← Back to feed

Subnet 2.57.122.0/24

SUBNET Active high
Why this campaign was detected
3 IPs from the same /24 subnet (2.57.122.0/24) were observed attacking our sensors within the same time window. All belong to Unmanaged Ltd (AS47890). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS47890 · Unmanaged Ltd
Subnet
2.57.122.0/24
Country
🇷🇴 RO
Cloud Provider
Member Count
3 IPs
Below average
Total Events
31749
Average by volume
Started / Ended
2026-02-18 00:01 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Execution
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
2.57.122.168 interactive_operator 85% DROP2x OSINT 1111 3 ssh:bruteforce 2026-07-17 19:23 evidence →
2.57.122.209 interactive_operator 82% DROP1x OSINT 5634 3 ssh:bruteforce 2026-07-17 21:09 evidence →
2.57.122.238 credential_harvester 68% DROP2x OSINT 25004 3 ssh:bruteforce 2026-07-17 21:31 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds