← Back to feed
Subnet 2.57.122.0/24
SUBNET Active highWhy this campaign was detected
9 IPs from the same /24 subnet (2.57.122.0/24) were observed attacking our sensors within the same time window. All belong to Unmanaged Ltd (AS47890). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS47890 · Unmanaged Ltd
Subnet
2.57.122.0/24
Country
🇷🇴 RO
Cloud Provider
—
Member Count
9 IPs
Below average
Total Events
20144
Below average by volume
Started / Ended
2026-02-18 00:01 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 2.57.122.210 | credential_harvester | 69% | DROP2x OSINT | 8056 | 3 | ssh:bruteforce | — | 2026-05-07 07:50 | evidence → |
| 2.57.122.191 | opportunistic_bruter | 68% | DROP1x OSINT | 135 | 3 | ssh:bruteforce | — | 2026-05-12 01:03 | evidence → |
| 2.57.122.238 | credential_harvester | 68% | DROP2x OSINT | 11243 | 3 | ssh:bruteforce | — | 2026-05-12 04:16 | evidence → |
| 2.57.122.190 | opportunistic_bruter | 63% | DROP1x OSINT | 110 | 3 | ssh:bruteforce | — | 2026-05-09 07:04 | evidence → |
| 2.57.122.197 | opportunistic_bruter | 62% | DROP1x OSINT | 75 | 3 | ssh:bruteforce | — | 2026-05-09 13:03 | evidence → |
| 2.57.122.192 | opportunistic_bruter | 62% | DROP1x OSINT | 100 | 3 | ssh:bruteforce | — | 2026-05-09 01:02 | evidence → |
| 2.57.122.189 | opportunistic_bruter | 62% | DROP1x OSINT | 100 | 3 | ssh:bruteforce | — | 2026-05-09 01:02 | evidence → |
| 2.57.122.195 | opportunistic_bruter | 61% | DROP1x OSINT | 160 | 3 | ssh:bruteforce | — | 2026-05-08 07:04 | evidence → |
| 2.57.122.194 | opportunistic_bruter | 61% | DROP1x OSINT | 165 | 3 | ssh:bruteforce | — | 2026-05-08 04:03 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds