← Back to feed

Multi-Agent Scan

SCAN Active medium

Why this campaign was detected

13 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close succession indicates shared reconnaissance tooling or a coordinated scan list.

Primary ASN

—

Subnet

—

Country

—

Cloud Provider

—

Member Count

13 IPs

Below average

Total Events

7507

Below average by volume

Started / Ended

2026-02-27 21:01 — ongoing

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
158.178.141.16	credential_harvester	80%	2x OSINT	1798	3	ssh:bruteforce	—	2026-06-13 09:48	evidence →
222.232.176.7	credential_harvester	80%	2x OSINT	2604	3	ssh:bruteforce	—	2026-06-12 22:00	evidence →
203.145.143.163	credential_harvester	76%	1x OSINT	1726	3	ssh:bruteforce	—	2026-06-13 01:10	evidence →
95.215.0.144	scanner	64%	2x OSINT	123	3	ftp:bruteforcessh:bruteforce	scan.f6.security	2026-06-12 18:17	evidence →
58.186.20.143	credential_harvester	61%	1x OSINT	1157	2	ssh:bruteforce	—	2026-06-13 01:10	evidence →
64.89.163.169	mysql_bruter	54%	DROP1x OSINT	319	3	mysql:bruteforce	—	2026-06-12 21:50	evidence →
198.199.106.159	credential_harvester	48%	1x OSINT	834	2	ssh:bruteforce	—	2026-06-14 09:55	evidence →
85.217.149.70	scanner	47%	2x OSINT	20	2	http:scanssh:bruteforce	—	2026-06-12 23:02	evidence →
208.87.242.161	credential_harvester	47%	1x OSINT	490	2	ssh:bruteforce	—	2026-06-13 23:40	evidence →
144.172.92.197	credential_harvester	47%		1285	2	ssh:bruteforce	—	2026-06-13 03:40	evidence →
148.66.142.9	credential_harvester	44%	1x OSINT	51	2	ssh:bruteforce	—	2026-06-13 08:52	evidence →
192.3.150.58	credential_harvester	43%	1x OSINT	152	2	ssh:bruteforce	—	2026-06-12 20:46	evidence →
102.67.141.165	credential_harvester	40%		154	2	ssh:bruteforce	—	2026-06-13 20:59	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds