IOC Radar
IPMediumSignal 53/100

14.18.113.233

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS58466
Chinanet GD
First Seen
Sep 14, 2023
Last Seen
Jun 6, 2026
Sep 14
First Seen
1016d ago
Jun 6
Last Seen
21d ago
29
Reports
source reports
53%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

69 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS58466
OrganizationChinanet GD

Feed Intelligence Summary

29 reports53% confidence
29
Source reports
53%
Confidence score
Category tags
abuseabuseipdbaccess attemptaccess attemptsaccess controlaccount compromiseactive scanactive scanninganomalous network connectionsapacheapache attackerasiaatif feedattackattack origin: malaysiaattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_failuresauto-generated securityautomated attackautomated attacksautomated botnet activityautomated threatbad reputationbad web botbanlist feedbanner-grabbingbinary defenseblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowriecowrie datacowrie honeypotcredential accesscredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential-harvestingcredential-stuffingcredential_attackcredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftddosddos attackddos mitigationddos preventiondecoy systemdenial of servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdictionary_attackdigital oceandionaea activitydionaea honeypotdistributed attacksdos attemptenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploit preventionexploit probingexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexternal attackexternal network probingexternal port scanningexternal remote servicesexternal_threatfail2ban blocked ipsfail2ban eventfail2ban triggeredfailed loginfattfatt analysisfinlandfranceftpftp attacksftp brute forceftp brute-forcegb-originating trafficgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttp/shttps scanninghurricane usidentity & access exploitationimap brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinjection activityinternet-wide monitoringintrusion attemptsintrusion detectioniocipv4ipv4 activityipv4 attackit infrastructurejapanlamplamp stacklateral movementlcialinux systemslogin attacklogin attemptlogin attemptslogin securitymailmailoney activitymailoney honeypotmalaysiamalicious activitymalicious ip activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious ssh loginmalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmispmod securitynetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_probingnetwork_reconnaissancenginxnorth americanoticeoceaniap0fp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingpassword_attackpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible malware distributionpossible malware probingpotential malware uploadprocess injectionproject_gifted1protocol exploitationransomwarereconnaissancereconnaissance activityred piranharemote accessremote access attemptremote service exploitationremote servicesremote_accessresearchresearchedresource hijackingrtbhscanscannerscannersscanning activitysecure shell protocolsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetservice scanservice_enumerationsftp access attemptssftp attacksftp attackssftp exploitation attemptssingaporesip attackssip brute forcesip scanningsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh attacksssh bruteforcessh monitoringssh-brutesuricata alertsswedent-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.003t1078.004t1078: valid accountst1083t1087t1105t1110t1110.001t1110.001: password guessingt1110.002t1110.003t1110.004t1110: brute forcet1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.002t1588.003t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003ta0001: initial accesstannertanner activitytcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencetimeouttokyotop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunauthorized-access-attemptunauthorized_activityunited kingdomunited statesus abuseus noneuser enumerationvalid accountsvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb exploitationweb spamweb trafficworker_strike

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
29
Reports
First seenSep 14, 2023
Last seenJun 6, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS58466
OrgChinanet GD
Coords23.1317, 113.2660

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 14.16.0.0 - 14.31.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:05Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 21 days ago
Appeared in 29 threat reports