Threat LevelMEDIUM39/1001 rule type

2 incidents on record · last seen 1d ago

PTR	N/A
Org / ASN	Chinanet SD
Country	🇨🇳 China
City	Jinan, Shandong
Timezone	Asia/Shanghai

Botnet InfrastructureChinaNet (AS4134, China Telecom)

ChinaNet (AS4134) is one of the highest-volume attack-originating ASNs globally, consistently ranking in SANS/DShield top-10 attacker lists. Activity ranges from compromised consumer endpoints to dedicated scan infrastructure. SSH brute-force from this network targets common username dictionaries at scale — automated, persistent credential-harvesting botnet behavior.

Attack Analysis

🇨🇳 China · Jinan · 58519 · CHINANET SHANDONG PROVINCE NETWORK

WordPress Username Enumeration

This IP probed the WordPress ?author= parameter to enumerate valid usernames (e.g. ?author=1, ?author=2). Harvested usernames are then fed into credential stuffing or password brute-force attacks. This is purely reconnaissance — there is no legitimate reason to systematically probe author IDs.

Reports (2)

Date	Severity	Description
12 Jun 2026 - 04:13	high	Web: User enumeration — 3+ author probes in 60s
12 Jun 2026 - 03:58	high	Web: User enumeration — 3+ author probes in 60s

Report for IP: 150.223.193.167

Attack Analysis

Reports (2)