← Back to feed
AS4134 Chinanet
ASN Active mediumWhy this campaign was detected
50 IPs from the same network (Chinanet, AS4134) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS4134 · Chinanet
Subnet
—
Country
🇨🇳 CN
Cloud Provider
—
Member Count
50 IPs
Below average
Total Events
5924
Below average by volume
Started / Ended
2026-02-18 18:12 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Command and Control
Exfiltration
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 180.108.64.6 | scanner | 69% | 113 | 3 | ssh:bruteforce | — | 2026-05-08 08:20 | evidence → | |
| 106.58.173.254 | credential_harvester | 66% | 1x OSINT | 215 | 2 | ssh:bruteforce | — | 2026-05-11 15:30 | evidence → |
| 171.15.131.165 | scanner | 66% | 1x OSINT | 135 | 2 | ssh:bruteforce | — | 2026-05-10 19:38 | evidence → |
| 58.209.234.84 | scanner | 65% | 1x OSINT | 132 | 2 | ssh:bruteforce | — | 2026-05-11 15:32 | evidence → |
| 14.29.214.161 | credential_harvester | 63% | 1x OSINT | 381 | 2 | ssh:bruteforce | — | 2026-05-09 13:20 | evidence → |
| 14.29.208.128 | scanner | 62% | 1x OSINT | 279 | 2 | ssh:bruteforce | — | 2026-05-09 08:42 | evidence → |
| 14.29.240.154 | scanner | 62% | 1x OSINT | 127 | 2 | ssh:bruteforce | — | 2026-05-09 22:13 | evidence → |
| 49.64.169.153 | scanner | 62% | 1x OSINT | 285 | 2 | ssh:bruteforce | — | 2026-05-08 23:24 | evidence → |
| 49.72.212.22 | scanner | 61% | 1x OSINT | 89 | 2 | ssh:bruteforce | — | 2026-05-09 17:20 | evidence → |
| 59.36.78.66 | credential_harvester | 61% | 1x OSINT | 107 | 2 | ssh:bruteforce | — | 2026-05-09 12:29 | evidence → |
| 58.49.26.202 | scanner | 61% | 1x OSINT | 184 | 2 | ssh:bruteforce | — | 2026-05-08 19:33 | evidence → |
| 121.229.25.10 | scanner | 59% | 1x OSINT | 93 | 2 | ssh:bruteforce | — | 2026-05-08 19:29 | evidence → |
| 114.220.238.224 | scanner | 59% | 110 | 2 | ssh:bruteforce | — | 2026-05-11 01:21 | evidence → | |
| 14.116.156.100 | credential_harvester | 59% | 1x OSINT | 86 | 2 | ssh:bruteforce | — | 2026-05-08 11:52 | evidence → |
| 221.229.220.180 | scanner | 58% | 1x OSINT | 155 | 2 | ssh:bruteforce | — | 2026-05-07 19:21 | evidence → |
| 58.222.244.226 | scanner | 56% | 1x OSINT | 626 | 2 | ssh:bruteforce | — | 2026-05-05 05:29 | evidence → |
| 121.15.140.235 | scanner | 56% | 194 | 2 | ssh:bruteforce | — | 2026-05-08 21:08 | evidence → | |
| 114.220.176.69 | scanner | 55% | 1x OSINT | 101 | 1 | ssh:bruteforce | — | 2026-05-11 11:51 | evidence → |
| 115.151.72.122 | scanner | 52% | 1x OSINT | 182 | 1 | ssh:bruteforce | — | 2026-05-09 07:18 | evidence → |
| 14.29.201.186 | scanner | 52% | 138 | 2 | ssh:bruteforce | — | 2026-05-07 04:26 | evidence → | |
| 223.241.247.227 | scanner | 51% | 1x OSINT | 88 | 2 | ssh:bruteforce | — | 2026-05-09 18:57 | evidence → |
| 121.224.78.164 | scanner | 51% | 1x OSINT | 207 | 1 | ssh:bruteforce | — | 2026-05-08 10:22 | evidence → |
| 222.247.32.186 | scanner | 48% | 1x OSINT | 76 | 1 | ssh:bruteforce | — | 2026-05-07 15:33 | evidence → |
| 59.36.75.227 | scanner | 48% | 1x OSINT | 201 | 1 | ssh:bruteforce | — | 2026-05-06 14:41 | evidence → |
| 117.62.22.127 | scanner | 46% | 1x OSINT | 140 | 1 | ssh:bruteforce | — | 2026-05-05 23:21 | evidence → |
| 180.106.83.59 | scanner | 43% | 1x OSINT | 28 | 2 | ssh:bruteforce | — | 2026-05-11 15:27 | evidence → |
| 58.210.7.34 | reconnaissance | 43% | 20 | 2 | ssh:bruteforce | — | 2026-05-09 03:12 | evidence → | |
| 221.228.10.71 | scanner | 39% | 38 | 1 | ssh:bruteforce | — | 2026-05-11 10:57 | evidence → | |
| 121.229.13.210 | scanner | 38% | 1x OSINT | 40 | 2 | ssh:bruteforce | — | 2026-05-08 23:29 | evidence → |
| 27.128.171.39 | scanner | 38% | 1x OSINT | 41 | 2 | ssh:bruteforce | — | 2026-05-08 13:46 | evidence → |
| 113.105.112.180 | data_exfiltrator | 35% | 6 | 1 | ssh:bruteforce | — | 2026-05-06 21:28 | evidence → | |
| 58.42.204.29 | scanner | 35% | 1x OSINT | 35 | 2 | ssh:bruteforce | — | 2026-05-07 19:56 | evidence → |
| 114.217.149.27 | scanner | 34% | 1x OSINT | 12 | 2 | ssh:bruteforce | — | 2026-05-07 16:33 | evidence → |
| 61.136.144.70 | reconnaissance | 34% | 10 | 1 | ssh:bruteforce | — | 2026-05-09 18:16 | evidence → | |
| 14.116.150.36 | opportunistic_bruter | 33% | 1x OSINT | 8 | 1 | ssh:bruteforce | — | 2026-05-08 05:34 | evidence → |
| 114.220.75.156 | scanner | 32% | 39 | 2 | ssh:bruteforce | — | 2026-05-08 10:37 | evidence → | |
| 116.1.148.172 | reconnaissance | 32% | 10 | 1 | ssh:bruteforce | — | 2026-05-08 18:02 | evidence → | |
| 123.182.141.118 | reconnaissance | 30% | 10 | 1 | ssh:bruteforce | — | 2026-05-08 01:37 | evidence → | |
| 36.104.147.6 | scanner | 30% | 1x OSINT | 69 | 1 | ssh:bruteforce | — | 2026-05-08 19:03 | evidence → |
| 60.173.147.52 | reconnaissance | 28% | 10 | 1 | ssh:bruteforce | — | 2026-05-06 14:42 | evidence → | |
| 183.36.126.68 | scanner | 26% | 1x OSINT | 16 | 1 | ssh:bruteforce | — | 2026-05-08 19:05 | evidence → |
| 171.211.125.105 | scanner | 26% | 14 | 2 | ssh:bruteforce | — | 2026-05-06 09:17 | evidence → | |
| 14.29.200.186 | ftp_bruter | 25% | 927 | 1 | ftp:bruteforce | — | 2026-05-06 07:32 | evidence → | |
| 180.100.198.68 | credential_harvester | 22% | 1x OSINT | 25 | 1 | ssh:bruteforce | — | 2026-05-05 15:43 | evidence → |
| 202.103.55.158 | scanner | 21% | 74 | 1 | ssh:bruteforce | — | 2026-05-06 07:54 | evidence → | |
| 1.193.63.20 | scanner | 20% | 2 | 1 | ssh:bruteforce | — | 2026-05-09 19:12 | evidence → | |
| 113.90.80.114 | credential_probe | 18% | 33 | 1 | ssh:bruteforce | — | 2026-05-07 03:50 | evidence → | |
| 222.186.24.146 | credential_probe | 16% | 1x OSINT | 2 | 1 | ssh:bruteforce | — | 2026-05-05 12:22 | evidence → |
| 60.165.124.241 | scanner | 14% | 6 | 1 | ssh:bruteforce | — | 2026-05-05 12:48 | evidence → | |
| 222.186.24.4 | scanner | 13% | 5 | 1 | ssh:bruteforce | — | 2026-05-05 11:55 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds