← Back to feed
Multi-Agent Scan
SCAN Active mediumWhy this campaign was detected
9 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
9 IPs
Below average
Total Events
1779
Below average by volume
Started / Ended
2026-02-22 20:13 — ongoing
MITRE ATT&CK Techniques
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 130.12.180.51 | data_exfiltrator | 79% | DROP | 3395 | 3 | ssh:bruteforce | — | 2026-05-11 12:22 | evidence → |
| 180.76.98.164 | scanner | 62% | 1x OSINT | 318 | 2 | ssh:bruteforce | — | 2026-05-08 19:53 | evidence → |
| 177.94.206.38 | credential_harvester | 60% | 1x OSINT | 432 | 2 | ssh:bruteforce | — | 2026-05-07 12:20 | evidence → |
| 106.13.100.52 | scanner | 59% | 1x OSINT | 108 | 2 | ssh:bruteforce | — | 2026-05-08 10:22 | evidence → |
| 43.165.3.187 | credential_harvester | 55% | 1x OSINT | 620 | 2 | ssh:bruteforce | — | 2026-04-30 21:23 | evidence → |
| 133.18.105.94 | credential_harvester | 48% | 113 | 2 | ssh:bruteforce | — | 2026-03-16 13:10 | evidence → | |
| 65.49.1.142 | scanner | 39% | 1x OSINT | 21 | 2 | http:scanssh:bruteforce | — | 2026-05-01 07:40 | evidence → |
| 161.118.185.2 | credential_probe | 22% | 15 | 2 | ssh:bruteforce | — | 2026-03-16 16:32 | evidence → | |
| 170.64.198.74 | scanner | 22% | 6 | 2 | ssh:bruteforce | — | 2026-03-16 15:37 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds