IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
17 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
17 IPs
Below average
Total Events
2504
Below average by volume
Started / Ended
2026-04-13 19:17 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
187.154.100.150 credential_harvester 84% 1x OSINT 1008 3 ssh:bruteforce 2026-05-09 13:03 evidence →
58.251.254.247 scanner 69% 1x OSINT 42 3 ssh:bruteforce 2026-05-09 16:09 evidence →
45.148.10.151 opportunistic_bruter 69% DROP1x OSINT 175 3 ssh:bruteforce 2026-05-09 16:03 evidence →
2.57.122.190 opportunistic_bruter 67% DROP1x OSINT 110 3 ssh:bruteforce 2026-05-09 07:04 evidence →
45.148.10.157 opportunistic_bruter 65% DROP1x OSINT 172 3 ssh:bruteforce 2026-05-07 19:04 evidence →
172.236.228.198 web_probe 62% 2x OSINT 19 3 http:scan 172-236-228-198.ip.linodeusercontent.com 2026-05-09 13:04 evidence →
172.234.217.129 web_probe 58% 39 3 http:scanssh:bruteforce 172-234-217-129.ip.linodeusercontent.com 2026-05-07 00:46 evidence →
64.89.163.91 mysql_bruter 57% DROP1x OSINT 13 3 mysql:bruteforce 2026-05-09 12:48 evidence →
45.56.79.53 scanner 56% 1x OSINT 22 3 ssh:bruteforce 2026-05-09 13:34 evidence →
173.255.221.189 scanner 56% 1x OSINT 24 3 ssh:bruteforce 2026-05-09 04:32 evidence →
172.236.228.245 web_probe 53% 1x OSINT 67 2 http:scanssh:bruteforce 2026-05-09 09:57 evidence →
43.131.45.213 web_probe 53% 9 3 http:scan 2026-05-09 15:44 evidence →
43.157.174.69 web_probe 52% 6 3 http:scan 2026-05-09 11:55 evidence →
170.64.167.72 scanner 46% 1x OSINT 490 2 ssh:bruteforce 2026-05-09 11:54 evidence →
154.92.15.23 scanner 45% 1x OSINT 197 2 ssh:bruteforce 2026-05-09 11:45 evidence →
103.17.118.152 web_probe 41% 71 2 http:scan 2026-05-09 15:52 evidence →
89.187.80.32 scanner 41% 1x OSINT 90 2 ssh:bruteforce 2026-05-07 22:44 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds