← Back to feed

AS38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

ASN Active medium
Why this campaign was detected
42 IPs from the same network (Beijing Baidu Netcom Science and Technology Co., Ltd., AS38365) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS38365 · Beijing Baidu Netcom Science and Technology Co., Ltd.
Subnet
Country
🇨🇳 CN
Cloud Provider
Member Count
42 IPs
Below average
Total Events
7394
Below average by volume
Started / Ended
2026-02-18 13:36 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Exfiltration
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
120.48.54.170 scanner 74% 1x OSINT 90 3 ssh:bruteforce 2026-07-14 08:35 evidence →
120.48.175.122 credential_harvester 71% 1x OSINT 296 3 ssh:bruteforce 2026-07-12 00:03 evidence →
120.48.50.133 scanner 71% 1x OSINT 60 3 ssh:bruteforce 2026-07-13 05:07 evidence →
120.48.76.190 scanner 65% 1x OSINT 154 2 ssh:bruteforce 2026-07-17 06:55 evidence →
180.76.170.111 scanner 61% 1x OSINT 123 2 ssh:bruteforce 2026-07-15 05:36 evidence →
106.12.29.184 scanner 60% 1x OSINT 204 2 ssh:bruteforce 2026-07-14 09:44 evidence →
180.76.236.214 scanner 56% 1x OSINT 204 2 ssh:bruteforce 2026-07-12 01:23 evidence →
120.48.53.174 scanner 55% 1x OSINT 14 2 ssh:bruteforce 2026-07-15 13:59 evidence →
106.12.148.154 scanner 55% 1x OSINT 18 2 ssh:bruteforce 2026-07-15 07:32 evidence →
180.76.172.156 scanner 53% 2x OSINT 62 3 ssh:bruteforce 2026-07-12 05:43 evidence →
120.48.112.221 scanner 52% 1x OSINT 124 1 ssh:bruteforce 2026-07-15 03:58 evidence →
180.76.233.159 scanner 51% 1x OSINT 10 3 ssh:bruteforce 2026-07-15 09:55 evidence →
120.48.147.111 credential_harvester 49% 89 2 ssh:bruteforce 2026-07-11 17:20 evidence →
120.48.44.93 scanner 48% 1x OSINT 74 1 ssh:bruteforce 2026-07-13 16:14 evidence →
120.48.199.28 credential_harvester 44% 1x OSINT 5076 1 ssh:bruteforce 2026-07-14 16:50 evidence →
180.76.194.24 opportunistic_bruter 42% 50 2 ssh:bruteforce 2026-07-15 07:17 evidence →
106.13.170.216 scanner 40% 1x OSINT 371 1 ssh:bruteforce 2026-07-13 00:32 evidence →
180.76.61.232 scanner 38% 9 1 ssh:bruteforce 2026-07-14 05:57 evidence →
180.76.239.185 scanner 38% 30 1 ssh:bruteforce 2026-07-16 06:27 evidence →
120.48.22.219 scanner 37% 2x OSINT 27 1 ssh:bruteforce 2026-07-17 13:30 evidence →
106.13.36.108 reconnaissance 37% 10 1 ssh:bruteforce 2026-07-16 10:48 evidence →
120.48.39.73 scanner 36% 152 2 ssh:bruteforce 2026-07-15 02:11 evidence →
106.13.120.65 opportunistic_bruter 35% 1x OSINT 6 1 ssh:bruteforce 2026-07-15 09:27 evidence →
106.13.172.38 opportunistic_bruter 32% 20 1 ssh:bruteforce 2026-07-15 11:56 evidence →
180.76.233.250 opportunistic_bruter 31% 10 1 ssh:bruteforce 2026-07-15 11:01 evidence →
182.61.44.247 opportunistic_bruter 30% 10 1 ssh:bruteforce 2026-07-15 06:45 evidence →
120.48.132.54 opportunistic_bruter 30% 10 1 ssh:bruteforce 2026-07-14 21:45 evidence →
106.12.42.253 scanner 29% 1x OSINT 2 1 ssh:bruteforce 2026-07-16 23:27 evidence →
106.12.124.63 opportunistic_bruter 28% 7 1 ssh:bruteforce 2026-07-14 12:11 evidence →
106.13.182.16 scanner 28% 11 2 ssh:bruteforce 2026-07-13 04:59 evidence →
106.12.30.114 scanner 28% 1x OSINT 2 1 ssh:bruteforce 2026-07-17 08:19 evidence →
180.76.236.223 scanner 23% 1x OSINT 6 1 ssh:bruteforce 2026-07-14 00:54 evidence →
106.12.127.250 scanner 23% 1x OSINT 4 1 ssh:bruteforce 2026-07-14 06:43 evidence →
120.48.17.175 scanner 23% 2 1 ssh:bruteforce 2026-07-17 01:10 evidence →
180.76.135.118 scanner 22% 16 1 ssh:bruteforce 2026-07-15 01:06 evidence →
106.13.64.155 scanner 22% 1x OSINT 3 1 ssh:bruteforce 2026-07-13 17:04 evidence →
120.48.34.142 scanner 20% 8 1 ssh:bruteforce 2026-07-14 17:16 evidence →
106.13.144.200 scanner 20% 8 1 ssh:bruteforce 2026-07-14 09:23 evidence →
180.76.168.116 scanner 18% 9 1 ssh:bruteforce 2026-07-13 12:44 evidence →
106.12.163.160 scanner 17% 4 1 ssh:bruteforce 2026-07-13 18:35 evidence →
120.48.9.231 scanner 17% 4 1 ssh:bruteforce 2026-07-13 08:42 evidence →
120.48.74.178 credential_probe 16% 5 1 ssh:bruteforce 2026-07-13 15:06 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds