← Back to feed

AS45102 Alibaba US Technology Co., Ltd.

ASN Active medium
Why this campaign was detected
17 IPs from the same network (Alibaba US Technology Co., Ltd., AS45102) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS45102 · Alibaba US Technology Co., Ltd.
Subnet
Country
🇭🇰 HK
Cloud Provider
Member Count
17 IPs
Below average
Total Events
4939
Below average by volume
Started / Ended
2026-02-28 21:04 — ongoing
Attack Types
ftp:bruteforce http:scan mysql:bruteforce ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
47.250.81.7 scanner 66% 2x OSINT 33 3 mysql:bruteforcessh:bruteforce 2026-07-15 18:19 evidence →
47.85.196.221 credential_harvester 58% 1x OSINT 574 1 ssh:bruteforce 2026-07-17 02:41 evidence →
8.210.214.44 scanner 56% 1x OSINT 44 3 ssh:bruteforce 2026-07-17 02:23 evidence →
47.254.74.209 opportunistic_bruter 54% 1x OSINT 23 1 ssh:bruteforce 2026-07-17 22:23 evidence →
47.83.124.31 credential_harvester 52% 692 2 ssh:bruteforce 2026-07-17 04:20 evidence →
47.83.207.150 credential_harvester 47% 1x OSINT 196 1 ssh:bruteforce 2026-07-17 22:54 evidence →
47.236.89.240 credential_harvester 43% 651 2 ssh:bruteforce 2026-07-12 09:26 evidence →
47.83.169.248 malware_dropper 42% 23 1 ssh:bruteforce 2026-07-14 07:03 evidence →
47.81.24.71 credential_harvester 41% 2203 1 ssh:bruteforce 2026-07-15 10:33 evidence →
43.106.142.143 scanner 40% 10 2 ssh:bruteforce 2026-07-15 13:27 evidence →
47.242.108.72 credential_harvester 38% 40 1 ssh:bruteforce 2026-07-17 02:50 evidence →
47.254.47.156 web_probe 32% 4 2 http:scan 2026-07-15 11:56 evidence →
47.242.177.70 credential_probe 31% 1x OSINT 23 1 ssh:bruteforce 2026-07-16 14:35 evidence →
43.98.124.198 ftp_bruter 31% 1x OSINT 294 1 ftp:bruteforce 2026-07-13 20:10 evidence →
47.52.147.70 scanner 30% 8 2 ssh:bruteforce 2026-07-15 00:00 evidence →
8.209.251.101 ftp_bruter 20% 119 1 ftp:bruteforce 2026-07-11 20:30 evidence →
198.11.177.243 web_probe 20% 2 1 http:scan 2026-07-14 06:58 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds