IPMediumSignal 0/100
114.114.114.114
Location
ChinaJinan, Shandong
ASN
AS137702
NanJing XinFeng Information Technologies, Inc.
First Seen
Sep 21, 2022
Last Seen
Jun 7, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryChina
ChinaRegionJinan, Shandong
ASNAS137702
OrganizationNanJing XinFeng Information Technologies, Inc.
Feed Intelligence Summary
4 reports0% confidence
4
Source reports
0%
Confidence score
Category tags
networkproxyresearched
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
4
Reports
First seenSep 21, 2022
Last seenJun 7, 2026
GeolocationCN
CountryChina
LocationJinan, Shandong
ASNAS137702
OrgNanJing XinFeng Information Technologies, Inc.
Coords27.1172, 114.9793
VirusTotal
Not checked
WHOIS
- description
- CC=CN ASN=AS174 cogent communications
- raw
- inetnum: 114.114.0.0 - 114.114.255.255 netname: XFInfo descr: NanJing XinFeng Information Technologies, Inc. descr: Room 207, Building 53, XiongMao Group, No.168 LongPanZhong Road descr: Xuanwu District, Nanjing, Jiangsu, China country: CN admin-c: ZZ2094-AP tech-c: YJ1777-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CN-XFINFO mnt-routes: MAINT-CHINANET-JS mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CNNIC-CN last-modified: 2021-06-16T01:26:58Z source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP last-modified: 2021-06-16T01:39:57Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Yan Jian nic-hdl: YJ1777-AP e-mail: [email protected] address: Room 207, Building 53, XiongMao Group, No.168 LongPanZhong Road, address: Xuanwu District, Nanjing, Jiangsu Province, China phone: +86-25-84819393 fax-no: +86-25-84819797-803 country: CN mnt-by: MAINT-CNNIC-AP last-modified: 2010-08-06T01:54:01Z source: APNIC person: Zhao Zhenping nic-hdl: ZZ2094-AP e-mail: [email protected] address: Room 207, Building 53, XiongMao Group, No.168 LongPanZhong Road, address: Xuanwu District, Nanjing, Jiangsu Province, China phone: +86-25-84819393-830 fax-no: +86-25-84819797-803 country: CN mnt-by: MAINT-CNNIC-AP last-modified: 2010-08-06T01:54:01Z source: APNIC route: 114.114.112.0/21 descr: China Unicom Shandong Province network descr: Addresses from CNNIC country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2011-04-12T07:52:02Z source: APNIC
- references
- Don’t click! https://webapps.stackexchange.com/questions/172215/google-videos-search-sca-esv-query-parameter-possible-tracking | Infected systems, DoD Network Information Center (DNIC), DoD Network Information Center [email protected] [seen throughout}, Python Wheel package, https://www.google.com/search, https://otx.alienvault.com/indicator/hostname/palantir.hosted-by-discourse.com, http://fakejuko.site40/, pegacloud.net, IDS: Hiloti Style GET to PHP with invalid terse MSIE headers, IDS: Win32/Ibashade CnC Beacon, IDS: Win32.Scar.hhrw POST, IDS: Trojan.Win32.Cosmu.cdqg Checkin, IDS: OnionDuke CnC Beacon 1, IDS: Observed Suspicious UA (Mozilla/5.0), IDS: Data POST to an image file (jpg), cwt-cwtcxp1-dt1.pegacloud.net • fortrea-prod1.pegacloud.net • ssl-ssldmp-dt1-sftp.pegacloud.net • 13.40.20.221 • 44.215.155.206 • 44.226.180.214, https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs, https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649, https://github.com/RedDrip7/NightEagle_Disclose/blob/main/Exclusive%20disclosure%20of%20the%20attack%20activities%20of%20the%20APT%20group%20NightEagle.pdf, https://github.com/RedDrip7/NightEagle_Disclose/blob/main/checksum.txt, https://cyberarmor.tech/phishing-attack-targets-canadian-infrastructure-on-canada-day/, https://www.ctfiot.com/259781.html, autodesk.com [ Everything below was found in Autodesk [including crowdstrike & any.desk] Found in in Crowdsrike if labeled., 66.254.114.234 | reflectededge.reflected.net | reflected.net | 192.0.2.0 | https://www.brazzers.com/ | brazzers.com | brazzersnetwork.com, keezmovies.com | redtube.com | tube8.com | tube8.com | youporn.com| 0.brazzers.com | www.g-tunnel.comwww.brazzers.com |, Win32:Mystic , Win.Trojan.Xblocker-236 »FileHash-SHA256 8c59adbccc1987d13fec983f1e2be046611511b65479d1719bda77c5c90bbe21, IDS Detections: TLS Handshake Failure | Alerts: network_icmp , injection, Win32:BankerX-gen\ [Trj] » FileHash-SHA256 2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c, IDS Detections: Zeus Panda Banker / Ursnif Malicious SSL Certificate Detected TLS Handshake Failure, Alerts: network_icmp antisandbox_idletime modifies_certificates modifies_proxy_wpad disables_proxy, RedTube.com Detections: ALF:AGGR:OpcCl:95!ml , ALF:JASYP:Backdoor:Win32/Cycbot!atmn , Win.Downloader.117423-1 ,, RedTube.com Detections: Win.Trojan.Crypt-321 , Win.Trojan.FakeAV-4166 , Win.Trojan.Fakeav-10977 , Win.Trojan.Fakeav-3386, Crowdstrike: wildcard.352-445-1166.device.sim.to.img.sedoparking.com, Crowdstrike: maxfehlinger.de http://auth.cranberry.testing.maxfehlinger.de | http://latex.cranberry.testing.maxfehlinger.de |, Crowdstrike: https://traefik.cranberry.testing.maxfehlinger.de | http://traefik.cranberry.testing.maxfehlinger.de |, Crowdstrike: http://watchtower.cranberry.testing.maxfehlinger.de| https://auth.cranberry.testing.maxfehlinger.de |, Crowdstrike: auth.cranberry.testing.maxfehlinger.de | latex.cranberry.testing.maxfehlinger.de | traefik.cranberry.testing.maxfehlinger.de |, Crowdstrike: watchtower.cranberry.testing.maxfehlinger.de | https://latex.cranberry.testing.maxfehlinger.de |, Crowdstrike: https://www.anyxxxtube.net/search-porn/tsara-brashears/ phishing | https://www.anyxxxtube.net/sitemap.xml, Crowdstrike: https://www.pornhub.com/gifs/search?search=tsara+lynn+brash |, Crowdstrike: autodesk.com | 0ds.autodesk.com | aknanalytics.autodesk.com | anubis.autodesk.com | autobetaint.autodesk.com, Crowdstrike: autodeskarchitecture.autodesk.com | beacon-dev3.autodesk.com | boxtooffice365.autodesk.com | brahma-studio.autodesk.com, Crowdstrike: cdc-stg-emea.autodesk.com | cloudcost.autodesk.com | cloudpc-stg.autodesk.com | d-s.autodesk.com |, Crowdstrike: daiwahouse-learning.autodesk.com| datagovernance-dev.autodesk.com | enterprise-api-np.autodesk.com, Crowdstrike: symcd.com [Certificate Subjectaltname »» anydesk.com »» http://gn.symcb.com/gn.crt Ocsp http://gn.symcd.com] ANYDESK.COM-unsigned, Crowdstrike: https://bat.bing.com/action/0?ti=12001672&tm=al001&Ver=2&mid=12436868-a484-4998-931c-980262982f67&sid=b92cd8f0483e11efa3c96fe28be413cb&vid=b92cdd10483e11efb1024309353d849f&vids=1&msclkid=N&pi=-740138922&lg=en-US&sw=800&sh=600&sc=24&tl=CrowdStrike%3A%20Stop%20breaches.%20Drive%20business.&p=https%3A%2F%2Fwww.crowdstrike.com%2Fen-us%2F&r=<=1022&pt=1721661968606, Crowdstrike: bat.bing.com, https://tulach.cc, https://otx.alienvault.com/indicator/url/http://www.hallrender.com/attorney/brian-sabey, Crowdstrike: https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian | https://www.pornhub.com/video/search?search=tsara+brashears | www.youtube.com/watch?v=GyuMozsVyYs | www.pornhub.com | www.youtube.com, Crowdstrike: https://hr.employmenthero.com/rs/387-SZZ-170/images/youtube-icon-emp-hero-violet.png, Crowdstrike + Autodesk.com: hallrender.com/attorney/brian-sabey www.hallrender.com/attorney/brian-sabey hallrender.com