IntrusionLabs IntrusionLabs
← Back to feed

207.154.230.149

Threat Confidence
63%
Location
🇩🇪 DE / Frankfurt am Main
ASN
AS14061 · DigitalOcean, LLC
Cloud Provider
DigitalOcean
Total Events
328
Top 10% by volume
Agent Count
2
First / Last Seen
2026-04-11 09:07 — 2026-04-16 16:48
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Discovery
T1046
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
Multi-Agent Scan SCAN Active medium
30 IPs 37333 events
2026-03-28 — ongoing · 30 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
42 IPs 46778 events
2026-03-02 — ongoing · 42 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same …
Multi-Agent Scan SCAN Active medium
69 IPs 296821 events
2026-03-02 — ongoing · 69 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
41 IPs 223087 events
2026-03-02 — ongoing · 41 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
36 IPs 5101 events
2026-03-02 — ongoing · 36 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
70 IPs 148262 events
2026-02-28 — ongoing · 70 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
56 IPs 60968 events
2026-02-28 — ongoing · 56 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
44 IPs 46181 events
2026-02-28 — ongoing · 44 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
28 IPs 4285 events
2026-02-22 — ongoing · 28 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Session Forensics
scanner ×1 malware_dropper ×11 credential_probe ×25 opportunistic_bruter ×11
Sessions
48 (22 with login)
Avg Depth Score
0.45
Commands Executed
33
Files Downloaded
11
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Malware Dropper c526b997c5ee w4m_seattle_01 · 2026-04-16 16:48
3 1 1 100%
Loading events...
Opportunistic Bruter 35bcede6e19b w4m_seattle_01 · 2026-04-16 16:48
1 50%
Loading events...
Credential Probe 279fa68498da w4m_seattle_01 · 2026-04-16 16:48
1 20%
Loading events...
Credential Probe afdd981b6be9 w4m_seattle_01 · 2026-04-16 16:46
1 20%
Loading events...
Malware Dropper bcc490111dda w4m_seattle_01 · 2026-04-16 16:45
3 1 1 100%
Loading events...
Opportunistic Bruter b5fd904248a0 w4m_seattle_01 · 2026-04-16 16:45
1 50%
Loading events...
Credential Probe daf96b552f1e w4m_seattle_01 · 2026-04-16 16:45
1 20%
Loading events...
Credential Probe 03c85adcf7b4 w4m_seattle_01 · 2026-04-16 16:43
1 20%
Loading events...
Scanner d532bf84682b w4m_seattle_01 · 2026-04-16 16:42
15%
Loading events...
Malware Dropper 30e336bbfae4 w4m_seattle_01 · 2026-04-16 16:41
3 1 1 100%
Loading events...
Opportunistic Bruter eaecfafe33e1 w4m_seattle_01 · 2026-04-16 16:41
1 50%
Loading events...
Credential Probe 1cf2aa20297b w4m_seattle_01 · 2026-04-16 16:41
1 20%
Loading events...
Credential Probe 2f058027b96a w4m_seattle_01 · 2026-04-16 16:39
1 20%
Loading events...
Credential Probe 6e44c06fa3f8 w4m_seattle_01 · 2026-04-16 16:38
1 20%
Loading events...
Credential Probe afec21be3eab w4m_seattle_01 · 2026-04-16 16:36
1 20%
Loading events...
Credential Probe bb8242d86abf w4m_seattle_01 · 2026-04-16 16:35
1 20%
Loading events...
Malware Dropper 0895e921f150 w4m_seattle_01 · 2026-04-16 16:34
3 1 1 100%
Loading events...
Opportunistic Bruter ebb7a6f7ad12 w4m_seattle_01 · 2026-04-16 16:34
1 50%
Loading events...
Credential Probe e722a8ef14bb w4m_seattle_01 · 2026-04-16 16:34
1 20%
Loading events...
Credential Probe d841b57795e4 w4m_seattle_01 · 2026-04-16 16:32
1 20%
Loading events...
Opportunistic Bruter a772dfa0a975 w4m_seattle_01 · 2026-04-16 16:31
1 50%
Loading events...
Malware Dropper a1bded505925 w4m_seattle_01 · 2026-04-16 16:31
3 1 1 100%
Loading events...
Credential Probe 8fe6ea716575 w4m_seattle_01 · 2026-04-16 16:31
1 20%
Loading events...
Credential Probe 1de32a1eede8 w4m_seattle_01 · 2026-04-16 16:29
1 20%
Loading events...
Credential Probe c7c7564cf690 w4m_seattle_01 · 2026-04-16 16:28
1 20%
Loading events...
Credential Probe fb3ac6704149 w4m_seattle_01 · 2026-04-16 16:27
1 20%
Loading events...
Credential Probe 2126cfc18a22 w4m_seattle_01 · 2026-04-16 16:25
1 20%
Loading events...
Credential Probe 017101a292d6 w4m_seattle_01 · 2026-04-16 16:24
1 20%
Loading events...
Malware Dropper 32f3f7e5b8b0 w4m_seattle_01 · 2026-04-16 16:22
3 1 1 100%
Loading events...
Opportunistic Bruter 28744e12c899 w4m_seattle_01 · 2026-04-16 16:22
1 50%
Loading events...
Credential Probe d3e00f90e4f8 w4m_seattle_01 · 2026-04-16 16:22
1 20%
Loading events...
Credential Probe bf968cb4cca6 w4m_seattle_01 · 2026-04-16 16:21
1 20%
Loading events...
Malware Dropper bbf8ba4e2e8d w4m_seattle_01 · 2026-04-16 16:20
3 1 1 100%
Loading events...
Opportunistic Bruter 67bf8a4445cd w4m_seattle_01 · 2026-04-16 16:20
1 50%
Loading events...
Credential Probe 24421e28eebb w4m_seattle_01 · 2026-04-16 16:20
1 20%
Loading events...
Opportunistic Bruter 9222b67bb01d w4m_seattle_01 · 2026-04-16 16:18
1 50%
Loading events...
Malware Dropper f22def842b3f w4m_seattle_01 · 2026-04-16 16:18
3 1 1 100%
Loading events...
Credential Probe 8fefd39b9801 w4m_seattle_01 · 2026-04-16 16:18
1 20%
Loading events...
Opportunistic Bruter acc0cfeba344 w4m_seattle_01 · 2026-04-16 16:17
1 50%
Loading events...
Malware Dropper c3f243bb0acc w4m_seattle_01 · 2026-04-16 16:17
3 1 1 100%
Loading events...
Credential Probe 3b0265fb0276 w4m_seattle_01 · 2026-04-16 16:17
1 20%
Loading events...
Malware Dropper dee19f8111d2 w4m_seattle_01 · 2026-04-16 16:15
3 1 1 100%
Loading events...
Opportunistic Bruter 176abae13f5a w4m_seattle_01 · 2026-04-16 16:15
1 50%
Loading events...
Credential Probe cc2f09255249 w4m_seattle_01 · 2026-04-16 16:15
1 20%
Loading events...
Credential Probe 564267eb6c81 w4m_seattle_01 · 2026-04-16 16:11
1 20%
Loading events...
Malware Dropper 079cc59cae83 w4m_singapore_01 · 2026-04-11 09:07
3 1 1 100%
Loading events...
Opportunistic Bruter 6f76481a913c w4m_singapore_01 · 2026-04-11 09:07
1 50%
Loading events...
Credential Probe b1c5b5864b3a w4m_singapore_01 · 2026-04-11 09:07
1 20%
Loading events...