← Back to feed

AS51167 Contabo GmbH

ASN Active medium
Why this campaign was detected
16 IPs from the same network (Contabo GmbH, AS51167) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS51167 · Contabo GmbH
Subnet
Country
🇫🇷 FR
Cloud Provider
Member Count
16 IPs
Below average
Total Events
3024
Below average by volume
Started / Ended
2026-02-18 03:42 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
173.249.52.138 credential_harvester 83% 1x OSINT 918 3 ssh:bruteforce vmi3056395.contaboserver.net 2026-07-17 12:23 evidence →
164.68.97.79 credential_harvester 60% 810 2 ssh:bruteforce 2026-07-15 13:47 evidence →
13.140.175.62 credential_harvester 48% 1x OSINT 630 1 ssh:bruteforce 2026-07-11 19:52 evidence →
144.91.91.205 credential_harvester 43% 435 1 ssh:bruteforce 2026-07-12 01:43 evidence →
185.255.131.182 scanner 39% 22 1 ssh:bruteforce 2026-07-17 20:45 evidence →
84.247.191.195 reconnaissance 38% 1x OSINT 8 1 ssh:bruteforce 2026-07-15 18:26 evidence →
161.97.116.231 reconnaissance 32% 40 1 ssh:bruteforce 2026-07-13 19:40 evidence →
185.209.229.188 reconnaissance 32% 16 1 ssh:bruteforce 2026-07-14 13:26 evidence →
109.199.102.15 opportunistic_bruter 32% 20 1 ssh:bruteforce 2026-07-15 15:37 evidence →
185.229.119.190 opportunistic_bruter 31% 10 1 ssh:bruteforce 2026-07-15 17:20 evidence →
194.163.160.229 credential_probe 30% 1x OSINT 10 2 ssh:bruteforce 2026-07-13 05:19 evidence →
31.187.74.54 reconnaissance 29% 10 1 ssh:bruteforce 2026-07-13 07:56 evidence →
45.149.206.10 credential_probe 26% 15 2 ssh:bruteforce 2026-07-13 08:56 evidence →
161.97.123.14 credential_harvester 18% 40 1 ssh:bruteforce 2026-07-11 11:57 evidence →
77.237.244.154 credential_harvester 18% 25 1 ssh:bruteforce 2026-07-11 15:56 evidence →
89.117.50.31 credential_probe 17% 15 1 ssh:bruteforce 2026-07-13 06:45 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds