ChinaNet (AS 4134) is not just another autonomous system. It's China’s national internet backbone, and has the most users and widest coverage of any public internet network in the country. The telecommunications operator is also known for "facilitating communications between Western and Chinese subscribers" (China Telecom Americas). Well, for such a big and important chunk of the internet, the amount of abuse on there is just too large.

Based on CleanTalk's reputation data, almost 30% of IPs on the ChinaNet AS are spam sources:

as4134_spam

Specifically, the IP 14.135.120[.]19 is a star in our log monitoring sensors. It has been continuously blocked by ThreatSTOP while trying to communicate with our customers' networks. A quick CheckIOC search shows that this IP has been a plethora of targets over the last 3 years!

chinanet_ip_targets

This list shows everything from SSH and IMAP attacks, to botnets, to broader "these IPs are the worst" lists. Currently, 14.135.120[.]19 is in our CINS Army and Dataplane threat targets, as well as our China Geo target (full target descriptions are at the bottom of this post). Its neighboring IPs, 14.135.120[.]18, 14.135.120[.]20, and 14.135.120[.]21 are also in on the cyber attack business, boasting a malicious reputation on VirusTotal.

virustotal_chinanet

Our team highly recommends blocking traffic to and from the malicious IPs listed in this post. ThreatSTOP's security solutions are being updated every minute with the most up to date threat intelligence, including bad areas of the internet such as this one, to protect our users from cyber attacks across the whole threat landscape.

 

Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?