← Back to feed
SCAN-multi-agent-20260219
SCAN Active mediumWhy this campaign was detected
13 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
13 IPs
Below average
Total Events
1932
Below average by volume
Started / Ended
2026-02-18 01:57 — ongoing
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 213.209.159.158 | credential_harvester | 84% | DROP1x OSINT | 7600 | 3 | ssh:bruteforce | — | 2026-05-11 16:45 | evidence → |
| 130.12.180.51 | data_exfiltrator | 79% | DROP | 3424 | 3 | ssh:bruteforce | — | 2026-05-11 22:02 | evidence → |
| 193.32.162.151 | credential_harvester | 73% | DROP1x OSINT | 12895 | 3 | ssh:bruteforce | — | 2026-05-11 10:49 | evidence → |
| 80.94.92.171 | credential_harvester | 64% | DROP1x OSINT | 3131 | 3 | ssh:bruteforce | — | 2026-05-11 21:11 | evidence → |
| 80.94.92.168 | scanner | 64% | DROP1x OSINT | 2132 | 3 | ssh:bruteforce | — | 2026-05-11 20:10 | evidence → |
| 87.248.237.138 | credential_harvester | 49% | 217 | 2 | ssh:bruteforce | 87.248.237.138.pool.sknt.ru | 2026-04-12 18:22 | evidence → | |
| 91.92.241.59 | 39% | DROP | 228 | 2 | ssh:bruteforce | — | 2026-02-22 08:06 | evidence → | |
| 87.98.166.118 | 38% | 590 | 2 | ssh:bruteforce | ip118.ip-87-98-166.eu | 2026-02-21 01:05 | evidence → | ||
| 103.139.193.223 | opportunistic_bruter | 36% | 23 | 1 | ssh:bruteforce | ip103-139-193-223.cloudhost.web.id | 2026-03-04 17:54 | evidence → | |
| 148.113.47.97 | 33% | 267 | 2 | ssh:bruteforce | ns5036658.ip-148-113-47.net | 2026-02-19 03:47 | evidence → | ||
| 195.20.19.212 | data_exfiltrator | 33% | 18 | 1 | ssh:bruteforce | gotoufbx-1942-3970 | 2026-03-19 04:52 | evidence → | |
| 92.118.39.56 | credential_harvester | 32% | DROP | 4100 | 2 | ssh:bruteforce | — | 2026-04-17 12:10 | evidence → |
| 64.23.143.185 | credential_probe | 12% | 10 | 1 | ssh:bruteforce | — | 2026-03-09 23:56 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds