IntrusionLabs IntrusionLabs
← Back to feed

Multi-Agent Scan

SCAN Active medium
Why this campaign was detected
31 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
Subnet
Country
Cloud Provider
Member Count
31 IPs
Below average
Total Events
8984
Below average by volume
Started / Ended
2026-04-04 06:00 — ongoing
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
211.253.31.30 credential_harvester 84% 1x OSINT 970 3 ssh:bruteforce 2026-06-19 09:38 evidence →
139.59.208.49 credential_harvester 83% 1x OSINT 533 3 ssh:bruteforce 2026-06-19 06:59 evidence →
110.93.224.226 credential_harvester 82% 1x OSINT 223 3 ssh:bruteforce 2026-06-19 09:42 evidence →
65.49.20.69 scanner 71% 2x OSINT 37 3 http:scanssh:bruteforce 2026-06-19 08:23 evidence →
106.75.29.99 scanner 70% 1x OSINT 87 3 ssh:bruteforce 2026-06-19 09:29 evidence →
20.244.95.134 credential_harvester 68% 1x OSINT 684 2 ssh:bruteforce 2026-06-19 08:36 evidence →
104.9.60.148 credential_harvester 68% 1x OSINT 655 2 ssh:bruteforce 2026-06-19 09:16 evidence →
217.154.45.93 credential_harvester 68% 1x OSINT 530 2 ssh:bruteforce 2026-06-19 06:08 evidence →
106.13.122.214 credential_harvester 66% 1x OSINT 236 2 ssh:bruteforce 2026-06-19 06:11 evidence →
205.210.31.17 web_probe 64% 1x OSINT 6 3 http:scanssh:bruteforce 2026-06-19 06:17 evidence →
64.89.163.154 mysql_bruter 58% DROP1x OSINT 27 3 mysql:bruteforce 2026-06-19 10:26 evidence →
176.65.139.219 credential_harvester 54% DROP2x OSINT 4295 1 ssh:bruteforce 2026-06-19 10:48 evidence →
85.217.149.59 web_probe 53% 2x OSINT 5 2 http:scanssh:bruteforce 2026-06-19 07:07 evidence →
148.113.190.153 credential_harvester 52% 1x OSINT 312 2 ssh:bruteforce 2026-06-19 10:06 evidence →
217.156.65.251 credential_harvester 51% 1x OSINT 238 2 ssh:bruteforce 2026-06-19 05:52 evidence →
195.160.220.149 credential_harvester 51% 1x OSINT 188 2 ssh:bruteforce 2026-06-19 07:55 evidence →
51.68.126.146 credential_harvester 51% 1x OSINT 200 2 ssh:bruteforce 2026-06-19 05:01 evidence →
202.10.43.162 credential_harvester 50% 1x OSINT 98 2 ssh:bruteforce 2026-06-19 07:27 evidence →
103.195.100.210 credential_harvester 49% 1x OSINT 68 2 ssh:bruteforce 2026-06-19 00:35 evidence →
108.176.102.58 mysql_bruter 48% 1x OSINT 629 2 mysql:bruteforce 2026-06-19 06:05 evidence →
165.154.200.214 credential_harvester 45% DROP1x OSINT 102 2 ssh:bruteforce 2026-06-19 10:52 evidence →
23.94.14.160 credential_harvester 44% 74 2 ssh:bruteforce 2026-06-19 05:25 evidence →
192.142.28.77 scanner 42% 2x OSINT 4 2 ssh:bruteforce 2026-06-19 06:14 evidence →
43.135.135.57 web_probe 37% 6 2 http:scan 2026-06-19 08:02 evidence →
129.226.209.117 web_probe 36% 5 2 http:scan 2026-06-19 06:29 evidence →
20.104.75.74 web_probe 36% 1x OSINT 40 1 http:scan 2026-06-19 07:07 evidence →
62.210.142.65 web_probe 36% 2 2 http:scan 2026-06-19 10:04 evidence →
62.210.142.21 web_probe 35% 2 2 http:scan 2026-06-19 04:12 evidence →
211.107.217.244 scanner 34% 4 2 ssh:bruteforce 2026-06-19 09:30 evidence →
165.154.206.35 web_probe 25% DROP 1 1 http:scan 2026-06-19 03:59 evidence →
34.79.87.63 mysql_probe 22% 1 1 mysql:bruteforce 2026-06-19 08:24 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds