← Back to feed
SCAN-multi-agent-20260220
SCAN Active mediumWhy this campaign was detected
12 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
12 IPs
Below average
Total Events
1684
Below average by volume
Started / Ended
2026-02-18 16:12 — ongoing
MITRE ATT&CK Techniques
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 213.209.159.158 | credential_harvester | 84% | DROP1x OSINT | 7600 | 3 | ssh:bruteforce | — | 2026-05-11 16:45 | evidence → |
| 42.200.78.78 | credential_harvester | 83% | 1x OSINT | 591 | 3 | ssh:bruteforce | 42-200-78-78.static.imsbiz.com | 2026-05-11 19:08 | evidence → |
| 14.103.247.214 | credential_harvester | 50% | 441 | 2 | ssh:bruteforce | — | 2026-04-19 05:03 | evidence → | |
| 45.174.162.68 | credential_harvester | 47% | 91 | 2 | ssh:bruteforce | — | 2026-03-27 09:40 | evidence → | |
| 115.247.214.210 | credential_harvester | 47% | 81 | 2 | ssh:bruteforce | — | 2026-03-09 22:49 | evidence → | |
| 119.148.49.82 | scanner | 44% | 60 | 3 | ssh:bruteforce | — | 2026-05-07 03:34 | evidence → | |
| 185.213.165.65 | 41% | 681 | 2 | ssh:bruteforce | static.65.165.213.185.clients.irandns.com | 2026-02-22 14:29 | evidence → | ||
| 139.59.89.236 | 37% | 76 | 2 | ssh:bruteforce | — | 2026-02-22 13:48 | evidence → | ||
| 122.186.154.250 | credential_harvester | 37% | 38 | 1 | ssh:bruteforce | nsg-corporate-250.154.186.122.airtel.in | 2026-03-09 22:48 | evidence → | |
| 189.190.2.14 | 34% | 137 | 2 | ssh:bruteforce | dsl-14-2-190-189-dynamic.prod-infinitum.com.mx | 2026-02-20 08:27 | evidence → | ||
| 16.58.56.214 | scanner | 10% | 1x OSINT | 337 | 3 | http:scanssh:bruteforce | scan.visionheight.com | 2026-05-09 04:29 | evidence → |
| 64.62.156.94 | scanner | 10% | 10 | 3 | http:scanssh:bruteforce | scan-66-0.shadowserver.org | 2026-05-06 02:35 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds