← Back to feed
Multi-Agent Scan
SCAN Active mediumWhy this campaign was detected
6 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
6 IPs
Below average
Total Events
3586
Below average by volume
Started / Ended
2026-02-23 17:23 — ongoing
MITRE ATT&CK Techniques
Discovery
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 213.209.159.158 | credential_harvester | 84% | DROP1x OSINT | 7600 | 3 | ssh:bruteforce | — | 2026-05-11 16:45 | evidence → |
| 103.67.78.201 | credential_harvester | 51% | 775 | 2 | ssh:bruteforce | — | 2026-04-21 15:44 | evidence → | |
| 13.73.111.251 | credential_harvester | 48% | 151 | 2 | ssh:bruteforce | — | 2026-03-17 03:42 | evidence → | |
| 164.92.248.125 | web_probe | 32% | 5 | 2 | http:scanssh:bruteforce | — | 2026-03-17 03:23 | evidence → | |
| 142.93.199.193 | scanner | 22% | 8 | 2 | ssh:bruteforce | — | 2026-03-17 03:17 | evidence → | |
| 170.64.138.44 | scanner | 22% | 8 | 2 | ssh:bruteforce | — | 2026-03-17 17:34 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds