← Back to feed

45.78.208.179

TAGGED SUSPICIOUS how we decide →

Threat Confidence

58%

Location

🇸🇬 SG / Singapore

ASN

AS150436 · Byteplus Pte. Ltd.

Cloud Provider

—

Total Events

227

Above average by volume

Agent Count

First / Last Seen

2026-04-27 11:48 — 2026-05-02 11:44

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595.002

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Command and Control

T1105

External Corroboration

Blocklist.de

Reported 2026-05-02 12:01

blocklist_de:reported

Campaigns

HASSH af8223ac9914… — SSH-2.0-libssh_0.12.0 (650 IPs, 78 countries) HASSH Active high 🇭🇰 HK

650 IPs 245528 events

ssh:bruteforce

2026-02-28 — ongoing · 650 IPs are running an identical SSH client (HASSH fingerprint af8223ac9914…). Top network: UCLOUD INFORMATION TECHNOLOGY HK LIMITED …

AS150436 Byteplus Pte. Ltd. ASN Active medium 🇮🇩 ID

11 IPs 2547 events

ssh:bruteforce

2026-02-18 — ongoing · 11 IPs from the same network (Byteplus Pte. Ltd., AS150436) were active during overlapping time periods. Temporal correlation …

Session Forensics

malware_dropper ×4 credential_probe ×31 opportunistic_bruter ×4

Sessions

39 (8 with login)

Avg Depth Score

0.31

Commands Executed

Files Downloaded

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Fingerprints

HASSH

af8223ac9914f509afdadfaf5f7ee94e

SSH Client

SSH-2.0-libssh_0.12.0

Evidence Timeline

Malware Dropper aeaf2fc2c6dd w4m_singapore_01 · 2026-05-02 11:44

3 1 1 100%

Loading events...

Opportunistic Bruter cf2220c4c783 w4m_singapore_01 · 2026-05-02 11:44

1 50%

Loading events...

Credential Probe 4c9be53e7347 w4m_singapore_01 · 2026-05-02 11:44

1 20%

Loading events...

Credential Probe d287e7097806 w4m_singapore_01 · 2026-05-02 11:42

1 20%

Loading events...

Credential Probe c4b107137b80 w4m_singapore_01 · 2026-05-02 11:41

1 20%

Loading events...

Credential Probe 73c020035432 w4m_singapore_01 · 2026-05-02 11:40

1 20%

Loading events...

Credential Probe d697873119e1 w4m_singapore_01 · 2026-05-02 11:39

1 20%

Loading events...

Credential Probe f2da90a55bd4 w4m_singapore_01 · 2026-05-02 11:38

1 20%

Loading events...

Credential Probe bbe277202286 w4m_singapore_01 · 2026-05-02 11:37

1 20%

Loading events...

Credential Probe 517f82962101 w4m_singapore_01 · 2026-05-02 11:36

1 20%

Loading events...

Opportunistic Bruter 646db4d4b82b w4m_singapore_01 · 2026-05-02 11:35

1 50%

Loading events...

Malware Dropper 54708c363fe0 w4m_singapore_01 · 2026-05-02 11:35

3 1 1 100%

Loading events...

Credential Probe d4baf4548f9b w4m_singapore_01 · 2026-05-02 11:35

1 20%

Loading events...

Credential Probe b97183f6b97f w4m_singapore_01 · 2026-05-02 11:34

1 20%

Loading events...

Credential Probe f50398fb6f1a w4m_singapore_01 · 2026-05-02 11:33

1 20%

Loading events...

Credential Probe 50024b2130b2 w4m_singapore_01 · 2026-05-02 11:32

1 20%

Loading events...

Credential Probe cef07182b8e8 w4m_singapore_01 · 2026-05-02 11:31

1 20%

Loading events...

Credential Probe 5d4918bd1124 w4m_singapore_01 · 2026-05-02 11:30

1 20%

Loading events...

Credential Probe bccce5c53057 w4m_singapore_01 · 2026-05-02 11:29

1 20%

Loading events...

Credential Probe ab2b5c65a71d w4m_singapore_01 · 2026-05-02 11:28

1 20%

Loading events...

Credential Probe 41d8eaca212f w4m_singapore_01 · 2026-05-02 11:27

1 20%

Loading events...

Credential Probe 2b60f84e1f36 w4m_singapore_01 · 2026-05-02 11:26

1 20%

Loading events...

Credential Probe 64605557d128 w4m_singapore_01 · 2026-05-02 11:25

1 20%

Loading events...

Credential Probe c1b28531ed33 w4m_singapore_01 · 2026-05-02 11:24

1 20%

Loading events...

Credential Probe fad38d6afaa2 w4m_singapore_01 · 2026-05-02 11:23

1 20%

Loading events...

Credential Probe b73359d9f2b8 w4m_singapore_01 · 2026-05-02 11:22

1 20%

Loading events...

Credential Probe cabea9664c27 w4m_singapore_01 · 2026-05-02 11:21

1 20%

Loading events...

Credential Probe 1a7fbcfa0045 w4m_singapore_01 · 2026-05-02 11:20

1 20%

Loading events...

Malware Dropper 282b47ff040a w4m_singapore_01 · 2026-05-02 11:18

3 1 1 100%

Loading events...

Opportunistic Bruter dd0dcbd90d0b w4m_singapore_01 · 2026-05-02 11:18

1 50%

Loading events...

Credential Probe 703916e06189 w4m_singapore_01 · 2026-05-02 11:18

1 20%

Loading events...

Credential Probe 74623a0d20fc w4m_singapore_01 · 2026-05-02 11:17

1 20%

Loading events...

Credential Probe f2a72fe92bc9 w4m_singapore_01 · 2026-05-02 11:16

1 20%

Loading events...

Credential Probe 9547a60ab74d w4m_singapore_01 · 2026-05-02 11:15

1 20%

Loading events...

Credential Probe d46fe4172c4f w4m_singapore_01 · 2026-05-02 11:14

1 20%

Loading events...

Credential Probe c066d49dfb59 w4m_singapore_01 · 2026-05-02 10:35

1 20%

Loading events...

Opportunistic Bruter 2616cb9322bb w4m_singapore_01 · 2026-04-27 11:48

1 50%

Loading events...

Malware Dropper 7872c696a05c w4m_singapore_01 · 2026-04-27 11:48

3 1 1 100%

Loading events...

Credential Probe 23b27870ec3f w4m_singapore_01 · 2026-04-27 11:48

1 20%

Loading events...