Threat LevelMEDIUM36/1001 rule type

1 incident on record · last seen 2d ago

PTR	N/A
Org / ASN	Chinanet GZ
Country	🇨🇳 China
City	Guiyang, Guizhou
Timezone	Asia/Shanghai

Botnet InfrastructureChinaNet (AS4134, China Telecom)

ChinaNet (AS4134) is one of the highest-volume attack-originating ASNs globally, consistently ranking in SANS/DShield top-10 attacker lists. Activity ranges from compromised consumer endpoints to dedicated scan infrastructure. SSH brute-force from this network targets common username dictionaries at scale — automated, persistent credential-harvesting botnet behavior.

Attack Analysis

🇨🇳 China · Guiyang · 4134 · China Telecom

WordPress XML-RPC Abuse

This IP targeted xmlrpc.php, a legacy WordPress endpoint that has been abused for brute-force authentication attacks, credential stuffing, and DDoS amplification. Any direct access to xmlrpc.php is an attack or reconnaissance attempt; modern WordPress sites should disable it entirely.

Reports (1)

Date	Severity	Description
17 Jun 2026 - 08:34	high	Web: xmlrpc.php accessed

Report for IP: 111.122.193.68

Attack Analysis

Reports (1)