← Back to feed

Subnet 198.235.24.0/24

SUBNET Active high
Why this campaign was detected
38 IPs from the same /24 subnet (198.235.24.0/24) were observed attacking our sensors within the same time window. All belong to Google LLC (AS396982). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS396982 · Google LLC
Subnet
198.235.24.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
38 IPs
Below average
Total Events
518
Below average by volume
Started / Ended
2026-02-18 04:44 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
198.235.24.236 scanner 67% 1x OSINT 26 3 http:scanssh:bruteforce β€” 2026-07-17 21:59 evidence →
198.235.24.200 scanner 66% 1x OSINT 17 3 http:scanssh:bruteforce β€” 2026-07-17 10:55 evidence →
198.235.24.93 scanner 65% 1x OSINT 17 3 http:scanssh:bruteforce β€” 2026-07-17 04:39 evidence →
198.235.24.58 scanner 63% 1x OSINT 22 3 http:scanssh:bruteforce β€” 2026-07-15 16:31 evidence →
198.235.24.40 scanner 62% 1x OSINT 17 3 http:scanssh:bruteforce β€” 2026-07-15 10:07 evidence →
198.235.24.134 scanner 61% 1x OSINT 9 3 http:scanssh:bruteforce β€” 2026-07-15 17:03 evidence →
198.235.24.72 scanner 60% 1x OSINT 15 3 http:scanssh:bruteforce β€” 2026-07-14 18:21 evidence →
198.235.24.14 scanner 60% 1x OSINT 14 3 http:scanssh:bruteforce β€” 2026-07-14 18:20 evidence →
198.235.24.76 scanner 60% 1x OSINT 11 3 http:scanssh:bruteforce β€” 2026-07-14 17:07 evidence →
198.235.24.83 scanner 59% 1x OSINT 18 3 http:scanssh:bruteforce β€” 2026-07-13 17:23 evidence →
198.235.24.241 scanner 59% 1x OSINT 17 3 http:scanssh:bruteforce β€” 2026-07-13 16:37 evidence →
198.235.24.230 scanner 57% 1x OSINT 7 3 http:scanssh:bruteforce β€” 2026-07-13 16:22 evidence →
198.235.24.228 scanner 54% 1x OSINT 11 3 http:scanssh:bruteforce β€” 2026-07-11 18:24 evidence →
198.235.24.27 scanner 50% 1x OSINT 10 2 http:scanssh:bruteforce β€” 2026-07-17 17:02 evidence →
198.235.24.155 scanner 50% 1x OSINT 14 2 http:scanssh:bruteforce β€” 2026-07-17 04:12 evidence →
198.235.24.206 scanner 47% 1x OSINT 20 2 http:scanssh:bruteforce β€” 2026-07-15 10:30 evidence →
198.235.24.234 scanner 46% 1x OSINT 18 2 http:scanssh:bruteforce β€” 2026-07-14 21:11 evidence →
198.235.24.88 web_probe 45% 1x OSINT 10 2 http:scanssh:bruteforce β€” 2026-07-15 03:15 evidence →
198.235.24.112 scanner 45% 1x OSINT 18 2 http:scanssh:bruteforce β€” 2026-07-14 10:21 evidence →
198.235.24.45 scanner 44% 1x OSINT 19 2 http:scanssh:bruteforce β€” 2026-07-13 22:38 evidence →
198.235.24.202 scanner 44% 1x OSINT 20 3 ssh:bruteforce β€” 2026-07-11 10:36 evidence →
198.235.24.177 web_probe 43% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-07-14 12:44 evidence →
198.235.24.60 web_probe 43% 1x OSINT 6 2 http:scanssh:bruteforce β€” 2026-07-13 22:51 evidence →
198.235.24.37 scanner 42% 1x OSINT 30 2 http:scanssh:bruteforce β€” 2026-07-12 08:11 evidence →
198.235.24.74 scanner 42% 1x OSINT 7 2 http:scanssh:bruteforce β€” 2026-07-13 06:56 evidence →
198.235.24.68 scanner 40% 1x OSINT 11 2 http:scanssh:bruteforce β€” 2026-07-13 10:22 evidence →
198.235.24.143 scanner 40% 1x OSINT 8 2 ssh:bruteforce β€” 2026-07-17 22:32 evidence →
198.235.24.142 scanner 38% 1x OSINT 14 2 http:scanssh:bruteforce β€” 2026-07-11 00:20 evidence →
198.235.24.99 scanner 37% 1x OSINT 18 2 ssh:bruteforce β€” 2026-07-15 22:07 evidence →
198.235.24.195 scanner 37% 1x OSINT 16 2 ssh:bruteforce β€” 2026-07-15 22:21 evidence →
198.235.24.30 web_probe 37% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-07-11 00:20 evidence →
198.235.24.180 web_probe 34% 1x OSINT 2 2 http:scan β€” 2026-07-14 14:58 evidence →
198.235.24.237 scanner 33% 2x OSINT 8 2 ssh:bruteforce β€” 2026-07-12 02:16 evidence →
198.235.24.186 scanner 32% 1x OSINT 14 2 ssh:bruteforce β€” 2026-07-13 05:01 evidence →
198.235.24.52 scanner 30% 1x OSINT 18 2 ssh:bruteforce β€” 2026-07-11 17:01 evidence →
198.235.24.160 web_probe 27% 10 1 http:scan β€” 2026-07-17 02:13 evidence →
198.235.24.15 scanner 22% 1x OSINT 4 1 ssh:bruteforce β€” 2026-07-13 16:16 evidence →
198.235.24.4 web_probe 18% 12 1 http:scan β€” 2026-07-12 00:37 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds