IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
34 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Azure. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Azure
Member Count
34 IPs
Below average
Total Events
6290
Below average by volume
Started / Ended
2026-03-08 01:03 — ongoing
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1078 T1190
Credential Access
T1110 T1110.001
Discovery
T1016 T1046 T1082
Command and Control
T1105
Exfiltration
T1048
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
130.12.180.51 data_exfiltrator 79% DROP 3424 3 ssh:bruteforce 2026-05-11 22:02 evidence →
1.222.42.237 credential_harvester 79% 1x OSINT 841 3 ssh:bruteforce 2026-05-09 02:02 evidence →
103.210.21.178 credential_harvester 71% 1x OSINT 983 3 ssh:bruteforce 2026-04-29 03:31 evidence →
103.98.176.164 credential_harvester 71% 1x OSINT 878 3 ssh:bruteforce 2026-05-04 15:34 evidence →
14.103.115.124 scanner 66% 1x OSINT 270 2 ssh:bruteforce 2026-05-11 04:52 evidence →
14.225.3.79 credential_harvester 65% 1x OSINT 1403 2 ssh:bruteforce 2026-05-09 16:21 evidence →
103.144.28.85 credential_harvester 64% 1x OSINT 1394 2 ssh:bruteforce 2026-05-08 23:41 evidence →
152.32.238.146 credential_harvester 63% 1x OSINT 1381 2 ssh:bruteforce 2026-05-08 12:40 evidence →
117.6.44.221 credential_harvester 61% 1x OSINT 1024 2 ssh:bruteforce 2026-05-07 08:01 evidence →
131.161.249.165 credential_harvester 55% 1x OSINT 564 2 ssh:bruteforce 2026-04-27 17:19 evidence →
106.75.222.164 credential_harvester 54% 1x OSINT 342 2 ssh:bruteforce 2026-04-30 20:08 evidence →
103.187.147.165 credential_harvester 54% 1x OSINT 284 2 ssh:bruteforce 2026-03-25 15:37 evidence →
14.103.111.127 scanner 53% 1x OSINT 151 2 ssh:bruteforce 2026-04-28 17:52 evidence →
117.50.73.90 scanner 52% 1x OSINT 77 2 ssh:bruteforce 2026-04-25 18:48 evidence →
103.203.57.2 scanner 52% 301 3 ssh:bruteforce scan-57-2.security.ipip.net 2026-05-09 13:14 evidence →
128.1.131.163 credential_harvester 52% 1247 2 ssh:bruteforce 2026-04-26 05:03 evidence →
118.219.239.123 credential_harvester 51% 738 2 ssh:bruteforce 2026-04-22 12:48 evidence →
118.26.39.178 credential_harvester 50% 510 2 ssh:bruteforce 2026-03-24 17:02 evidence →
101.36.117.187 credential_harvester 50% 338 2 ssh:bruteforce 2026-03-18 09:34 evidence →
103.200.25.162 credential_harvester 49% 298 2 ssh:bruteforce 2026-03-18 09:01 evidence →
103.67.78.132 credential_harvester 49% 288 2 ssh:bruteforce ip103-67-78-132.cloudhost.web.id 2026-03-18 02:45 evidence →
125.16.27.190 credential_harvester 49% 288 2 ssh:bruteforce 2026-04-16 04:37 evidence →
103.203.57.11 scanner 49% 68 3 ssh:bruteforce scan-57-11.security.ipip.net 2026-05-09 10:44 evidence →
103.63.25.153 credential_harvester 49% 228 2 ssh:bruteforce 2026-04-21 21:12 evidence →
98.71.8.129 credential_harvester 49% 188 2 ssh:bruteforce 2026-04-12 16:42 evidence →
134.209.110.133 credential_harvester 49% 187 2 ssh:bruteforce 2026-03-17 16:22 evidence →
103.189.234.82 credential_harvester 49% 179 2 ssh:bruteforce 2026-03-18 07:38 evidence →
103.56.30.33 credential_harvester 48% 119 2 ssh:bruteforce 2026-04-01 11:23 evidence →
14.103.113.212 scanner 47% 1x OSINT 73 2 ssh:bruteforce 2026-05-07 23:04 evidence →
115.190.20.70 data_exfiltrator 42% 18 2 ssh:bruteforce 2026-03-17 20:26 evidence →
100.27.226.38 scanner 28% 1x OSINT 12 2 ssh:bruteforce 2026-03-22 12:23 evidence →
14.103.139.5 scanner 24% 16 2 ssh:bruteforce 2026-03-18 20:21 evidence →
129.226.174.80 web_probe 23% 3 2 http:scan 2026-04-18 16:50 evidence →
143.244.143.33 scanner 21% 4 2 ssh:bruteforce 2026-03-18 11:35 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds