.26 credential_harvester 69% 1x OSINT 1409 2 ssh:bruteforce 2026-05-13 14:33 evidence →
152.32.130.174 credential_harvester 69% 1x OSINT 1011 2 ssh:bruteforce 2026-05-13 12:45 evidence →
45.137.172.116 credential_harvester 69% 1x OSINT 868 2 ssh:bruteforce 2026-05-13 14:46 evidence →
23.249.28.115 credential_harvester 69% 1x OSINT 909 2 ssh:bruteforce 2026-05-13 12:43 evidence →
43.160.200.19 credential_harvester 69% 1x OSINT 743 2 ssh:bruteforce 2026-05-13 14:45 evidence →
92.27.101.99 credential_harvester 69% 1x OSINT 679 2 ssh:bruteforce host-92-27-101-99.static.as13285.net 2026-05-13 14:48 evidence →
165.154.23.10 credential_harvester 68% 1x OSINT 682 2 ssh:bruteforce 2026-05-13 08:59 evidence →
203.121.40.210 credential_harvester 68% 1x OSINT 514 2 ssh:bruteforce 2026-05-13 11:09 evidence →
20.193.141.133 credential_harvester 68% 1x OSINT 484 2 ssh:bruteforce 2026-05-13 10:49 evidence →
165.154.22.228 credential_harvester 67% 1x OSINT 374 2 ssh:bruteforce 2026-05-13 12:30 evidence →
136.228.161.66 credential_harvester 67% 1x OSINT 411 2 ssh:bruteforce 2026-05-13 09:01 evidence →
118.194.234.8 credential_harvester 67% 1x OSINT 346 2 ssh:bruteforce 2026-05-13 12:42 evidence →
103.241.43.193 credential_harvester 66% 1x OSINT 227 2 ssh:bruteforce 2026-05-13 08:59 evidence →
103.180.212.135 credential_harvester 66% 1x OSINT 191 2 ssh:bruteforce 2026-05-13 12:18 evidence →
201.217.12.57 credential_harvester 66% 1x OSINT 155 2 ssh:bruteforce 2026-05-13 09:00 evidence →
144.48.243.18 opportunistic_bruter 64% DROP1x OSINT 46 2 ssh:bruteforce 2026-05-13 11:32 evidence →
14.225.3.79 credential_harvester 64% 1x OSINT 1624 2 ssh:bruteforce 2026-05-10 14:41 evidence →
51.178.43.161 opportunistic_bruter 64% 1x OSINT 46 2 ssh:bruteforce prod1.masterit.fr 2026-05-13 11:11 evidence →
207.249.96.38 credential_harvester 59% 1x OSINT 546 2 ssh:bruteforce 2026-05-08 17:00 evidence →
61.66.228.102 credential_harvester 58% 1x OSINT 280 1 ssh:bruteforce 2026-05-13 14:21 evidence →
102.218.89.110 credential_harvester 58% 1x OSINT 351 1 ssh:bruteforce 2026-05-13 09:00 evidence →
20.83.161.200 credential_harvester 58% 1x OSINT 316 1 ssh:bruteforce 2026-05-13 11:12 evidence →
154.19.37.146 credential_harvester 58% 1x OSINT 315 1 ssh:bruteforce 2026-05-13 10:30 evidence →
103.25.47.94 credential_harvester 56% 1x OSINT 1159 2 ssh:bruteforce rainbowisp.in 2026-05-03 08:07 evidence →
221.229.220.180 scanner 55% 1x OSINT 155 2 ssh:bruteforce 2026-05-07 19:21 evidence →
165.154.205.91 opportunistic_bruter 55% DROP1x OSINT 46 1 ssh:bruteforce 2026-05-13 13:54 evidence →
156.232.13.218 opportunistic_bruter 55% 1x OSINT 46 1 ssh:bruteforce 2026-05-13 12:41 evidence →
23.24.193.165 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 14:47 evidence →
103.129.221.202 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 14:04 evidence →
122.169.192.225 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 12:41 evidence →
161.132.125.161 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 12:23 evidence →
77.239.111.233 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 12:09 evidence →
165.154.6.126 malware_dropper 54% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 11:52 evidence →
108.181.243.99 opportunistic_bruter 53% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 11:34 evidence →
44.32.81.28 malware_dropper 53% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 11:12 evidence →
2.228.163.157 opportunistic_bruter 53% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 10:51 evidence →
43.156.172.110 opportunistic_bruter 53% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 10:46 evidence →
61.219.156.91 opportunistic_bruter 53% 1x OSINT 23 1 ssh:bruteforce lmresort.com.tw 2026-05-13 09:30 evidence →
143.110.229.77 malware_dropper 53% 1x OSINT 23 1 ssh:bruteforce 2026-05-13 09:10 evidence →
196.189.124.195 credential_harvester 53% 468 2 ssh:bruteforce 2026-05-08 06:57 evidence →
36.138.134.121 scanner 53% 56 2 ssh:bruteforce 2026-05-10 01:53 evidence →
94.154.34.232 opportunistic_bruter 49% 23 1 ssh:bruteforce 2026-05-13 14:50 evidence →
217.160.226.51 opportunistic_bruter 49% 23 1 ssh:bruteforce 2026-05-13 14:04 evidence →
117.50.51.198 scanner 46% 1x OSINT 182 1 ssh:bruteforce 2026-05-07 12:23 evidence →
119.96.158.238 scanner 40% 57 1 ssh:bruteforce 2026-05-13 12:41 evidence →
82.156.38.59 scanner 30% 1x OSINT 4 1 ssh:bruteforce 2026-05-13 12:04 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds