← Back to feed
SCAN-multi-agent-20260219
SCAN Active mediumWhy this campaign was detected
27 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
27 IPs
Below average
Total Events
4919
Below average by volume
Started / Ended
2026-02-16 18:06 — ongoing
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 213.209.159.158 | credential_harvester | 84% | DROP1x OSINT | 7600 | 3 | ssh:bruteforce | — | 2026-05-11 16:45 | evidence → |
| 130.12.180.51 | data_exfiltrator | 79% | DROP | 3424 | 3 | ssh:bruteforce | — | 2026-05-11 22:02 | evidence → |
| 193.32.162.151 | credential_harvester | 73% | DROP1x OSINT | 12895 | 3 | ssh:bruteforce | — | 2026-05-11 10:49 | evidence → |
| 2.57.121.25 | credential_harvester | 69% | DROP1x OSINT | 25298 | 3 | ssh:bruteforce | hosting25.tronicsat.com | 2026-05-11 21:38 | evidence → |
| 80.94.92.168 | scanner | 64% | DROP1x OSINT | 2132 | 3 | ssh:bruteforce | — | 2026-05-11 20:10 | evidence → |
| 80.94.92.184 | credential_harvester | 63% | DROP1x OSINT | 8073 | 3 | ssh:bruteforce | — | 2026-05-11 12:14 | evidence → |
| 79.3.96.178 | credential_harvester | 55% | 1x OSINT | 417 | 2 | ssh:bruteforce | host-79-3-96-178.business.telecomitalia.it | 2026-04-07 23:20 | evidence → |
| 103.203.57.2 | scanner | 52% | 301 | 3 | ssh:bruteforce | scan-57-2.security.ipip.net | 2026-05-09 13:14 | evidence → | |
| 87.248.237.138 | credential_harvester | 49% | 217 | 2 | ssh:bruteforce | 87.248.237.138.pool.sknt.ru | 2026-04-12 18:22 | evidence → | |
| 123.59.7.18 | scanner | 46% | 83 | 1 | ssh:bruteforce | — | 2026-05-08 23:48 | evidence → | |
| 23.160.56.192 | data_exfiltrator | 44% | 72 | 2 | ssh:bruteforce | 192so3245.vybrelease.cn.com | 2026-02-25 06:28 | evidence → | |
| 92.118.39.95 | credential_harvester | 42% | DROP | 7588 | 2 | ssh:bruteforce | — | 2026-04-16 05:34 | evidence → |
| 42.112.42.129 | credential_harvester | 40% | 197 | 1 | ssh:bruteforce | — | 2026-03-13 17:14 | evidence → | |
| 91.92.241.59 | 39% | DROP | 228 | 2 | ssh:bruteforce | — | 2026-02-22 08:06 | evidence → | |
| 87.98.166.118 | 38% | 590 | 2 | ssh:bruteforce | ip118.ip-87-98-166.eu | 2026-02-21 01:05 | evidence → | ||
| 103.139.193.223 | opportunistic_bruter | 36% | 23 | 1 | ssh:bruteforce | ip103-139-193-223.cloudhost.web.id | 2026-03-04 17:54 | evidence → | |
| 1.2.3.4 | 36% | 4 | 2 | ssh:bruteforce | — | 2026-02-18 22:00 | evidence → | ||
| 1.2.3.5 | 35% | 2 | 2 | ssh:bruteforce | — | 2026-02-18 22:01 | evidence → | ||
| 148.113.47.97 | 33% | 267 | 2 | ssh:bruteforce | ns5036658.ip-148-113-47.net | 2026-02-19 03:47 | evidence → | ||
| 195.20.19.212 | data_exfiltrator | 33% | 18 | 1 | ssh:bruteforce | gotoufbx-1942-3970 | 2026-03-19 04:52 | evidence → | |
| 192.81.208.35 | 33% | 381 | 2 | ssh:bruteforce | — | 2026-02-18 15:11 | evidence → | ||
| 92.118.39.72 | credential_harvester | 32% | DROP | 4239 | 2 | ssh:bruteforce | — | 2026-04-17 15:19 | evidence → |
| 92.118.39.76 | credential_harvester | 32% | DROP | 4224 | 2 | ssh:bruteforce | — | 2026-04-18 03:10 | evidence → |
| 92.118.39.56 | credential_harvester | 32% | DROP | 4100 | 2 | ssh:bruteforce | — | 2026-04-17 12:10 | evidence → |
| 175.173.171.23 | 31% | 75 | 2 | ssh:bruteforce | — | 2026-02-19 02:18 | evidence → | ||
| 162.243.161.22 | 27% | 8 | 2 | ssh:bruteforce | — | 2026-02-18 19:10 | evidence → | ||
| 64.23.143.185 | credential_probe | 12% | 10 | 1 | ssh:bruteforce | — | 2026-03-09 23:56 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds