← Back to feed

Multi-Agent Scan

SCAN Active medium

Why this campaign was detected

13 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Azure. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.

Primary ASN

—

Subnet

—

Country

—

Cloud Provider

Azure

Member Count

13 IPs

Below average

Total Events

7615

Below average by volume

Started / Ended

2026-03-01 11:38 — ongoing

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
130.12.180.51	data_exfiltrator	79%	DROP	3820	3	ssh:bruteforce	—	2026-05-20 08:04	evidence →
152.32.130.174	credential_harvester	79%	1x OSINT	1057	3	ssh:bruteforce	—	2026-05-17 06:52	evidence →
154.57.216.142	credential_harvester	76%	1x OSINT	723	3	ssh:bruteforce	—	2026-05-16 08:47	evidence →
103.176.20.115	credential_harvester	64%	1x OSINT	760	2	ssh:bruteforce	—	2026-05-17 21:35	evidence →
4.150.201.26	malware_dropper	64%	1x OSINT	46	2	ssh:bruteforce	—	2026-05-20 03:35	evidence →
103.203.57.2	scanner	59%	2x OSINT	345	3	ssh:bruteforce	scan-57-2.security.ipip.net	2026-05-17 08:04	evidence →
163.7.9.84	credential_harvester	58%	1x OSINT	422	2	ssh:bruteforce	—	2026-05-15 07:26	evidence →
165.154.236.104	credential_harvester	57%	DROP1x OSINT	397	2	ssh:bruteforce	—	2026-05-14 20:20	evidence →
118.39.234.65	malware_dropper	52%	1x OSINT	23	1	ssh:bruteforce	—	2026-05-19 06:41	evidence →
123.160.223.72	web_probe	51%		5	3	http:scan	—	2026-05-20 01:10	evidence →
124.121.31.5	opportunistic_bruter	48%	1x OSINT	18	1	ssh:bruteforce	—	2026-05-17 09:36	evidence →
117.164.191.217	scanner	46%	2x OSINT	27	2	ssh:bruteforce	—	2026-05-20 01:13	evidence →
163.7.9.55	opportunistic_bruter	43%	1x OSINT	23	1	ssh:bruteforce	—	2026-05-14 09:11	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds