← Back to feed
Subnet 2.57.122.0/24
SUBNET Active highWhy this campaign was detected
3 IPs from the same /24 subnet (2.57.122.0/24) were observed attacking our sensors within the same time window. All belong to Unmanaged Ltd (AS47890). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS47890 · Unmanaged Ltd
Subnet
2.57.122.0/24
Country
🇷🇴 RO
Cloud Provider
—
Member Count
3 IPs
Below average
Total Events
31749
Average by volume
Started / Ended
2026-02-18 00:01 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Execution
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 2.57.122.168 | interactive_operator | 85% | DROP2x OSINT | 1111 | 3 | ssh:bruteforce | — | 2026-07-17 19:23 | evidence → |
| 2.57.122.209 | interactive_operator | 82% | DROP1x OSINT | 5634 | 3 | ssh:bruteforce | — | 2026-07-17 21:09 | evidence → |
| 2.57.122.238 | credential_harvester | 68% | DROP2x OSINT | 25004 | 3 | ssh:bruteforce | — | 2026-07-17 21:31 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds