IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
13 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
13 IPs
Below average
Total Events
4991
Below average by volume
Started / Ended
2026-03-02 20:56 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
197.243.14.52 credential_harvester 79% 1x OSINT 627 3 ssh:bruteforce 2026-05-25 14:52 evidence →
34.91.0.68 credential_harvester 76% 1x OSINT 566 3 ssh:bruteforce 68.0.91.34.bc.googleusercontent.com 2026-05-24 00:05 evidence →
152.32.163.183 scanner 76% 1x OSINT 525 3 ssh:bruteforce 2026-05-24 00:57 evidence →
103.237.144.204 credential_harvester 75% 1x OSINT 708 3 ssh:bruteforce 2026-05-23 15:46 evidence →
195.60.175.119 credential_harvester 72% 1x OSINT 480 3 ssh:bruteforce 2026-05-22 11:18 evidence →
198.98.56.205 credential_harvester 72% 1x OSINT 358 3 ssh:bruteforce bullshit-irc.net 2026-05-22 07:03 evidence →
117.50.138.166 scanner 61% 1x OSINT 23 3 ssh:bruteforce 2026-05-25 19:06 evidence →
94.232.41.236 credential_harvester 57% 1x OSINT 69 2 ssh:bruteforce 2026-05-24 00:17 evidence →
58.209.82.184 credential_harvester 52% 1x OSINT 95 2 ssh:bruteforce 2026-05-21 01:12 evidence →
192.3.145.26 credential_harvester 49% 1x OSINT 42 2 ssh:bruteforce 2026-05-27 22:24 evidence →
170.106.179.118 credential_harvester 41% 1x OSINT 23 1 ssh:bruteforce 2026-05-20 06:55 evidence →
158.69.227.40 credential_harvester 39% 1x OSINT 210 2 ssh:bruteforce 2026-05-21 00:07 evidence →
185.255.100.14 credential_harvester 32% VPN 82 2 ssh:bruteforce 2026-05-18 04:37 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds