IntrusionLabs IntrusionLabs
← Back to feed

Subnet 147.185.132.0/24

SUBNET Active high
Why this campaign was detected
30 IPs from the same /24 subnet (147.185.132.0/24) were observed attacking our sensors within the same time window. All belong to Google LLC (AS396982). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS396982 · Google LLC
Subnet
147.185.132.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
30 IPs
Below average
Total Events
255
Below average by volume
Started / Ended
2026-02-16 19:56 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1190
Credential Access
T1110 T1110.001
Discovery
T1046
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
147.185.132.225 scanner 62% 2x OSINT 11 3 http:scanssh:bruteforce β€” 2026-05-13 17:28 evidence →
147.185.132.120 scanner 60% 1x OSINT 23 3 http:scanssh:bruteforce β€” 2026-05-13 22:44 evidence →
147.185.132.189 scanner 60% 1x OSINT 7 3 http:scanssh:bruteforce β€” 2026-05-14 21:14 evidence →
147.185.132.114 scanner 58% 1x OSINT 16 3 http:scanssh:bruteforce β€” 2026-05-13 04:10 evidence →
147.185.132.90 scanner 54% 2x OSINT 13 2 http:scanssh:bruteforce β€” 2026-05-17 16:09 evidence →
147.185.132.54 scanner 52% 2x OSINT 14 3 ssh:bruteforce β€” 2026-05-13 23:30 evidence →
147.185.132.13 scanner 47% 2x OSINT 12 3 ssh:bruteforce β€” 2026-05-11 10:58 evidence →
147.185.132.231 scanner 46% 2x OSINT 9 2 http:scanssh:bruteforce β€” 2026-05-13 10:22 evidence →
147.185.132.57 scanner 45% 1x OSINT 7 2 http:scanssh:bruteforce β€” 2026-05-15 02:54 evidence →
147.185.132.112 web_probe 44% 2x OSINT 5 1 http:scanssh:bruteforce β€” 2026-05-17 15:22 evidence →
147.185.132.129 web_probe 43% 2x OSINT 5 2 http:scanssh:bruteforce β€” 2026-05-12 12:10 evidence →
147.185.132.87 scanner 43% 2x OSINT 13 2 http:scanssh:bruteforce β€” 2026-05-11 12:18 evidence →
147.185.132.21 scanner 39% 2x OSINT 16 2 ssh:bruteforce β€” 2026-05-14 16:27 evidence →
147.185.132.63 scanner 38% 2x OSINT 8 2 ssh:bruteforce β€” 2026-05-15 04:05 evidence →
147.185.132.91 scanner 37% 1x OSINT 7 1 http:scanssh:bruteforce β€” 2026-05-15 10:25 evidence →
147.185.132.109 scanner 36% 1x OSINT 6 2 ssh:bruteforce β€” 2026-05-15 23:03 evidence →
147.185.132.64 scanner 34% 2x OSINT 8 2 ssh:bruteforce β€” 2026-05-12 22:23 evidence →
147.185.132.153 scanner 34% 2x OSINT 8 1 ssh:bruteforce β€” 2026-05-17 10:07 evidence →
147.185.132.246 scanner 32% 2x OSINT 6 2 ssh:bruteforce β€” 2026-05-12 00:06 evidence →
147.185.132.70 scanner 31% 1x OSINT 12 2 ssh:bruteforce β€” 2026-05-12 16:49 evidence →
147.185.132.4 web_probe 28% 1x OSINT 5 1 http:scan β€” 2026-05-15 09:34 evidence →
147.185.132.6 web_probe 28% 5 1 http:scan β€” 2026-05-17 17:15 evidence →
147.185.132.76 scanner 27% 2x OSINT 4 1 ssh:bruteforce β€” 2026-05-14 04:17 evidence →
147.185.132.79 scanner 23% 2x OSINT 4 1 ssh:bruteforce β€” 2026-05-12 10:35 evidence →
147.185.132.1 web_probe 23% 1x OSINT 3 1 http:scan β€” 2026-05-12 18:47 evidence →
147.185.132.240 scanner 22% 1x OSINT 8 1 ssh:bruteforce β€” 2026-05-13 04:26 evidence →
147.185.132.150 scanner 22% 2x OSINT 8 1 ssh:bruteforce β€” 2026-05-11 04:57 evidence →
147.185.132.16 scanner 22% 2x OSINT 4 1 ssh:bruteforce β€” 2026-05-11 16:55 evidence →
147.185.132.52 scanner 22% 2x OSINT 4 1 ssh:bruteforce β€” 2026-05-11 10:32 evidence →
147.185.132.0 web_probe 19% 4 1 http:scan β€” 2026-05-13 08:36 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds