← Back to feed
SCAN-multi-agent-20260219
SCAN Active mediumWhy this campaign was detected
22 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
22 IPs
Below average
Total Events
3680
Below average by volume
Started / Ended
2026-02-18 05:40 — ongoing
MITRE ATT&CK Techniques
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 45.148.10.121 | credential_harvester | 80% | DROP1x OSINT | 12474 | 3 | ssh:bruteforce | — | 2026-05-11 13:24 | evidence → |
| 2.57.121.25 | credential_harvester | 69% | DROP1x OSINT | 25298 | 3 | ssh:bruteforce | hosting25.tronicsat.com | 2026-05-11 21:38 | evidence → |
| 80.94.92.184 | credential_harvester | 63% | DROP1x OSINT | 8073 | 3 | ssh:bruteforce | — | 2026-05-11 12:14 | evidence → |
| 64.89.160.135 | scanner | 55% | DROP | 230 | 3 | ssh:bruteforce | — | 2026-05-11 19:36 | evidence → |
| 79.3.96.178 | credential_harvester | 55% | 1x OSINT | 417 | 2 | ssh:bruteforce | host-79-3-96-178.business.telecomitalia.it | 2026-04-07 23:20 | evidence → |
| 103.203.57.2 | scanner | 52% | 301 | 3 | ssh:bruteforce | scan-57-2.security.ipip.net | 2026-05-09 13:14 | evidence → | |
| 80.66.83.43 | scanner | 48% | 51 | 3 | ssh:bruteforce | — | 2026-05-09 07:30 | evidence → | |
| 174.101.165.67 | credential_probe | 47% | 48 | 3 | http:scanssh:bruteforce | syn-174-101-165-067.res.spectrum.com | 2026-04-22 21:52 | evidence → | |
| 123.59.7.18 | scanner | 46% | 83 | 1 | ssh:bruteforce | — | 2026-05-08 23:48 | evidence → | |
| 92.118.39.95 | credential_harvester | 42% | DROP | 7588 | 2 | ssh:bruteforce | — | 2026-04-16 05:34 | evidence → |
| 42.112.42.129 | credential_harvester | 40% | 197 | 1 | ssh:bruteforce | — | 2026-03-13 17:14 | evidence → | |
| 91.92.241.59 | 39% | DROP | 228 | 2 | ssh:bruteforce | — | 2026-02-22 08:06 | evidence → | |
| 87.98.166.118 | 38% | 590 | 2 | ssh:bruteforce | ip118.ip-87-98-166.eu | 2026-02-21 01:05 | evidence → | ||
| 1.2.3.4 | 36% | 4 | 2 | ssh:bruteforce | — | 2026-02-18 22:00 | evidence → | ||
| 1.2.3.5 | 35% | 2 | 2 | ssh:bruteforce | — | 2026-02-18 22:01 | evidence → | ||
| 192.81.208.35 | 33% | 381 | 2 | ssh:bruteforce | — | 2026-02-18 15:11 | evidence → | ||
| 194.60.210.23 | 32% | 161 | 2 | ssh:bruteforce | — | 2026-02-19 04:30 | evidence → | ||
| 92.118.39.72 | credential_harvester | 32% | DROP | 4239 | 2 | ssh:bruteforce | — | 2026-04-17 15:19 | evidence → |
| 92.118.39.76 | credential_harvester | 32% | DROP | 4224 | 2 | ssh:bruteforce | — | 2026-04-18 03:10 | evidence → |
| 175.173.171.23 | 31% | 75 | 2 | ssh:bruteforce | — | 2026-02-19 02:18 | evidence → | ||
| 162.243.161.22 | 27% | 8 | 2 | ssh:bruteforce | — | 2026-02-18 19:10 | evidence → | ||
| 3.132.26.232 | scanner | 10% | 188 | 3 | http:scanssh:bruteforce | scan.visionheight.com | 2026-05-09 19:32 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds