← Back to feed

Subnet 198.235.24.0/24

SUBNET Active high

Why this campaign was detected

38 IPs from the same /24 subnet (198.235.24.0/24) were observed attacking our sensors within the same time window. All belong to Google LLC (AS396982). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.

Primary ASN

AS396982 · Google LLC

Subnet

198.235.24.0/24

Country

🇺🇸 US

Cloud Provider

—

Member Count

38 IPs

Below average

Total Events

310

Below average by volume

Started / Ended

2026-02-18 04:44 — ongoing

Attack Types

http:scan ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1190

Credential Access

T1110 T1110.001

Discovery

T1046

Member Actors

IP Address	Behavior	Confidence	Events	Agents	Attack Types	Hostname	Last Seen
198.235.24.182	scanner	56%	15	3	http:scanssh:bruteforce	—	2026-05-21 08:20	evidence →
198.235.24.87	scanner	53%	14	3	http:scanssh:bruteforce	—	2026-05-19 16:08	evidence →
198.235.24.93	scanner	52%	9	3	http:scanssh:bruteforce	—	2026-05-19 16:50	evidence →
198.235.24.200	web_probe	52%	6	3	http:scanssh:bruteforce	—	2026-05-19 15:13	evidence →
198.235.24.51	scanner	49%	11	3	http:scanssh:bruteforce	—	2026-05-17 15:23	evidence →
198.235.24.8	web_probe	45%	5	2	http:scanssh:bruteforce	—	2026-05-24 00:15	evidence →
198.235.24.43	scanner	44%	18	3	ssh:bruteforce	—	2026-05-20 04:23	evidence →
198.235.24.78	scanner	42%	14	3	ssh:bruteforce	—	2026-05-17 22:36	evidence →
198.235.24.64	scanner	40%	16	3	ssh:bruteforce	—	2026-05-18 04:03	evidence →
198.235.24.59	web_probe	38%	5	2	http:scanssh:bruteforce	—	2026-05-20 16:39	evidence →
198.235.24.185	scanner	38%	9	2	http:scanssh:bruteforce	—	2026-05-20 01:05	evidence →
198.235.24.241	scanner	38%	11	2	http:scanssh:bruteforce	—	2026-05-19 18:46	evidence →
198.235.24.107	scanner	37%	9	2	http:scanssh:bruteforce	—	2026-05-19 09:13	evidence →
198.235.24.102	scanner	36%	11	2	http:scanssh:bruteforce	—	2026-05-18 11:02	evidence →
198.235.24.123	web_probe	35%	5	2	http:scanssh:bruteforce	—	2026-05-19 02:20	evidence →
198.235.24.176	scanner	35%	5	2	http:scanssh:bruteforce	—	2026-05-18 22:49	evidence →
198.235.24.125	scanner	34%	6	2	ssh:bruteforce	—	2026-05-24 01:42	evidence →
198.235.24.172	web_probe	33%	5	2	http:scanssh:bruteforce	—	2026-05-17 21:15	evidence →
198.235.24.215	scanner	32%	14	2	ssh:bruteforce	—	2026-05-20 20:07	evidence →
198.235.24.94	scanner	32%	22	2	ssh:bruteforce	—	2026-05-21 10:31	evidence →
198.235.24.196	web_probe	31%	5	1	http:scanssh:bruteforce	—	2026-05-21 16:10	evidence →
198.235.24.150	web_probe	30%	1	1	http:scan	—	2026-05-22 15:42	evidence →
198.235.24.159	scanner	30%	4	1	ssh:bruteforce	—	2026-05-23 22:53	evidence →
198.235.24.158	scanner	30%	4	1	ssh:bruteforce	—	2026-05-22 22:46	evidence →
198.235.24.147	scanner	30%	8	2	ssh:bruteforce	—	2026-05-21 04:54	evidence →
198.235.24.149	web_probe	29%	1	1	http:scan	—	2026-05-23 00:17	evidence →
198.235.24.127	scanner	29%	2	1	ssh:bruteforce	—	2026-05-22 18:37	evidence →
198.235.24.4	web_probe	28%	6	1	http:scan	—	2026-05-24 01:34	evidence →
198.235.24.24	scanner	27%	9	1	http:scanssh:bruteforce	—	2026-05-18 21:15	evidence →
198.235.24.209	scanner	26%	14	2	ssh:bruteforce	—	2026-05-19 01:13	evidence →
198.235.24.248	scanner	25%	12	2	ssh:bruteforce	—	2026-05-18 04:07	evidence →
198.235.24.138	scanner	21%	4	1	ssh:bruteforce	—	2026-05-21 22:42	evidence →
198.235.24.208	scanner	20%	8	1	ssh:bruteforce	—	2026-05-20 23:13	evidence →
198.235.24.7	web_probe	18%	5	1	http:scan	—	2026-05-19 02:13	evidence →
198.235.24.73	web_probe	18%	1	1	http:scan	—	2026-05-19 16:14	evidence →
198.235.24.156	scanner	16%	4	1	ssh:bruteforce	—	2026-05-19 10:16	evidence →
198.235.24.216	scanner	16%	8	1	ssh:bruteforce	—	2026-05-18 16:18	evidence →
198.235.24.152	scanner	15%	4	1	ssh:bruteforce	—	2026-05-18 22:49	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds