← Back to feed

AS24940 Hetzner Online GmbH

ASN Active medium
Why this campaign was detected
10 IPs from the same network (Hetzner Online GmbH, AS24940) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS24940 · Hetzner Online GmbH
Subnet
Country
🇩🇪 DE
Cloud Provider
Member Count
10 IPs
Below average
Total Events
2116
Below average by volume
Started / Ended
2026-02-18 14:23 — 2026-04-11 14:19
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
178.105.152.163 credential_harvester 53% 669 2 ssh:bruteforce 2026-07-12 09:33 evidence →
178.105.77.12 credential_harvester 44% 646 1 ssh:bruteforce 2026-07-12 09:35 evidence →
65.109.182.128 credential_harvester 43% 1x OSINT 23 1 ssh:bruteforce 2026-07-12 08:06 evidence →
178.105.244.244 credential_harvester 42% 664 1 ssh:bruteforce 2026-07-11 03:59 evidence →
46.225.9.118 malware_dropper 39% 23 1 ssh:bruteforce 2026-07-12 08:18 evidence →
78.47.195.51 opportunistic_bruter 39% 23 1 ssh:bruteforce 2026-07-12 08:09 evidence →
95.216.147.230 opportunistic_bruter 39% 23 1 ssh:bruteforce 2026-07-12 08:09 evidence →
178.105.87.232 opportunistic_bruter 38% 23 1 ssh:bruteforce 2026-07-12 06:37 evidence →
46.224.68.205 web_probe 17% 13 1 http:scan 2026-07-11 10:12 evidence →
178.105.183.10 web_probe 17% 9 1 http:scan 2026-07-11 10:27 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds