← Back to feed
AS51167 Contabo GmbH
ASN Active mediumWhy this campaign was detected
9 IPs from the same network (Contabo GmbH, AS51167) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS51167 · Contabo GmbH
Subnet
—
Country
🇫🇷 FR
Cloud Provider
—
Member Count
9 IPs
Below average
Total Events
1298
Below average by volume
Started / Ended
2026-02-18 03:42 — ongoing
Attack Types
MITRE ATT&CK Techniques
Discovery
Command and Control
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 173.212.228.191 | credential_harvester | 64% | 1x OSINT | 529 | 2 | ssh:bruteforce | — | 2026-05-11 18:06 | evidence → |
| 173.249.41.171 | credential_harvester | 64% | 1x OSINT | 368 | 2 | ssh:bruteforce | — | 2026-05-11 14:39 | evidence → |
| 207.180.229.239 | credential_harvester | 61% | 1x OSINT | 273 | 2 | ssh:bruteforce | vmi3056412.contaboserver.net | 2026-05-10 17:18 | evidence → |
| 185.135.137.194 | credential_harvester | 44% | 54 | 2 | ssh:bruteforce | — | 2026-05-13 11:49 | evidence → | |
| 207.180.221.143 | credential_harvester | 39% | 42 | 2 | ssh:bruteforce | — | 2026-05-11 05:20 | evidence → | |
| 85.190.254.104 | credential_harvester | 31% | 1x OSINT | 14 | 1 | ssh:bruteforce | — | 2026-05-10 00:55 | evidence → |
| 161.97.84.45 | web_probe | 31% | 2 | 2 | http:scan | — | 2026-05-11 02:07 | evidence → | |
| 5.182.33.92 | web_probe | 29% | 2 | 2 | http:scan | — | 2026-05-10 02:19 | evidence → | |
| 185.202.223.106 | credential_harvester | 26% | 14 | 1 | ssh:bruteforce | — | 2026-05-10 01:23 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds