IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
14 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on AWS. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
AWS
Member Count
14 IPs
Below average
Total Events
3851
Below average by volume
Started / Ended
2026-03-03 22:52 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
177.229.197.38 credential_harvester 79% 1x OSINT 1734 3 ssh:bruteforce customer-MCA-TGZ-197-38.megared.net.mx 2026-06-06 18:03 evidence →
88.147.30.59 credential_harvester 72% 1x OSINT 941 3 ssh:bruteforce 88-147-30-59.static.eolo.it 2026-06-03 01:24 evidence →
103.164.57.37 credential_harvester 68% 1x OSINT 554 2 ssh:bruteforce 2026-06-09 07:16 evidence →
109.50.185.153 credential_harvester 67% 1x OSINT 407 2 ssh:bruteforce 2026-06-09 01:49 evidence →
64.89.163.89 mysql_bruter 57% DROP1x OSINT 20 3 mysql:bruteforce 2026-06-09 07:58 evidence →
107.173.85.94 interactive_operator 54% 1x OSINT 44 1 ssh:bruteforce 2026-06-09 02:03 evidence →
129.121.50.245 credential_harvester 53% 1x OSINT 23 1 ssh:bruteforce 2026-06-09 05:08 evidence →
43.155.157.239 web_probe 52% 9 3 http:scan 2026-06-09 02:44 evidence →
43.161.234.148 web_probe 51% 4 3 http:scan 2026-06-09 07:49 evidence →
23.254.178.52 credential_harvester 46% 1x OSINT 100 1 ssh:bruteforce 2026-06-03 21:00 evidence →
170.106.165.76 web_probe 44% 5 3 http:scan 2026-06-05 08:55 evidence →
100.27.169.19 web_probe 37% 1x OSINT 5 2 http:scan 2026-06-06 21:48 evidence →
165.22.248.57 scanner 34% 4 2 ssh:bruteforce 2026-06-08 17:40 evidence →
178.16.55.161 web_probe 26% DROP 1 1 http:scan 2026-06-09 07:41 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds