IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
30 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Linode. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Linode
Member Count
30 IPs
Below average
Total Events
26676
Average by volume
Started / Ended
2026-05-03 00:28 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
80.94.92.182 credential_harvester 78% DROP2x OSINT 9488 3 ssh:bruteforce 2026-05-15 02:42 evidence →
45.148.10.157 opportunistic_bruter 72% DROP2x OSINT 187 3 ssh:bruteforce 2026-05-15 04:04 evidence →
80.94.92.186 credential_harvester 68% DROP2x OSINT 6440 3 ssh:bruteforce 2026-05-15 06:49 evidence →
66.228.53.204 web_probe 63% 1x OSINT 41 3 http:scanssh:bruteforce 2026-05-12 13:46 evidence →
172.236.228.218 web_probe 61% 1x OSINT 56 3 http:scanssh:bruteforce 2026-05-11 08:55 evidence →
80.94.92.184 credential_harvester 61% DROP2x OSINT 8073 3 ssh:bruteforce 2026-05-11 12:14 evidence →
172.104.11.4 web_probe 60% 1x OSINT 51 3 http:scanssh:bruteforce 2026-05-10 17:43 evidence →
186.190.215.90 credential_harvester 51% 1x OSINT 194 2 ssh:bruteforce 2026-05-15 02:59 evidence →
208.87.242.161 credential_harvester 51% 1x OSINT 168 2 ssh:bruteforce 2026-05-15 06:07 evidence →
65.60.61.173 credential_harvester 51% 1x OSINT 160 2 ssh:bruteforce 2026-05-15 04:35 evidence →
191.101.33.114 credential_harvester 51% 1x OSINT 142 2 ssh:bruteforce 2026-05-15 06:18 evidence →
103.57.224.219 credential_harvester 51% 1x OSINT 152 2 ssh:bruteforce 2026-05-15 04:39 evidence →
148.135.49.242 credential_harvester 51% 1x OSINT 132 2 ssh:bruteforce 2026-05-15 03:36 evidence →
104.194.9.81 credential_harvester 50% 1x OSINT 122 2 ssh:bruteforce 2026-05-15 03:46 evidence →
107.170.247.81 credential_harvester 50% 1x OSINT 100 2 ssh:bruteforce 2026-05-15 05:36 evidence →
148.153.121.224 credential_harvester 50% 1x OSINT 116 2 ssh:bruteforce 2026-05-15 02:03 evidence →
172.93.103.2 credential_harvester 50% 1x OSINT 94 2 ssh:bruteforce 2026-05-15 05:50 evidence →
198.204.253.106 credential_harvester 50% 1x OSINT 84 2 ssh:bruteforce 2026-05-15 04:14 evidence →
5.223.67.133 credential_harvester 49% 1x OSINT 56 2 ssh:bruteforce 2026-05-15 05:14 evidence →
149.56.241.206 credential_harvester 46% 168 2 ssh:bruteforce 2026-05-15 06:39 evidence →
199.127.60.187 credential_harvester 46% 1x OSINT 96 2 ssh:bruteforce 2026-05-12 23:55 evidence →
108.181.2.243 credential_harvester 45% 1x OSINT 112 2 ssh:bruteforce 2026-05-12 12:47 evidence →
170.238.136.42 credential_harvester 45% 1x OSINT 84 2 ssh:bruteforce 2026-05-12 16:56 evidence →
208.87.243.43 credential_harvester 45% 1x OSINT 70 2 ssh:bruteforce 2026-05-12 18:10 evidence →
107.181.228.82 credential_harvester 45% 1x OSINT 140 2 ssh:bruteforce 2026-05-12 00:23 evidence →
191.101.33.115 credential_harvester 45% 1x OSINT 80 2 ssh:bruteforce 2026-05-12 10:38 evidence →
51.159.104.219 credential_harvester 40% 138 2 ssh:bruteforce 2026-05-12 01:48 evidence →
139.180.163.29 credential_harvester 39% 54 2 ssh:bruteforce 2026-05-12 09:12 evidence →
45.11.57.172 credential_probe 36% 1x OSINT 38 2 ssh:bruteforce 2026-05-12 10:38 evidence →
172.232.108.36 web_probe 34% 2x OSINT 1 1 http:scan 2026-05-15 05:39 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds