← Back to feed
AS9009 M247 Europe SRL
ASN Ended mediumWhy this campaign was detected
5 IPs from the same network (M247 Europe SRL, AS9009) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS9009 · M247 Europe SRL
Subnet
—
Country
🇨🇭 CH
Cloud Provider
—
Member Count
5 IPs
Below average
Total Events
253
Below average by volume
Started / Ended
2026-02-23 21:44 — ongoing
Attack Types
MITRE ATT&CK Techniques
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 37.120.213.13 | credential_harvester | 63% | VPN3x OSINT | 160 | 3 | ssh:bruteforce | — | 2026-06-06 17:51 | evidence → |
| 149.154.159.178 | credential_harvester | 32% | VPN | 76 | 2 | ssh:bruteforce | — | 2026-05-13 23:41 | evidence → |
| 151.236.16.192 | credential_harvester | 30% | VPN | 20 | 2 | ssh:bruteforce | — | 2026-05-14 09:27 | evidence → |
| 2.58.46.178 | credential_probe | 23% | VPN | 24 | 2 | ssh:bruteforce | — | 2026-05-14 11:29 | evidence → |
| 185.200.116.211 | mysql_bruter | 14% | VPN | 8 | 1 | mysql:bruteforce | — | 2026-05-13 14:05 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds