IPMediumSignal 46/100

`14.103.145.211`

Location

China

Beijing, Beijing

ASN

AS137718

Beijing Bitone United Networks Technology Service Co., Ltd.

First Seen

Jun 16, 2025

Last Seen

Jun 7, 2026

Jun 16

First Seen

363d ago

Jun 7

Last Seen

7d ago

Reports

source reports

46%

Confidence

medium

14/91

VirusTotal

detections

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

46%

Signal Score

46 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

107 techniques

Network Information

Country

China

RegionBeijing, Beijing

ASNAS137718

OrganizationBeijing Bitone United Networks Technology Service Co., Ltd.

Feed Intelligence Summary

11 reports46% confidence

Source reports

46%

Confidence score

Category tags

ableacceptaccess typeactiveactive scanningadbhoney honeypotalertsamerica flagapacheapi callapisapkaptasciiascii textasiaasyncratattackav detectionav detectionsbackdoorbaidubase64-loaderbccwpblacklisted ipblacklisted ipsbodybotnetbotnet activitybotnet activity detectedbotnetdomainbotnetsbrute forcebrute force attackbrute_forcec2c2 communicationc2 servercallscastleratcctvcctv exploitationcensyscertchinachlg urlck idck matrixck techniquesclick-based attackcobalt-strikecobaltstrikecode injectioncoinminercommandcommand and controlcommunication protocolcompromised hostsconnected devicesconpot honeypotcontrol attcontrol defensecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscvecve exploitationdata exfiltrationddosddos attackddos attacksddos botdecoy systemdefense evasiondenial of servicedevice managementdionaea honeypotdistributed attacksdropped-by-amadeydvrdvr exploitationeabi4 versionelfemmenhtal loadereuropeeurope/asiaevasionevasion techniquesexeexploitexploit attemptsexploit shotgunexploitsfake claude codefalcon sandboxfilesformatfortiguard labsfortiguard webfour-faith routerftpftp brute forcegafgytgermanygithubguest systemhajimehoneytrap honeypothtahttp attackhttp botnethttp ddoshttp scannerhybridics securityids detectionsindicatorindicators showindustrial control systemsindustrial iotingress tool transferinitial compromiseinitial infectioninput validation bypassinternet of thingsiot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot/ics attackipphoney honeypotipsips signatureipv4ipv4 addirc botnetis__elfkvt49llamplateral movementlearnlinuxlinux malwarelnklog4jlogolsb executablelummastealermac catalinamailoney honeypotmalicious activitymalicious ipsmalicious linksmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware loader activitymassloggermedium riskmetastealermeterpretermipsmipsi versionmirai botnetmitre attmodelmozimsb executablename tacticsnetworknetwork attacksnetwork compromisenetwork devicenetwork protocolnetwork scanningnetwork securitynetwork_reconnaissancenjratnorth americanumbernvrnvr exploitationopenopen threatopendiroperating systemoperation ghostmailoperational disruptionpasspassive dnspassword attackspath traversalpayload deliverypayload downloadpersistence mechanismspersistent network compromisephishingphishing attackphishing trappolandpost-exploitationprocess injectionprocess terminationprotocol exploitationpulse pulsespwn2own exploitationpwn2own vulnerabilitiesratreadsreconnaissancerelated pulsesremcosratremoteremote accessremote code executionremote command executionremote servicesresearchedresource hijackingreverse dnsrolerole titlerondodox botnetrouterrouter exploitationrustystealersaint helena, ascension and tristan da cunhascanning activityscanning hostsearchsentrypeer botnetservicesftp attackshell executionshellshocksmart devicessocial engineeringsourcespamspam botssh attackssh monitoringsshdkitstealeriumstealerstrratsysvt1003t1005t1007t1010t1012t1021t1021.001t1021.002t1027t1027.002t1027.004t1033t1036t1036.005t1036.007t1040t1041t1047t1053t1053.005t1055t1057t1059t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1071.004t1072t1076t1078t1082t1083t1087t1087.003t1088t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1113t1114.003t1129t1133t1140t1189t1190t1203t1204t1204.001t1204.002t1205t1205.001t1210t1222t1480t1485t1486t1496t1497t1497.001t1497.003t1498t1499.001t1499.002t1499.003t1543t1546t1547t1547.001t1558t1562t1563t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1569.001t1571t1572t1573t1573.001t1574t1583t1583.005t1587t1587.001t1588t1588.002t1592t1595t1595.001t1595.002t1595.003t1614tannertcp ddostcp protocolteamtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetoolstraffic mimicrytrend microtrojan malwareturkeytypetype indicatorua-wgetuawgetudp ddosunitedunited statesunixunk_nightowlupnpurlsuser executionusrbinls lusrbinrm fusrbinrm rfvaluevbsvidarvoipvoip attackvulnerabilitiesweb application exploitationweb exploitationweb securityweb serverweb server compromiseweb shellweb trafficwindirwsgidavx86 x8664x8632xmrigxor encodingxwormyara detectionszdizero

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

46%

Confidence

Reports

First seenJun 16, 2025

Last seenJun 7, 2026

GeolocationCN

CountryChina

LocationBeijing, Beijing

ASNAS137718

OrgBeijing Bitone United Networks Technology Service Co., Ltd.

Coords34.7732, 113.7220

VirusTotal

14/ 91vendors flagged

15% detection rateJun 8, 2026

WHOIS

raw: inetnum: 14.103.0.0 - 14.103.255.255 netname: VOLCANO-ENGINE descr: Beijing Volcano Engine Technology Co., Ltd. descr: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN admin-c: YW7147-AP tech-c: JS4370-AP abuse-c: AC1601-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP mnt-lower: MAINT-CNNIC-AP mnt-routes: MAINT-CNNIC-AP mnt-irt: IRT-VOLCANO-ENGINE-CN last-modified: 2022-05-19T06:54:29Z source: APNIC irt: IRT-VOLCANO-ENGINE-CN address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing e-mail: [email protected] abuse-mailbox: [email protected] auth: # Filtered admin-c: YW7147-AP tech-c: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-05-13T02:59:52Z source: APNIC role: ABUSE CNNICCN country: ZZ address: Beijing, China phone: +000000000 e-mail: [email protected] admin-c: IP50-AP tech-c: IP50-AP nic-hdl: AC1601-AP remarks: Generated from irt object IRT-CNNIC-CN abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2024-07-30T11:55:46Z source: APNIC person: Liu Nian address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13810123695 e-mail: [email protected] nic-hdl: JS4370-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:46Z source: APNIC person: Chen Qi address: 1309, 13/F, Building 4, Zijin Digital Park, Haidian District, Beijing country: CN phone: +86-10-13051468788 e-mail: [email protected] nic-hdl: YW7147-AP mnt-by: MAINT-CNNIC-AP last-modified: 2025-01-06T01:34:08Z source: APNIC route: 14.103.145.0/24 origin: AS137718 descr: China Internet Network Information Center Floor1, Building No.1 C/-Chinese Academy of Sciences 4, South 4th Street Haidian District, mnt-by: MAINT-CNNIC-AP last-modified: 2023-07-10T07:16:01Z source: APNIC
references: https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://urlhaus.abuse.ch/browse/

`14.103.145.211`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy