← Back to feed

Subnet 147.185.132.0/24

SUBNET Active high
Why this campaign was detected
22 IPs from the same /24 subnet (147.185.132.0/24) were observed attacking our sensors within the same time window. All belong to Google LLC (AS396982). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS396982 · Google LLC
Subnet
147.185.132.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
22 IPs
Below average
Total Events
348
Below average by volume
Started / Ended
2026-02-16 19:56 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
147.185.132.120 scanner 64% 1x OSINT 37 3 http:scanssh:bruteforce β€” 2026-07-15 22:59 evidence →
147.185.132.100 scanner 62% 1x OSINT 20 3 http:scanssh:bruteforce β€” 2026-07-15 15:35 evidence →
147.185.132.91 scanner 60% 1x OSINT 12 3 http:scanssh:bruteforce β€” 2026-07-15 02:37 evidence →
147.185.132.42 scanner 60% 1x OSINT 8 3 http:scanssh:bruteforce β€” 2026-07-15 04:48 evidence →
147.185.132.237 scanner 58% 17 3 http:scanssh:bruteforce β€” 2026-07-15 22:41 evidence →
147.185.132.168 scanner 57% 1x OSINT 11 3 http:scanssh:bruteforce β€” 2026-07-13 10:07 evidence →
147.185.132.48 scanner 55% 1x OSINT 27 3 http:scanssh:bruteforce β€” 2026-07-11 16:21 evidence →
147.185.132.114 scanner 55% 1x OSINT 30 3 http:scanssh:bruteforce β€” 2026-07-11 10:57 evidence →
147.185.132.16 scanner 55% 13 3 http:scanssh:bruteforce β€” 2026-07-14 16:05 evidence →
147.185.132.109 scanner 55% 1x OSINT 19 3 http:scanssh:bruteforce β€” 2026-07-11 16:40 evidence →
147.185.132.79 scanner 53% 1x OSINT 13 3 http:scanssh:bruteforce β€” 2026-07-11 03:24 evidence →
147.185.132.18 scanner 43% 1x OSINT 9 2 http:scanssh:bruteforce β€” 2026-07-13 19:05 evidence →
147.185.132.31 scanner 39% 1x OSINT 15 2 http:scanssh:bruteforce β€” 2026-07-11 16:14 evidence →
147.185.132.222 scanner 37% 1x OSINT 16 2 ssh:bruteforce β€” 2026-07-15 20:13 evidence →
147.185.132.252 scanner 34% 1x OSINT 12 2 ssh:bruteforce β€” 2026-07-14 16:56 evidence →
147.185.132.12 web_probe 32% 1x OSINT 2 2 http:scan β€” 2026-07-13 09:15 evidence →
147.185.132.0 web_probe 25% 16 1 http:scan β€” 2026-07-15 08:17 evidence →
147.185.132.6 web_probe 23% 15 1 http:scan β€” 2026-07-14 18:26 evidence →
147.185.132.1 web_probe 22% 14 1 http:scan β€” 2026-07-14 00:37 evidence →
147.185.132.4 web_probe 21% 13 1 http:scan β€” 2026-07-13 10:15 evidence →
147.185.132.3 web_probe 20% 15 1 http:scan β€” 2026-07-13 02:37 evidence →
147.185.132.2 web_probe 19% 14 1 http:scan β€” 2026-07-12 09:17 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds