IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
13 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
13 IPs
Below average
Total Events
4890
Below average by volume
Started / Ended
2026-05-03 15:51 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
198.98.56.227 credential_harvester 72% 1x OSINT 1733 3 ssh:bruteforce mail.brycev.xyz 2026-05-31 22:00 evidence →
64.89.163.146 mysql_bruter 58% DROP1x OSINT 22 3 mysql:bruteforce 2026-06-07 11:49 evidence →
58.229.141.26 credential_harvester 58% 1x OSINT 1814 2 ssh:bruteforce 2026-06-01 05:08 evidence →
50.7.127.99 credential_harvester 53% 1x OSINT 470 2 ssh:bruteforce 2026-06-07 09:21 evidence →
94.250.61.10 credential_harvester 51% 1x OSINT 198 2 ssh:bruteforce 2026-06-07 09:52 evidence →
176.65.139.56 credential_harvester 50% DROP2x OSINT 210 2 ssh:bruteforce 2026-06-07 12:55 evidence →
96.127.172.218 credential_harvester 50% 1x OSINT 120 2 ssh:bruteforce 2026-06-07 02:54 evidence →
130.185.239.222 credential_harvester 50% 1x OSINT 90 2 ssh:bruteforce 2026-06-07 09:17 evidence →
173.236.82.246 credential_harvester 49% 1x OSINT 84 2 ssh:bruteforce 2026-06-07 05:50 evidence →
31.222.235.204 credential_harvester 46% DROP 174 2 ssh:bruteforce 2026-06-07 08:13 evidence →
206.206.103.148 opportunistic_bruter 46% 1x OSINT 23 1 ssh:bruteforce 2026-06-03 05:36 evidence →
111.90.143.158 web_probe 40% 1x OSINT 2 2 http:scan 2026-06-07 09:08 evidence →
194.165.16.165 scanner 31% 2x OSINT 15 2 ssh:bruteforce 2026-05-30 06:58 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds