← Back to feed

Multi-Agent Scan

SCAN Active medium

Why this campaign was detected

12 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.

Primary ASN

—

Subnet

—

Country

—

Cloud Provider

Linode

Member Count

12 IPs

Below average

Total Events

15725

Below average by volume

Started / Ended

2026-03-15 23:22 — ongoing

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
45.144.233.56	credential_harvester	82%	1x OSINT	293	3	ssh:bruteforce	—	2026-04-23 00:06	evidence →
130.12.180.51	data_exfiltrator	79%	DROP	2252	3	ssh:bruteforce	—	2026-04-23 02:01	evidence →
80.94.92.182	credential_harvester	74%	DROP1x OSINT	6745	3	ssh:bruteforce	—	2026-04-23 04:02	evidence →
78.128.112.74	credential_harvester	74%	1x OSINT	5100	3	ssh:bruteforce	ip-112-74.4vendeta.com	2026-04-23 03:48	evidence →
101.36.119.184	credential_harvester	68%	1x OSINT	602	2	ssh:bruteforce	—	2026-04-23 00:36	evidence →
45.148.10.151	opportunistic_bruter	68%	DROP1x OSINT	110	3	ssh:bruteforce	—	2026-04-23 01:02	evidence →
142.248.80.38	web_probe	57%	1x OSINT	7	3	http:scan	—	2026-04-23 01:32	evidence →
79.124.40.174	web_probe	57%		110	3	http:scan	ip-40-174.4vendeta.com	2026-04-23 02:36	evidence →
152.53.22.186	credential_harvester	57%	1x OSINT	633	2	ssh:bruteforce	—	2026-04-16 18:37	evidence →
31.57.61.190	credential_probe	55%	1x OSINT	15	3	ssh:bruteforce	—	2026-04-22 23:47	evidence →
190.2.135.111	credential_probe	44%	2x OSINT	30	2	ssh:bruteforce	—	2026-04-23 00:08	evidence →
45.79.207.129	scanner	41%	1x OSINT	14	2	ssh:bruteforce	—	2026-04-23 02:41	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds