← Back to feed
AS40021 Contabo Inc.
ASN Active mediumWhy this campaign was detected
5 IPs from the same network (Contabo Inc., AS40021) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS40021 · Contabo Inc.
Subnet
—
Country
πΊπΈ US
Cloud Provider
—
Member Count
5 IPs
Below average
Total Events
423
Below average by volume
Started / Ended
2026-05-05 02:10 — ongoing
Attack Types
MITRE ATT&CK Techniques
Reconnaissance
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 85.239.248.63 | credential_harvester | 67% | 1x OSINT | 328 | 2 | ssh:bruteforce | β | 2026-05-30 14:37 | evidence → |
| 154.12.226.37 | credential_harvester | 40% | 74 | 2 | ssh:bruteforce | β | 2026-05-29 12:05 | evidence → | |
| 154.12.226.221 | data_exfiltrator | 37% | 6 | 1 | ssh:bruteforce | β | 2026-05-28 05:46 | evidence → | |
| 217.216.93.147 | reconnaissance | 26% | 26 | 1 | ssh:bruteforce | β | 2026-05-24 13:50 | evidence → | |
| 217.216.66.74 | web_probe | 24% | 1x OSINT | 2 | 1 | http:scan | β | 2026-05-28 08:15 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds