← Back to feed
SCAN-multi-agent-20260219
SCAN Active mediumWhy this campaign was detected
18 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
18 IPs
Below average
Total Events
2924
Below average by volume
Started / Ended
2026-02-18 00:01 — ongoing
MITRE ATT&CK Techniques
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 45.148.10.121 | credential_harvester | 80% | DROP1x OSINT | 12474 | 3 | ssh:bruteforce | — | 2026-05-11 13:24 | evidence → |
| 2.57.121.25 | credential_harvester | 69% | DROP1x OSINT | 25298 | 3 | ssh:bruteforce | hosting25.tronicsat.com | 2026-05-11 21:38 | evidence → |
| 80.94.92.184 | credential_harvester | 63% | DROP1x OSINT | 8073 | 3 | ssh:bruteforce | — | 2026-05-11 12:14 | evidence → |
| 64.89.160.135 | scanner | 55% | DROP | 230 | 3 | ssh:bruteforce | — | 2026-05-11 19:36 | evidence → |
| 79.3.96.178 | credential_harvester | 55% | 1x OSINT | 417 | 2 | ssh:bruteforce | host-79-3-96-178.business.telecomitalia.it | 2026-04-07 23:20 | evidence → |
| 80.66.83.43 | scanner | 48% | 51 | 3 | ssh:bruteforce | — | 2026-05-09 07:30 | evidence → | |
| 174.101.165.67 | credential_probe | 47% | 48 | 3 | http:scanssh:bruteforce | syn-174-101-165-067.res.spectrum.com | 2026-04-22 21:52 | evidence → | |
| 92.118.39.95 | credential_harvester | 42% | DROP | 7588 | 2 | ssh:bruteforce | — | 2026-04-16 05:34 | evidence → |
| 42.112.42.129 | credential_harvester | 40% | 197 | 1 | ssh:bruteforce | — | 2026-03-13 17:14 | evidence → | |
| 1.2.3.4 | 36% | 4 | 2 | ssh:bruteforce | — | 2026-02-18 22:00 | evidence → | ||
| 1.2.3.5 | 35% | 2 | 2 | ssh:bruteforce | — | 2026-02-18 22:01 | evidence → | ||
| 195.20.19.212 | data_exfiltrator | 33% | 18 | 1 | ssh:bruteforce | gotoufbx-1942-3970 | 2026-03-19 04:52 | evidence → | |
| 192.81.208.35 | 33% | 381 | 2 | ssh:bruteforce | — | 2026-02-18 15:11 | evidence → | ||
| 194.60.210.23 | 32% | 161 | 2 | ssh:bruteforce | — | 2026-02-19 04:30 | evidence → | ||
| 92.118.39.72 | credential_harvester | 32% | DROP | 4239 | 2 | ssh:bruteforce | — | 2026-04-17 15:19 | evidence → |
| 92.118.39.76 | credential_harvester | 32% | DROP | 4224 | 2 | ssh:bruteforce | — | 2026-04-18 03:10 | evidence → |
| 162.243.161.22 | 27% | 8 | 2 | ssh:bruteforce | — | 2026-02-18 19:10 | evidence → | ||
| 3.132.26.232 | scanner | 10% | 188 | 3 | http:scanssh:bruteforce | scan.visionheight.com | 2026-05-09 19:32 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds