IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
40 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
40 IPs
Below average
Total Events
11546
Below average by volume
Started / Ended
2026-02-25 09:58 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
118.193.33.3 credential_harvester 57% 779 2 ssh:bruteforce 2026-04-09 00:07 evidence →
180.213.44.242 scanner 55% 49 2 ssh:bruteforce 2026-04-10 23:15 evidence →
104.244.74.84 credential_harvester 55% 401 2 ssh:bruteforce 2026-04-08 15:26 evidence →
89.190.156.34 credential_harvester 55% 23 2 ssh:bruteforce 2026-04-12 12:53 evidence →
2.57.122.210 credential_harvester 55% DROP 5371 2 ssh:bruteforce 2026-04-13 00:55 evidence →
58.210.98.130 scanner 54% 55 2 ssh:bruteforce 2026-04-09 20:51 evidence →
54.38.52.18 credential_harvester 54% 142 2 ssh:bruteforce vps-90628c5d.vps.ovh.net 2026-04-08 23:25 evidence →
1.214.197.163 credential_harvester 50% 405 2 ssh:bruteforce 2026-04-04 15:24 evidence →
185.249.74.198 credential_harvester 45% 323 1 ssh:bruteforce 2026-04-08 08:51 evidence →
103.31.39.143 credential_harvester 45% 287 1 ssh:bruteforce 2026-04-08 08:57 evidence →
103.218.241.179 credential_harvester 45% 274 1 ssh:bruteforce 2026-04-08 09:43 evidence →
110.14.190.217 credential_harvester 44% 468 1 ssh:bruteforce 2026-04-07 18:37 evidence →
119.96.157.188 scanner 44% 30 2 ssh:bruteforce 2026-04-10 14:58 evidence →
115.190.106.110 scanner 43% 64 1 ssh:bruteforce 2026-04-08 19:33 evidence →
37.120.213.13 credential_harvester 43% 60 2 ssh:bruteforce 2026-04-10 15:01 evidence →
14.103.249.172 scanner 42% 45 1 ssh:bruteforce 2026-04-08 14:52 evidence →
45.148.10.152 opportunistic_bruter 40% DROP 60 2 ssh:bruteforce 2026-04-09 10:02 evidence →
123.60.136.40 credential_harvester 40% 2 1 ssh:bruteforce 2026-04-10 02:02 evidence →
45.135.194.4 credential_harvester 39% DROP 14 2 ssh:bruteforce 2026-04-12 04:36 evidence →
45.148.10.151 opportunistic_bruter 39% DROP 80 2 ssh:bruteforce 2026-04-08 13:02 evidence →
2.57.122.192 opportunistic_bruter 39% DROP 45 2 ssh:bruteforce 2026-04-08 22:02 evidence →
210.183.21.53 credential_harvester 39% 112 1 ssh:bruteforce 2026-04-04 23:12 evidence →
45.38.41.162 credential_harvester 36% 1x OSINT 15 1 ssh:bruteforce 2026-04-12 07:50 evidence →
110.166.87.119 scanner 35% 17 2 ssh:bruteforce 2026-04-09 20:51 evidence →
2.57.121.86 opportunistic_bruter 35% DROP 20 2 ssh:bruteforce 2026-04-07 13:02 evidence →
80.253.31.232 credential_harvester 34% 58 2 ssh:bruteforce 2026-04-08 01:36 evidence →
172.236.228.218 scanner 34% 23 2 http:scanssh:bruteforce 2026-04-07 00:34 evidence →
45.79.181.94 http:scan 33% 21 2 http:scanssh:bruteforce 2026-04-07 08:45 evidence →
142.248.80.38 http:scan 33% 1x OSINT 5 2 http:scan 2026-04-10 04:22 evidence →
2.57.121.17 opportunistic_bruter 32% DROP 20 2 ssh:bruteforce 2026-04-02 04:02 evidence →
172.234.217.192 http:scan 31% 15 2 http:scan 2026-04-10 21:25 evidence →
92.63.197.22 scanner 30% DROP 42 2 ssh:bruteforce 2026-04-08 22:06 evidence →
172.236.127.133 http:scan 30% 10 2 http:scan 2026-04-10 15:15 evidence →
66.228.53.162 http:scan 28% 7 2 http:scan 2026-04-10 04:02 evidence →
45.79.115.59 scanner 26% 7 2 ssh:bruteforce 2026-04-08 02:45 evidence →
37.10.113.212 scanner 25% 1x OSINT 2 1 ssh:bruteforce 2026-04-10 16:55 evidence →
69.164.245.8 http:scan 21% 1x OSINT 1 1 http:scan 2026-04-09 20:31 evidence →
49.51.132.100 http:scan 21% 3 2 http:scan 2026-04-06 18:22 evidence →
46.151.182.183 mysql:bruteforce 16% DROP 1 1 mysql:bruteforce 2026-04-09 22:14 evidence →
165.227.139.253 scanner 11% 1 1 http:scan 2026-04-06 02:38 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds