← Back to feed
AS134756 CHINANET Nanjing Jishan IDC network
ASN Active mediumWhy this campaign was detected
5 IPs from the same network (CHINANET Nanjing Jishan IDC network, AS134756) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS134756 · CHINANET Nanjing Jishan IDC network
Subnet
—
Country
🇨🇳 CN
Cloud Provider
—
Member Count
5 IPs
Below average
Total Events
417
Below average by volume
Started / Ended
2026-02-23 11:15 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Command and Control
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 117.62.203.160 | scanner | 53% | 1x OSINT | 124 | 2 | ssh:bruteforce | — | 2026-05-23 00:04 | evidence → |
| 121.229.202.143 | scanner | 51% | 1x OSINT | 53 | 1 | ssh:bruteforce | — | 2026-05-29 15:44 | evidence → |
| 221.226.232.45 | reconnaissance | 44% | 23 | 1 | ssh:bruteforce | — | 2026-05-29 03:22 | evidence → | |
| 220.154.130.30 | scanner | 40% | 1x OSINT | 19 | 2 | ssh:bruteforce | — | 2026-05-23 14:04 | evidence → |
| 121.229.210.188 | scanner | 32% | 254 | 1 | ssh:bruteforce | — | 2026-05-31 21:20 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds