← Back to feed
Multi-Agent Scan
SCAN Active mediumWhy this campaign was detected
15 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.
Primary ASN
—
Subnet
—
Country
—
Cloud Provider
—
Member Count
15 IPs
Below average
Total Events
1261
Below average by volume
Started / Ended
2026-03-19 04:50 — ongoing
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 197.199.224.52 | credential_harvester | 63% | 560 | 2 | ssh:bruteforce | — | 2026-04-16 14:22 | evidence → | |
| 194.58.114.52 | data_exfiltrator | 63% | 1x OSINT | 29 | 2 | ssh:bruteforce | — | 2026-04-16 14:08 | evidence → |
| 120.48.130.213 | scanner | 61% | 241 | 2 | ssh:bruteforce | — | 2026-04-16 08:59 | evidence → | |
| 103.236.140.19 | credential_harvester | 60% | 98 | 2 | ssh:bruteforce | — | 2026-04-16 07:46 | evidence → | |
| 120.48.80.70 | scanner | 58% | 34 | 2 | ssh:bruteforce | — | 2026-04-16 15:20 | evidence → | |
| 36.64.174.98 | reconnaissance | 56% | 53 | 2 | ssh:bruteforce | — | 2026-04-16 09:48 | evidence → | |
| 14.103.228.234 | scanner | 49% | 25 | 1 | ssh:bruteforce | — | 2026-04-16 09:38 | evidence → | |
| 45.148.10.152 | opportunistic_bruter | 48% | DROP | 95 | 2 | ssh:bruteforce | — | 2026-04-16 16:03 | evidence → |
| 2.57.122.194 | opportunistic_bruter | 48% | DROP | 90 | 2 | ssh:bruteforce | — | 2026-04-16 16:02 | evidence → |
| 43.166.245.120 | web_probe | 36% | 3 | 2 | http:scan | — | 2026-04-16 10:43 | evidence → | |
| 45.79.8.221 | scanner | 35% | 13 | 2 | ssh:bruteforce | — | 2026-04-16 05:32 | evidence → | |
| 205.169.39.16 | web_probe | 35% | 2 | 2 | http:scan | — | 2026-04-16 06:58 | evidence → | |
| 2.26.81.183 | credential_probe | 35% | 20 | 2 | ssh:bruteforce | — | 2026-04-16 09:10 | evidence → | |
| 45.79.211.97 | scanner | 35% | 11 | 2 | ssh:bruteforce | — | 2026-04-16 04:32 | evidence → | |
| 46.151.182.164 | mysql_probe | 32% | DROP | 3 | 2 | mysql:bruteforce | — | 2026-04-16 12:44 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds