IPMediumSignal 68/100
14.116.189.74
Location
ChinaShenzhen, Guangdong
ASN
AS4134
Chinanet GD
First Seen
Mar 20, 2021
Last Seen
Jun 3, 2026
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionShenzhen, Guangdong
ASNAS4134
OrganizationChinanet GD
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
35 reports68% confidence
35
Source reports
68%
Confidence score
Category tags
abuseaccess attemptaccount compromiseaccount takeover attemptactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication brute forceauthentication_failuresautomated attackautomated attacksautomated attemptsbad reputationbad web botbanner-grabbingblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcloud environmentcloud hostingcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-harvestingcredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attemptdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploitationexploitation activityexploitation attemptsexploitation of privilegeexploited hostexport-to-otxexternal ipexternal-threatfail2ban blocked ipfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfilefinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane ushydraidentity & access exploitationimapindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinjection activityinjection attacksinternet-wide scaniociot securityiot targetedipv4ipv4-addressesit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp server targetinglamp stacklamp stack targetinglateral movementlinux server targetinglinux systemslogin attacklogin attackslogin attemptlogin attemptslogin brute forcelogin securitylow-riskmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualmasscanmedusamispnetworknetwork accessnetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-reconnaissancenginxnmapnorth americanoticeoceaniaopen proxyosintp0fpassword attackpassword attackspassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationprotocol-probingproxyransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote access attemptsremote service exploitationremote service interactionremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity eventsecurity operationssensor-taggedsentrypeer botnetservice scansftp access attemptsftp attacksftp exploitation attemptsshell command executionsipsip scansmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsoftware developmentspamsql injection attemptsshssh attackssh bruteforcessh monitoringssh scanssh-brutessh_protocolswedent1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttop10.txttopips.txttor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesunknown threat actorus abuseus nonevalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrweb app attackweb application attackweb application scanweb brute forceweb exploitationweb loginweb spamweb traffic
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
35
Reports
First seenMar 20, 2021
Last seenJun 3, 2026
GeolocationCN
CountryChina
LocationShenzhen, Guangdong
ASNAS4134
OrgChinanet GD
Coords22.5455, 114.0683
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues
- raw
- inetnum: 14.112.0.0 - 14.127.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:05:16Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 12 days ago
Appeared in 35 threat reports