Port-Scanning is a popular technique that helps detect open ports to connect to on the internet, with both benign and malicious applications. While methods have been developed to detect scans coming from one source, adversaries have started to distribute their scans among multiple hosts. Detecting these collaborative scanners, however, is a difficult task, and no established method has emerged yet. In this paper, we propose a method to cluster scanning groups from network telescope data based on the assumption that scanners working together will have similar behavioral features. An evaluation framework based on address space coverage and overlap is introduced and the performance of two clustering algorithms, HDBSCAN and DBSCAN, is compared. A clear indication was found that only relying on behavioral features and applying unsupervised clustering techniques can result in incomplete groups or clusters with more than one group inside, with HDBSCAN generally performing better than DBSCAN. The effectiveness of the evaluation framework is also discussed, as some of the identified groups indicated overlaps, but manual analysis reveals that they have the potential to belong to a single party.