Threat LevelMEDIUM46/1001 rule type
1 incident on record · seen 22h ago
| PTR | N/A |
| Org / ASN | Chinanet GD |
| Country | 🇨🇳 China |
| City | Guangzhou, Guangdong |
| Timezone | Asia/Shanghai |
Botnet InfrastructureChinaNet (AS4134, China Telecom)
ChinaNet (AS4134) is one of the highest-volume attack-originating ASNs globally, consistently ranking in SANS/DShield top-10 attacker lists. Activity ranges from compromised consumer endpoints to dedicated scan infrastructure. SSH brute-force from this network targets common username dictionaries at scale — automated, persistent credential-harvesting botnet behavior.
Attack Analysis
IDS: Database Port Scan
Suricata detected this IP scanning database ports (MySQL, PostgreSQL, Redis, MongoDB). This is reconnaissance to find exposed database services for direct exploitation or credential brute-force. Database ports should never be reachable from the internet.
Reports (1)
| Date | Severity | Description |
|---|---|---|
| 3 Jun 2026 - 18:39 | high | IDS: Database port scan |
EagleEye Intelligence