IOC Radar
IPMediumSignal 56/100

14.103.114.204

Location
ChinaChina
Beijing, Beijing
ASN
AS137718
Beijing Bitone United Networks Technology Service Co., Ltd.
First Seen
Jan 8, 2025
Last Seen
Apr 12, 2026
Jan 8
First Seen
523d ago
Apr 12
Last Seen
64d ago
24
Reports
source reports
56%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Network Information

CountryCNChina
RegionBeijing, Beijing
ASNAS137718
OrganizationBeijing Bitone United Networks Technology Service Co., Ltd.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports56% confidence
24
Source reports
56%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptasiaatif feedattackaustraliaauthentication attemptauthentication_failuresautomated attackbad reputationbad web botbanlist feedbinary defenseblacklisted ip addressblocklist_allbotnetbotnet activitybotnet detectionbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-force attackc2c2 communicationc2 detectionchinacisco devicecisco exploitation attemptscncode executioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised hostcompromised hostscowrie datacowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential_stuffingctadata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingeuropeexploitexploit attemptsexploitationexploitation activityexploited hostfail2ban triggeredfailed login attemptsfattfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttps scanningidentity & access exploitationinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectionlamplamp server targetinglamp stack attacklamp stack targetinglateral movementlogin attacklogin attemptlogin attemptsmailoney honeypotmalaysiamalicious activitymalicious loginmalicious login attemptsmalicious script executionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware filtermalware propagationmalware scanningmanualmobile carriersmobile networksnetworknetwork anomaliesnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaopenctip0fpassword attackpassword attackspassword sprayingpassword_guessingphishingphishing attackphishing trapping of deathpolandpossible ddos activitypossible mirai variantprocess injectionprotocol exploitationproxyreconnaissanceremote accessremote access attemptremote access attemptsremote servicesremote_accessresearchedresource hijackingscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp access attemptsftp activitysftp attacksip scanningsmb brute forcesmtpsmtp brute forcesocial engineeringsoftware exploitationspamsql injection attemptsssh attackssh monitoringt1003t1005t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantcp scanningtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunited kingdomunited statesvoipvoip attackvulnerability scanweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
24
Reports
First seenJan 8, 2025
Last seenApr 12, 2026
GeolocationCN
CountryChina
LocationBeijing, Beijing
ASNAS137718
OrgBeijing Bitone United Networks Technology Service Co., Ltd.
Coords39.9042, 116.4070
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 14.103.0.0 - 14.103.255.255 netname: VOLCANO-ENGINE descr: Beijing Volcano Engine Technology Co., Ltd. descr: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN admin-c: YW7147-AP tech-c: JS4370-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-VOLCANO-ENGINE-CN last-modified: 2022-05-19T06:54:29Z source: APNIC irt: IRT-VOLCANO-ENGINE-CN address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: YW7147-AP tech-c: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-05-13T02:59:52Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Liu Nian address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13810123695 e-mail: [email protected] nic-hdl: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:46Z source: APNIC person: Chen Qi address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13051468788 e-mail: [email protected] nic-hdl: YW7147-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:08Z source: APNIC route: 14.103.114.0/24 origin: AS137718 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2023-07-10T07:15:29Z source: APNIC
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 24 threat reports