www.hallrender.com https://hallrender.com milehighmedia.com https://www.milehighmedia.com/ https://www.milehighmedia.com/legal/2257, Crowdstrike + Autodesk.com: brassiere.world mail.brassiere.world webdisk.brassiere.world webmail.brassiere.world, Crowdstrike + Autodesk.com: 128 + symcd.com some w/issues | 658 autodesk.com pulse some w/issues | removed any.desk & boot, The more I say...Any.Desk + boot.net.anydesk.com was in OG Private CrowdsStrike pulse, Above links in search results direct out with and arrow pointing out., https://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente, Above link opened 'esta caliente'= 'it's hot'| I did NOT do that | All connected links gone. This has become common., I didn't add pertinent findings back to Pulse. Pulse comp,eyes says ago . Couldn't submit. It's was actually a tiny pulse of autodesk.com with crowdstrike relationship references,, boot.net.anydesk.com removed from my Pulse below, https://otx.alienvault.com/pulse/66d4c125ad61ee5577639a2d, https://labs.inquest.net/iocdb, Attack | Ecosia | iOS version, Interesting [LogTransport2.exe] 1cb57b2b18ff4b1e6e793f4e66e296a0ae52afa70450c7b13b796fd8e0fd54b9, https://otx.alienvault.com/indicator/hostname/ocsp.digicert.com, https://www.hybrid-analysis.com/sample/acdfba6f90fa63b46346330bd7f9b2fab551dc88da7078af5f09433d1220a322/665f64526d62e5152102b68d, https://www.virustotal.com/gui/domain/ocsp.digicert.com/community, 74.63.241.23, www.supernetforme.com, http://www.supernetforme.com/search.php?q=2075.2075.300.4096.0.8a2c629f9548ff868242dddf09c595d6af5566ecc2eeea97d34dd0a0fecd34a8.1.5353546%0Ahttp://www.supernetforme.com/px.js?ch=1&abp=1%0Ahttp://www.supernetforme.com/search.php?q=2075.2075.300.4096.0.8a2c629f9548ff868242dddf09c595d6af5566ecc2eeea97d34dd0a0fecd34a8.1.239197390%0Ahttp://www.supernetforme.com/search.php?q=2075.2075.300.4096.0.8a2c629f9548ff868242dddf09c595d6af5566ecc2eeea97d34dd0a0fecd34a8.1.248359859%0Ahttp://www.superwebbysearch.com/search.p, https://www.virustotal.com/graph/g243a6d69d60840e8bbd32dcb306fa23dc76422322d9643b7b23aa7259088282c, https://www.virustotal.com/graph/gd1ff5768b2664e929321fbbba11cdf662fd75aef40384370ac36eebfca5a98ac, https://www.virustotal.com/graph/geb0e64fe3ff54b1ea2805cf1ab6f58245cd0654cf325426a973fd60f600a74bf, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3, https://www.virustotal.com/graph/embed/gd8e70aa0638046c8af997e3e7fe529f1cfe2a121f5ca473880544f95a17eb56e?theme=dark, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3/iocs, https://tria.ge/240930-t6zdtsvfmk, https://mwdb.cert.pl/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://jaffacakes118.dev/analysis/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://tip.neiki.dev/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://www.virustotal.com/graph/g7b18ba360e7d4bb4ba09e89439dd5886823147fbdc6f4dbaa99c7f59efd08ce0, https://www.virustotal.com/graph/g03fce3ad62f74ad59bbcda71bfdde96da39417641c9a470f99adfa9b14a7724c, https://www.virustotal.com/gui/collection/789999053bd7022e2d79a887a5f959be573ce57d6c4f3165503438fbd5dd9ad5/graph, https://www.virustotal.com/graph/g231c6ec6643844bab5b7afa263c7a54d8f6030f677ab422ab634f35bbd1ab468, https://www.virustotal.com/graph/g3062df169c2c421c96d469b15571edea1445c12c220f4ff094d6c60ee0536081, https://www.virustotal.com/graph/gc28dfb0638014dde832430a624d6843c87c3c12776fa4eb3a658b6b62e9eed16, https://www.virustotal.com/graph/g7cba8c14812f4905851027d1e1bb210c87ad7bbcbdeb4a238abed9f9158a2e81
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 6 days ago
Appeared in 4 threat reports