IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
55 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
55 IPs
Below average
Total Events
46257
Average by volume
Started / Ended
2026-02-28 04:09 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
155.4.245.222 credential_harvester 79% 1x OSINT 828 3 ssh:bruteforce 2026-05-25 11:15 evidence →
111.47.243.219 credential_harvester 78% 1x OSINT 609 3 ssh:bruteforce 2026-05-25 09:25 evidence →
138.124.158.150 credential_harvester 76% 1x OSINT 1370 3 ssh:bruteforce 2026-05-23 20:24 evidence →
152.32.163.183 scanner 76% 1x OSINT 525 3 ssh:bruteforce 2026-05-24 00:57 evidence →
103.237.144.204 credential_harvester 75% 1x OSINT 708 3 ssh:bruteforce 2026-05-23 15:46 evidence →
154.221.28.214 credential_harvester 71% 1x OSINT 926 3 ssh:bruteforce 2026-05-09 06:06 evidence →
176.65.132.129 credential_harvester 69% DROP1x OSINT 31343 3 ssh:bruteforce 2026-05-25 05:20 evidence →
120.48.154.88 scanner 67% 1x OSINT 280 2 ssh:bruteforce 2026-05-28 00:45 evidence →
49.75.185.71 credential_harvester 66% 1x OSINT 136 2 ssh:bruteforce 2026-05-28 02:26 evidence →
117.50.138.166 scanner 61% 1x OSINT 23 3 ssh:bruteforce 2026-05-25 19:06 evidence →
172.104.11.4 web_probe 60% 73 3 http:scanssh:bruteforce 2026-05-25 15:38 evidence →
118.145.237.236 scanner 58% 1x OSINT 56 2 ssh:bruteforce 2026-05-24 17:16 evidence →
14.103.112.228 scanner 56% 1x OSINT 67 2 ssh:bruteforce 2026-05-23 14:37 evidence →
128.0.104.44 credential_harvester 53% 1x OSINT 524 2 ssh:bruteforce 2026-05-28 01:27 evidence →
172.236.228.115 web_probe 52% 52 3 http:scanssh:bruteforce 2026-05-22 02:23 evidence →
104.243.38.174 credential_harvester 52% 1x OSINT 346 2 ssh:bruteforce 2026-05-28 02:34 evidence →
176.65.131.189 credential_harvester 52% 1x OSINT 228 2 ssh:bruteforce 2026-05-28 01:46 evidence →
172.96.172.91 credential_harvester 51% 1x OSINT 196 2 ssh:bruteforce 2026-05-28 02:08 evidence →
138.113.0.63 opportunistic_bruter 49% 1x OSINT 23 1 ssh:bruteforce 2026-05-25 14:12 evidence →
103.56.148.173 credential_harvester 48% 1x OSINT 23 1 ssh:bruteforce 2026-05-24 21:56 evidence →
147.45.50.147 credential_harvester 46% 1x OSINT 30 2 ssh:bruteforce 2026-05-25 16:02 evidence →
172.232.108.36 web_probe 44% 1x OSINT 6 3 http:scan 2026-05-21 09:54 evidence →
103.189.234.9 credential_harvester 44% 1x OSINT 23 1 ssh:bruteforce 2026-05-22 14:57 evidence →
148.113.221.241 credential_harvester 41% 1x OSINT 266 2 ssh:bruteforce 2026-05-22 05:42 evidence →
104.236.66.186 credential_harvester 41% 1x OSINT 360 2 ssh:bruteforce 2026-05-21 21:55 evidence →
109.236.86.20 credential_harvester 41% 1x OSINT 360 2 ssh:bruteforce 2026-05-21 21:46 evidence →
170.106.179.118 credential_harvester 41% 1x OSINT 23 1 ssh:bruteforce 2026-05-20 06:55 evidence →
103.75.71.17 credential_harvester 41% 1x OSINT 274 2 ssh:bruteforce 2026-05-21 22:40 evidence →
141.95.34.214 credential_harvester 41% 1x OSINT 384 2 ssh:bruteforce 2026-05-21 14:44 evidence →
176.119.25.48 credential_harvester 41% 1x OSINT 268 2 ssh:bruteforce 2026-05-21 22:53 evidence →
142.44.247.134 credential_harvester 40% 1x OSINT 364 2 ssh:bruteforce 2026-05-21 15:33 evidence →
154.16.180.24 credential_harvester 40% 1x OSINT 298 2 ssh:bruteforce 2026-05-21 16:21 evidence →
154.16.115.17 credential_harvester 40% 1x OSINT 276 2 ssh:bruteforce 2026-05-21 12:59 evidence →
157.173.100.92 credential_harvester 40% 1x OSINT 224 2 ssh:bruteforce 2026-05-21 17:27 evidence →
175.110.115.68 credential_harvester 40% 1x OSINT 354 2 ssh:bruteforce 2026-05-21 06:06 evidence →
146.59.229.155 credential_harvester 40% 1x OSINT 200 2 ssh:bruteforce 2026-05-21 18:28 evidence →
148.153.245.161 credential_harvester 40% 1x OSINT 356 2 ssh:bruteforce 2026-05-20 23:01 evidence →
172.110.221.82 credential_harvester 39% 1x OSINT 350 2 ssh:bruteforce 2026-05-20 17:54 evidence →
103.75.71.22 credential_harvester 39% 1x OSINT 318 2 ssh:bruteforce 2026-05-21 02:29 evidence →
148.113.160.5 credential_harvester 39% 1x OSINT 248 2 ssh:bruteforce 2026-05-21 07:18 evidence →
158.69.227.40 credential_harvester 39% 1x OSINT 210 2 ssh:bruteforce 2026-05-21 00:07 evidence →
102.129.200.117 credential_harvester 38% 1x OSINT 180 2 ssh:bruteforce 2026-05-19 06:54 evidence →
107.174.90.23 credential_harvester 38% 1x OSINT 138 2 ssh:bruteforce 2026-05-20 13:51 evidence →
104.237.147.156 credential_harvester 38% 1x OSINT 128 2 ssh:bruteforce 2026-05-19 09:27 evidence →
151.242.242.66 credential_harvester 38% 1x OSINT 124 2 ssh:bruteforce 2026-05-18 08:34 evidence →
172.110.219.251 credential_harvester 37% 580 2 ssh:bruteforce 2026-05-21 23:34 evidence →
102.223.47.171 credential_harvester 36% 344 2 ssh:bruteforce 2026-05-21 15:34 evidence →
107.6.164.240 credential_harvester 35% 296 2 ssh:bruteforce 2026-05-21 16:57 evidence →
167.114.156.169 credential_harvester 35% 244 2 ssh:bruteforce 2026-05-21 17:32 evidence →
172.239.64.155 web_probe 35% 2 2 http:scan 2026-05-27 11:15 evidence →
154.16.115.163 credential_harvester 35% 336 2 ssh:bruteforce 2026-05-20 20:09 evidence →
167.235.26.80 credential_harvester 34% 218 2 ssh:bruteforce 2026-05-18 13:38 evidence →
139.180.163.29 credential_harvester 33% 166 2 ssh:bruteforce 2026-05-19 00:03 evidence →
119.148.8.66 scanner 33% 4 2 ssh:bruteforce 2026-05-27 05:44 evidence →
173.255.225.25 web_probe 26% 1 1 http:scan 2026-05-28 02:00 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds