← Back to feed

AS8151 UNINET

ASN Active medium

Why this campaign was detected

8 IPs from the same network (UNINET, AS8151) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.

Primary ASN

AS8151 · UNINET

Subnet

—

Country

🇲🇽 MX

Cloud Provider

—

Member Count

8 IPs

Below average

Total Events

7088

Below average by volume

Started / Ended

2026-02-18 08:37 — ongoing

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

Command and Control

T1105

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
187.141.71.166	credential_harvester	83%	1x OSINT	1665	3	ssh:bruteforce	customer-187-141-71-166-sta.uninet-ide.com.mx	2026-05-11 11:33	evidence →
187.210.77.100	credential_harvester	81%	1x OSINT	1986	3	ssh:bruteforce	customer-187-210-77-100.uninet-ide.com.mx	2026-05-09 23:59	evidence →
187.154.100.150	credential_harvester	80%	1x OSINT	1008	3	ssh:bruteforce	—	2026-05-09 13:03	evidence →
189.151.59.127	credential_harvester	76%	1x OSINT	1029	3	ssh:bruteforce	—	2026-05-07 05:54	evidence →
187.212.38.18	credential_harvester	72%		984	3	ssh:bruteforce	—	2026-05-08 01:06	evidence →
187.230.120.231	credential_harvester	50%	1x OSINT	204	1	ssh:bruteforce	—	2026-05-08 02:00	evidence →
187.170.239.22	credential_harvester	45%		186	1	ssh:bruteforce	—	2026-05-07 15:26	evidence →
201.99.87.14	scanner	36%		26	2	ssh:bruteforce	—	2026-05-11 13:06	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds