← Back to feed
Multi-Agent Scan
SCAN Active mediumWhy this campaign was detected
6 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
6 IPs
Below average
Total Events
6519
Below average by volume
Started / Ended
2026-02-22 16:58 — ongoing
MITRE ATT&CK Techniques
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 45.148.10.121 | credential_harvester | 84% | DROP2x OSINT | 12637 | 3 | ssh:bruteforce | — | 2026-05-13 12:23 | evidence → |
| 72.253.251.7 | credential_harvester | 56% | 1x OSINT | 942 | 2 | ssh:bruteforce | — | 2026-04-15 12:32 | evidence → |
| 106.51.50.23 | credential_harvester | 47% | 66 | 2 | ssh:bruteforce | — | 2026-03-29 08:31 | evidence → | |
| 185.73.84.45 | scanner | 21% | 4 | 2 | ssh:bruteforce | — | 2026-03-29 08:39 | evidence → | |
| 38.109.112.180 | scanner | 21% | 4 | 2 | ssh:bruteforce | — | 2026-03-29 10:27 | evidence → | |
| 192.155.90.220 | web_probe | 10% | 2x OSINT | 49 | 3 | http:scanssh:bruteforce | bern.scan.bufferover.run | 2026-05-13 12:33 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds