← Back to feed

AS4837 CHINA UNICOM China169 Backbone

ASN Active medium
Why this campaign was detected
24 IPs from the same network (CHINA UNICOM China169 Backbone, AS4837) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS4837 · CHINA UNICOM China169 Backbone
Subnet
Country
🇨🇳 CN
Cloud Provider
Member Count
24 IPs
Below average
Total Events
1615
Below average by volume
Started / Ended
2026-02-16 18:41 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Exfiltration
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
123.13.41.128 credential_harvester 73% 1x OSINT 520 3 ssh:bruteforce 2026-07-12 06:18 evidence →
113.200.121.70 scanner 67% 1x OSINT 28 3 ssh:bruteforce 2026-07-13 08:35 evidence →
139.213.243.2 opportunistic_bruter 45% 170 2 ssh:bruteforce 2026-07-15 17:22 evidence →
221.207.211.154 opportunistic_bruter 44% 140 2 ssh:bruteforce 2026-07-15 17:16 evidence →
60.217.227.87 opportunistic_bruter 44% 140 2 ssh:bruteforce 2026-07-15 16:34 evidence →
221.10.118.81 opportunistic_bruter 43% 120 2 ssh:bruteforce 2026-07-15 07:21 evidence →
60.13.177.28 opportunistic_bruter 43% 60 2 ssh:bruteforce 2026-07-15 10:54 evidence →
122.114.69.235 scanner 42% 43 2 ssh:bruteforce 2026-07-14 09:32 evidence →
14.204.41.80 opportunistic_bruter 42% 40 2 ssh:bruteforce 2026-07-15 14:42 evidence →
222.133.52.246 opportunistic_bruter 41% 60 2 ssh:bruteforce 2026-07-14 21:02 evidence →
116.172.130.79 scanner 41% 1x OSINT 20 2 ssh:bruteforce 2026-07-17 19:17 evidence →
39.73.148.239 opportunistic_bruter 40% 30 2 ssh:bruteforce 2026-07-14 20:00 evidence →
116.128.227.6 opportunistic_bruter 40% 60 2 ssh:bruteforce 2026-07-14 03:35 evidence →
221.200.246.20 opportunistic_bruter 40% 20 2 ssh:bruteforce 2026-07-15 00:40 evidence →
27.211.129.223 opportunistic_bruter 39% 30 2 ssh:bruteforce 2026-07-13 23:53 evidence →
221.207.55.165 scanner 35% 1x OSINT 8 2 ssh:bruteforce 2026-07-15 12:49 evidence →
221.214.104.46 opportunistic_bruter 32% 30 1 ssh:bruteforce 2026-07-15 02:34 evidence →
153.37.173.134 opportunistic_bruter 32% 30 1 ssh:bruteforce 2026-07-15 02:36 evidence →
58.245.214.150 scanner 31% 20 2 ssh:bruteforce 2026-07-14 17:58 evidence →
221.13.5.62 opportunistic_bruter 29% 20 1 ssh:bruteforce 2026-07-14 02:19 evidence →
116.3.175.193 opportunistic_bruter 28% 10 1 ssh:bruteforce 2026-07-14 08:35 evidence →
175.168.212.55 scanner 23% 2 1 ssh:bruteforce 2026-07-17 12:26 evidence →
153.0.195.252 scanner 22% 1x OSINT 8 1 ssh:bruteforce 2026-07-13 08:43 evidence →
120.1.4.193 scanner 20% 6 1 ssh:bruteforce 2026-07-15 00:20 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds