IntrusionLabs IntrusionLabs
← Back to feed

134.122.81.68

TAGGED SUSPICIOUS how we decide →
Threat Confidence
67%
Location
🇩🇪 DE / Frankfurt am Main
ASN
AS14061 · DigitalOcean, LLC
Cloud Provider
DigitalOcean
Total Events
224
Above average by volume
Agent Count
2
First / Last Seen
2026-05-25 07:32 — 2026-05-25 08:27
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-05-25 09:01
blocklist_de:reported
Campaigns
Multi-Agent Scan SCAN Active medium
103 IPs 229544 events
2026-03-04 — ongoing · 103 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on DO. Scanning the same …
Multi-Agent Scan SCAN Active medium
10 IPs 5687 events
2026-03-03 — ongoing · 10 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
77 IPs 88881 events
2026-03-01 — ongoing · 77 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on AWS. Scanning the same …
HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (1348 IPs, 97 countries) HASSH Active high 🇺🇸 US
1348 IPs 459959 events
ssh:bruteforce
2026-02-25 — ongoing · 1348 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: Tencent Building, Kejizhongyi Avenue (AS132203). …
Session Forensics
malware_dropper ×8 credential_probe ×16 opportunistic_bruter ×8
Sessions
32 (16 with login)
Avg Depth Score
0.47
Commands Executed
24
Files Downloaded
8
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
f555226df1963d1d3c09daf865abdc9a
SSH Client
SSH-2.0-libssh_0.9.6
Evidence Timeline
Opportunistic Bruter 43a468c8cdee w4m_seattle_01 · 2026-05-25 08:27
1 50%
Loading events...
Malware Dropper fbbb5c53d080 w4m_seattle_01 · 2026-05-25 08:26
3 1 1 100%
Loading events...
Credential Probe 48056a4b9349 w4m_seattle_01 · 2026-05-25 08:26
1 20%
Loading events...
Malware Dropper 17b51225d4cc w4m_singapore_01 · 2026-05-25 08:18
3 1 1 100%
Loading events...
Opportunistic Bruter d6f033b5af71 w4m_singapore_01 · 2026-05-25 08:18
1 50%
Loading events...
Credential Probe 9cc0181b671a w4m_singapore_01 · 2026-05-25 08:18
1 20%
Loading events...
Credential Probe 4058434351d5 w4m_singapore_01 · 2026-05-25 08:15
1 20%
Loading events...
Credential Probe 2d9ab2a45f3a w4m_singapore_01 · 2026-05-25 08:12
1 20%
Loading events...
Malware Dropper 60ff626596a7 w4m_singapore_01 · 2026-05-25 08:09
3 1 1 100%
Loading events...
Opportunistic Bruter c6725fe3115d w4m_singapore_01 · 2026-05-25 08:09
1 50%
Loading events...
Credential Probe 30f4d0d92ff2 w4m_singapore_01 · 2026-05-25 08:09
1 20%
Loading events...
Malware Dropper 220ab5b5e1eb w4m_singapore_01 · 2026-05-25 08:06
3 1 1 100%
Loading events...
Opportunistic Bruter 45d080021f13 w4m_singapore_01 · 2026-05-25 08:06
1 50%
Loading events...
Credential Probe a71bd706c7d7 w4m_singapore_01 · 2026-05-25 08:06
1 20%
Loading events...
Credential Probe 65920eeb50c5 w4m_singapore_01 · 2026-05-25 08:03
1 20%
Loading events...
Malware Dropper 892c55a40d92 w4m_singapore_01 · 2026-05-25 07:59
3 1 1 100%
Loading events...
Opportunistic Bruter 8e25c4a8f514 w4m_singapore_01 · 2026-05-25 08:00
1 50%
Loading events...
Credential Probe fc0016597af4 w4m_singapore_01 · 2026-05-25 08:00
1 20%
Loading events...
Credential Probe 7cdbafc3fa9b w4m_singapore_01 · 2026-05-25 07:56
1 20%
Loading events...
Credential Probe d897298c6d77 w4m_singapore_01 · 2026-05-25 07:53
1 20%
Loading events...
Credential Probe 1093d32f7442 w4m_singapore_01 · 2026-05-25 07:50
1 20%
Loading events...
Opportunistic Bruter 4442b9a1dcc0 w4m_singapore_01 · 2026-05-25 07:47
1 50%
Loading events...
Malware Dropper 717bb7156936 w4m_singapore_01 · 2026-05-25 07:47
3 1 1 100%
Loading events...
Credential Probe 9bccc537bd93 w4m_singapore_01 · 2026-05-25 07:47
1 20%
Loading events...
Credential Probe 3e6854ddecd7 w4m_singapore_01 · 2026-05-25 07:44
1 20%
Loading events...
Malware Dropper 079341ac69fa w4m_singapore_01 · 2026-05-25 07:41
3 1 1 100%
Loading events...
Opportunistic Bruter 221e5959bfee w4m_singapore_01 · 2026-05-25 07:41
1 50%
Loading events...
Credential Probe c787b81d7746 w4m_singapore_01 · 2026-05-25 07:41
1 20%
Loading events...
Opportunistic Bruter ddf49e22f0cb w4m_singapore_01 · 2026-05-25 07:38
1 50%
Loading events...
Malware Dropper 0ee9775e67f5 w4m_singapore_01 · 2026-05-25 07:38
3 1 1 100%
Loading events...
Credential Probe 45a8fee2da38 w4m_singapore_01 · 2026-05-25 07:38
1 20%
Loading events...
Credential Probe 550e729cc5eb w4m_singapore_01 · 2026-05-25 07:32
1 20%
Loading events...