IOC Radar
IPMediumSignal 66/100

14.103.118.74

Location
ChinaChina
Haidian, Beijing
ASN
AS137718
China Internet Network Information Center
First Seen
Dec 1, 2024
Last Seen
Jun 14, 2026
Dec 1
First Seen
567d ago
Jun 14
Last Seen
8d ago
28
Reports
source reports
66%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryCNChina
RegionHaidian, Beijing
ASNAS137718
OrganizationChina Internet Network Information Center

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports66% confidence
28
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapache attackeraptasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresauto-generated securityautomated attackautomated attacksautomated mitigationautomated threat detectionbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcowrie honeypot datacowrie interactionscredential accesscredential attackscredential harvestingcredential stuffingcredential-accessctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdigital oceandionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploited hostexternal threatfail2ban alertfail2ban blocked ipsfail2ban eventsfail2ban triggeredfailed loginfailed login attemptsfattfatt signaturesfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanygithubhackinghk abusehandlerhoneynet connecthoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghurricane usidentity & access exploitationimap brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-wide observationinternet-wide scanintrusion detectioniociot securityiot targetedipv4ipv4 scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplateral movementlog analysislogin attacklogin attackslogin attemptlogin attemptslogin failurelogin failureslogin securitylow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious infrastructuremalicious ip activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmod securitymultiple failed loginsmysqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork traffic analysisnginxnorth americanoticeoceaniaopen proxyopencanaryopenctiosintp0fp0f signaturesparispassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpotential intrusion attemptprocess injectionprotocol exploitationproxypublic cloud targetingpythonransomwareraspberry-pireconnaissancereconnaissance activityremote accessremote service exploitationremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity eventsecurity monitoringsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserverservice enumerationservice scansftpsftp attacksftp attackssftp exploit attemptsipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringsurface websuricata alertst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized-accessunited kingdomunited statesus abuseus noneutc+1valid accountsvoidtrapvoipvoip attackvpnvpn ipvps attackvulnerability scanvultrwarsawweb app attackweb application attackweb exploitationweb loginweb spamweb traffic

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
28
Reports
First seenDec 1, 2024
Last seenJun 14, 2026
GeolocationCN
CountryChina
LocationHaidian, Beijing
ASNAS137718
OrgChina Internet Network Information Center
Coords34.7732, 113.7220
ProxyVPN

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by the Rimba Siber honeypot.
raw
inetnum: 14.103.0.0 - 14.103.255.255 netname: VOLCANO-ENGINE descr: Beijing Volcano Engine Technology Co., Ltd. descr: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN admin-c: YW7147-AP tech-c: JS4370-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-VOLCANO-ENGINE-CN last-modified: 2022-05-19T06:54:29Z source: APNIC irt: IRT-VOLCANO-ENGINE-CN address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: YW7147-AP tech-c: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-05-13T02:59:52Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Liu Nian address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13810123695 e-mail: [email protected] nic-hdl: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:46Z source: APNIC person: Chen Qi address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13051468788 e-mail: [email protected] nic-hdl: YW7147-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:08Z source: APNIC route: 14.103.118.0/24 origin: AS137718 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2023-07-10T07:15:33Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrwarsaw-ssh-bruteforce-ip-list-2025-07-24/, https://jamesbrine.com.au, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 28 threat reports