← Back to feed
SCAN-multi-agent-20260219
SCAN Active mediumWhy this campaign was detected
37 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
37 IPs
Below average
Total Events
7460
Below average by volume
Started / Ended
2026-02-18 04:27 — ongoing
MITRE ATT&CK Techniques
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 213.209.159.158 | credential_harvester | 84% | DROP1x OSINT | 7600 | 3 | ssh:bruteforce | — | 2026-05-11 16:45 | evidence → |
| 45.148.10.121 | credential_harvester | 80% | DROP1x OSINT | 12474 | 3 | ssh:bruteforce | — | 2026-05-11 13:24 | evidence → |
| 130.12.180.51 | data_exfiltrator | 79% | DROP | 3424 | 3 | ssh:bruteforce | — | 2026-05-11 22:02 | evidence → |
| 193.32.162.151 | credential_harvester | 73% | DROP1x OSINT | 12895 | 3 | ssh:bruteforce | — | 2026-05-11 10:49 | evidence → |
| 2.57.121.25 | credential_harvester | 69% | DROP1x OSINT | 25298 | 3 | ssh:bruteforce | hosting25.tronicsat.com | 2026-05-11 21:38 | evidence → |
| 80.94.92.171 | credential_harvester | 64% | DROP1x OSINT | 3131 | 3 | ssh:bruteforce | — | 2026-05-11 21:11 | evidence → |
| 80.94.92.168 | scanner | 64% | DROP1x OSINT | 2132 | 3 | ssh:bruteforce | — | 2026-05-11 20:10 | evidence → |
| 80.94.92.184 | credential_harvester | 63% | DROP1x OSINT | 8073 | 3 | ssh:bruteforce | — | 2026-05-11 12:14 | evidence → |
| 2.57.122.238 | credential_harvester | 63% | DROP1x OSINT | 11198 | 3 | ssh:bruteforce | — | 2026-05-11 06:24 | evidence → |
| 77.90.185.16 | scanner | 60% | 1x OSINT | 244 | 3 | ssh:bruteforce | — | 2026-05-11 18:53 | evidence → |
| 81.29.142.100 | web_probe | 56% | 134 | 3 | http:scanmysql:bruteforcessh:bruteforce | igutic.earnningipti.co.uk | 2026-05-06 23:58 | evidence → | |
| 64.89.160.135 | scanner | 55% | DROP | 230 | 3 | ssh:bruteforce | — | 2026-05-11 19:36 | evidence → |
| 79.3.96.178 | credential_harvester | 55% | 1x OSINT | 417 | 2 | ssh:bruteforce | host-79-3-96-178.business.telecomitalia.it | 2026-04-07 23:20 | evidence → |
| 103.203.57.2 | scanner | 52% | 301 | 3 | ssh:bruteforce | scan-57-2.security.ipip.net | 2026-05-09 13:14 | evidence → | |
| 13.81.183.29 | credential_harvester | 49% | 291 | 2 | ssh:bruteforce | — | 2026-04-02 15:34 | evidence → | |
| 87.248.237.138 | credential_harvester | 49% | 217 | 2 | ssh:bruteforce | 87.248.237.138.pool.sknt.ru | 2026-04-12 18:22 | evidence → | |
| 174.101.165.67 | credential_probe | 47% | 48 | 3 | http:scanssh:bruteforce | syn-174-101-165-067.res.spectrum.com | 2026-04-22 21:52 | evidence → | |
| 123.59.7.18 | scanner | 46% | 83 | 1 | ssh:bruteforce | — | 2026-05-08 23:48 | evidence → | |
| 23.160.56.192 | data_exfiltrator | 44% | 72 | 2 | ssh:bruteforce | 192so3245.vybrelease.cn.com | 2026-02-25 06:28 | evidence → | |
| 42.112.42.129 | credential_harvester | 40% | 197 | 1 | ssh:bruteforce | — | 2026-03-13 17:14 | evidence → | |
| 91.92.241.59 | 39% | DROP | 228 | 2 | ssh:bruteforce | — | 2026-02-22 08:06 | evidence → | |
| 14.103.117.81 | scanner | 38% | 83 | 1 | ssh:bruteforce | — | 2026-04-19 07:03 | evidence → | |
| 87.98.166.118 | 38% | 590 | 2 | ssh:bruteforce | ip118.ip-87-98-166.eu | 2026-02-21 01:05 | evidence → | ||
| 209.141.33.240 | opportunistic_bruter | 36% | 23 | 1 | ssh:bruteforce | saphira.pwnation.net | 2026-03-01 01:37 | evidence → | |
| 103.139.193.223 | opportunistic_bruter | 36% | 23 | 1 | ssh:bruteforce | ip103-139-193-223.cloudhost.web.id | 2026-03-04 17:54 | evidence → | |
| 1.2.3.4 | 36% | 4 | 2 | ssh:bruteforce | — | 2026-02-18 22:00 | evidence → | ||
| 1.2.3.5 | 35% | 2 | 2 | ssh:bruteforce | — | 2026-02-18 22:01 | evidence → | ||
| 171.243.148.202 | 35% | 288 | 2 | ssh:bruteforce | dynamic-ip-adsl.viettel.vn | 2026-02-19 20:37 | evidence → | ||
| 148.113.47.97 | 33% | 267 | 2 | ssh:bruteforce | ns5036658.ip-148-113-47.net | 2026-02-19 03:47 | evidence → | ||
| 195.20.19.212 | data_exfiltrator | 33% | 18 | 1 | ssh:bruteforce | gotoufbx-1942-3970 | 2026-03-19 04:52 | evidence → | |
| 194.60.210.23 | 32% | 161 | 2 | ssh:bruteforce | — | 2026-02-19 04:30 | evidence → | ||
| 92.118.39.72 | credential_harvester | 32% | DROP | 4239 | 2 | ssh:bruteforce | — | 2026-04-17 15:19 | evidence → |
| 92.118.39.76 | credential_harvester | 32% | DROP | 4224 | 2 | ssh:bruteforce | — | 2026-04-18 03:10 | evidence → |
| 92.118.39.56 | credential_harvester | 32% | DROP | 4100 | 2 | ssh:bruteforce | — | 2026-04-17 12:10 | evidence → |
| 175.173.171.23 | 31% | 75 | 2 | ssh:bruteforce | — | 2026-02-19 02:18 | evidence → | ||
| 188.32.148.19 | scanner | 22% | 6 | 2 | ssh:bruteforce | broadband-188-32-148-19.ip.moscow.rt.ru | 2026-03-04 11:58 | evidence → | |
| 64.23.143.185 | credential_probe | 12% | 10 | 1 | ssh:bruteforce | — | 2026-03-09 23:56 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds