← Back to feed

AS40021 Contabo Inc.

ASN Ended medium
Why this campaign was detected
5 IPs from the same network (Contabo Inc., AS40021) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS40021 · Contabo Inc.
Subnet
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
5 IPs
Below average
Total Events
181
Below average by volume
Started / Ended
2026-05-05 02:10 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Command and Control
Exfiltration
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
147.93.179.147 malware_dropper 41% 1x OSINT 23 1 ssh:bruteforce β€” 2026-06-21 01:36 evidence →
154.12.226.37 credential_harvester 32% 88 2 ssh:bruteforce β€” 2026-06-27 18:25 evidence →
66.94.100.232 credential_harvester 32% 76 2 ssh:bruteforce β€” 2026-06-27 09:16 evidence →
154.53.45.233 data_exfiltrator 31% 6 1 ssh:bruteforce β€” 2026-06-21 13:33 evidence →
94.72.112.185 web_probe 24% 4 2 http:scan β€” 2026-06-30 07:22 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds