IntrusionLabs IntrusionLabs
← Back to feed

154.211.2.151

TAGGED SUSPICIOUS how we decide →
Threat Confidence
57%
Location
🇳🇱 NL / Amsterdam
ASN
AS212552 · BitCommand LLC
Cloud Provider
Total Events
114
Above average by volume
Agent Count
1
First / Last Seen
2026-05-27 06:54 — 2026-05-27 07:17
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1016 T1082
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-05-27 08:02
blocklist_de:reported
Campaigns
Multi-Agent Scan SCAN Active medium
112 IPs 255471 events
2026-03-07 — ongoing · 112 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
81 IPs 200990 events
2026-03-07 — ongoing · 81 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
20 IPs 16026 events
2026-03-07 — ongoing · 20 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
74 IPs 206997 events
2026-03-03 — ongoing · 74 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
97 IPs 87677 events
2026-03-03 — ongoing · 97 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
53 IPs 71802 events
2026-03-03 — ongoing · 53 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …
Multi-Agent Scan SCAN Active medium
5 IPs 2388 events
2026-03-03 — ongoing · 5 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
74 IPs 206794 events
2026-03-03 — ongoing · 74 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (1173 IPs, 96 countries) HASSH Active high 🇺🇸 US
1173 IPs 444766 events
ssh:bruteforce
2026-02-25 — ongoing · 1173 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …
Session Forensics
reconnaissance ×1 malware_dropper ×3 credential_probe ×13 opportunistic_bruter ×4
Sessions
21 (8 with login)
Avg Depth Score
0.39
Commands Executed
11
Files Downloaded
3
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
f555226df1963d1d3c09daf865abdc9a
SSH Client
SSH-2.0-libssh_0.9.6
Evidence Timeline
Credential Probe 246cabbf1d06 newark_01 · 2026-05-27 07:17
1 20%
Loading events...
Credential Probe 392350450155 newark_01 · 2026-05-27 07:15
1 20%
Loading events...
Opportunistic Bruter e9173f989db5 newark_01 · 2026-05-27 07:14
1 50%
Loading events...
Malware Dropper 1048551177d7 newark_01 · 2026-05-27 07:14
3 1 1 100%
Loading events...
Credential Probe afd08b0a7af9 newark_01 · 2026-05-27 07:14
1 20%
Loading events...
Credential Probe d444a10437d0 newark_01 · 2026-05-27 07:13
1 20%
Loading events...
Opportunistic Bruter 3a61564c8a21 newark_01 · 2026-05-27 07:11
1 50%
Loading events...
Credential Probe 71342406e2d4 newark_01 · 2026-05-27 07:11
1 20%
Loading events...
Reconnaissance 4622c94c7c93 newark_01 · 2026-05-27 07:11
2 1 60%
Loading events...
Credential Probe df4824704770 newark_01 · 2026-05-27 07:10
1 20%
Loading events...
Credential Probe aafd0fd46d6b newark_01 · 2026-05-27 07:09
1 20%
Loading events...
Opportunistic Bruter f89c7593e5f1 newark_01 · 2026-05-27 07:07
1 50%
Loading events...
Malware Dropper 6c69c6bf14d4 newark_01 · 2026-05-27 07:07
3 1 1 100%
Loading events...
Credential Probe af7cb3c21880 newark_01 · 2026-05-27 07:07
1 20%
Loading events...
Credential Probe 7ad3a13549ef newark_01 · 2026-05-27 07:06
1 20%
Loading events...
Credential Probe cf44688e9a45 newark_01 · 2026-05-27 07:05
1 20%
Loading events...
Credential Probe 169bc3775b0c newark_01 · 2026-05-27 07:03
1 20%
Loading events...
Credential Probe a5663fd8c381 newark_01 · 2026-05-27 06:54
1 20%
Loading events...
Opportunistic Bruter f5f2b6267242 w4m_seattle_01 · 2026-05-26 18:43
1 50%
Loading events...
Malware Dropper 998721d4fcef w4m_seattle_01 · 2026-05-26 18:43
3 1 1 100%
Loading events...
Credential Probe 64e6fe5463c2 w4m_seattle_01 · 2026-05-26 18:43
1 20%
Loading events...