IPMediumSignal 69/100
14.103.118.190
Location
ChinaHaidian, Beijing
ASN
AS137718
China Internet Network Information Center
First Seen
Dec 1, 2024
Last Seen
Jun 13, 2026
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionHaidian, Beijing
ASNAS137718
OrganizationChina Internet Network Information Center
Feed Intelligence Summary
27 reports69% confidence
27
Source reports
69%
Confidence score
Category tags
abuseaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failuresauthentication-attemptsauto-generated securityautomated attackautomated attacksbad reputationbad web botbanlist feedbanner-grabbingbinary defenseblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredential-stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftddosddos attackddos mitigationdecoy systemdenial of servicedenial-of-service attemptdevice managementdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsexploited hostexport-to-otxfail2ban triggeredfailed authenticationfailed login attemptsfinlandfranceftpftp brute forceftp brute-forcegermanygithubhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationindicatorinfoinformation technologyinitial accessinjection activityintrusion detectioniociot securityiot targetedipv4it infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp server targetinglateral movementlinux-server-attackslogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin failureslow-riskmailmalaysiamalicious activitymalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware distributionmispmod securitymysqlnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxnorth americanoticeoceaniaopencanaryopenctiosintpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpgp signphishingphishing attackping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential vulnerability exploitationprocess injectionprotocol exploitationpythonransomwareraspberry-pireconnaissancereconnaissance activityredpiranha referenceremote accessremote access attemptremote login attacksremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity monitoringsecurity operationssentrypeer activitysentrypeer botnetserverservice exploitation attemptsservice scansftpsftp access attemptsftp attacksftp exploit attemptsipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh bruteforcessh monitoringssh scanningsurface websystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1552.001t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1583t1588t1588.002t1588.003t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodeudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvoipvoip attackvulnerability scanweb app attackweb application attackweb exploitationweb spamweb traffic
Activity Timeline
Jun 13Jun 13
Threat Activity Heatmap
· Peak: 2026-06-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
27
Reports
First seenDec 1, 2024
Last seenJun 13, 2026
GeolocationCN
CountryChina
LocationHaidian, Beijing
ASNAS137718
OrgChina Internet Network Information Center
Coords34.7732, 113.7220
VirusTotal
Not checked
WHOIS
- description
- Cowrie honeypot 24h activity
- raw
- inetnum: 14.103.0.0 - 14.103.255.255 netname: VOLCANO-ENGINE descr: Beijing Volcano Engine Technology Co., Ltd. descr: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN admin-c: YW7147-AP tech-c: JS4370-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-VOLCANO-ENGINE-CN last-modified: 2022-05-19T06:54:29Z source: APNIC irt: IRT-VOLCANO-ENGINE-CN address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: YW7147-AP tech-c: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-05-13T02:59:52Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Liu Nian address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13810123695 e-mail: [email protected] nic-hdl: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:46Z source: APNIC person: Chen Qi address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13051468788 e-mail: [email protected] nic-hdl: YW7147-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:08Z source: APNIC route: 14.103.118.0/24 origin: AS137718 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2023-07-10T07:15:33Z source: APNIC
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 14 days ago
Appeared in 27 threat reports