← Back to feed

AS4811 China Telecom Group

ASN Active medium
Why this campaign was detected
18 IPs from the same network (China Telecom Group, AS4811) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS4811 · China Telecom Group
Subnet
Country
🇨🇳 CN
Cloud Provider
Member Count
18 IPs
Below average
Total Events
1453
Below average by volume
Started / Ended
2026-02-16 20:33 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
14.103.103.211 credential_harvester 77% 1x OSINT 149 3 ssh:bruteforce 2026-07-15 13:01 evidence →
14.103.126.73 scanner 68% 1x OSINT 91 3 ssh:bruteforce 2026-07-11 15:07 evidence →
14.103.118.120 scanner 66% 1x OSINT 168 2 ssh:bruteforce 2026-07-17 17:46 evidence →
14.103.116.87 scanner 61% 1x OSINT 152 2 ssh:bruteforce 2026-07-15 01:13 evidence →
14.103.84.145 scanner 55% 1x OSINT 132 2 ssh:bruteforce 2026-07-12 04:58 evidence →
222.73.56.10 scanner 55% 1x OSINT 78 2 ssh:bruteforce 2026-07-12 09:36 evidence →
14.103.41.249 scanner 54% 227 2 ssh:bruteforce 2026-07-13 15:27 evidence →
14.103.110.123 scanner 53% 1x OSINT 46 2 ssh:bruteforce 2026-07-12 00:39 evidence →
14.103.65.6 credential_harvester 44% 117 1 ssh:bruteforce 2026-07-13 19:18 evidence →
14.103.64.39 scanner 43% 127 1 ssh:bruteforce 2026-07-13 03:49 evidence →
118.196.23.247 opportunistic_bruter 42% 60 2 ssh:bruteforce 2026-07-15 02:22 evidence →
118.196.23.199 opportunistic_bruter 40% 20 2 ssh:bruteforce 2026-07-15 05:41 evidence →
118.196.79.21 scanner 39% 1x OSINT 10 2 ssh:bruteforce 2026-07-17 13:03 evidence →
14.103.107.234 credential_probe 34% 1x OSINT 32 2 ssh:bruteforce 2026-07-14 05:08 evidence →
14.103.122.140 scanner 28% 2 1 ssh:bruteforce 2026-07-16 07:17 evidence →
180.184.182.87 scanner 24% 1x OSINT 36 1 ssh:bruteforce 2026-07-12 05:52 evidence →
118.196.4.132 scanner 18% 1x OSINT 4 1 ssh:bruteforce 2026-07-11 14:39 evidence →
14.103.218.183 scanner 17% 2 1 ssh:bruteforce 2026-07-14 06:44 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds