IPMediumSignal 54/100

`14.22.82.116`

Location

China

Guangzhou, Guangdong

ASN

AS135089

Chinanet GD

First Seen

Jun 24, 2024

Last Seen

Jun 6, 2026

Jun 24

First Seen

721d ago

Jun 6

Last Seen

10d ago

Reports

source reports

54%

Confidence

medium

Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

54%

Signal Score

54 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

71 techniques

Network Information

Country

China

RegionGuangzhou, Guangdong

ASNAS135089

OrganizationChinanet GD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

24 reports54% confidence

Source reports

54%

Confidence score

Category tags

abuseaccess attemptaccess attemptsaccess controlaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapache upgradeapplication layer protocolaptasiaasia pacificattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication failuresautomated attackautomated attacksautomated attemptsautomated multi-vector probingautomated threatawaser omanbad reputationbad requestbad web botbanner-grabbingbelgiumbelgiumblacklisted ipblock listblock.txtblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcebuffalo proxyc2c2 communicationcheckmkcheckmk bustachinachina mobileciscocisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloudfrontcncode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommon namecommunication protocolcommunity-sharedcompany limitedcompromised hostcompromised hostscompromised systemsconnection-resetcookiecowriecowrie datacowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential_accessdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase attacksdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea honeypotdionaea interactionsdionaea malware samplesdistributed attacksenterprise networkingenumerationerrinvalidurlerroreuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploitation of privilegeexploited hostexport-to-otxfail2ban blocked ipsfail2ban triggerfail2ban triggeredfailed authenticationfailed login attemptsfailed_loginfattfatt signaturesfilefingerprintfinlandfoundfound datefrancefraud ordersfraud voipftpftp brute forceftp brute-forceftp_brute_forcegame_servergb-originating attackgb_hosted_servergermanygoogle llchackinghetznerhetzner onlinehk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttpshurricane usidentity & access exploitationindiaindicatorinformation technologyinitial accessinitial access preparationinitial-accessinjection activityinjection attacksinternet facing assetsinternet-facingintrusion detectioniociot securityiot targetedip-addressipv4it infrastructurejapankex algorithmskey typekonghong konglamplamp server targetinglamp stacklamp stack targetinglateral movementlinux server targetinglinux systemsllc omanomanlogin attacklogin attemptlogin attemptslogin_attemptltd chinachinamailmail brute forcemailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious script executionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware-related botnet activitymispmod securitymovednetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork-attacknetwork_probenetwork_reconnaissancenextnorth americaoceaniaok serveropen proxyopencanaryopenctip0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpolandpolandport-scanportscanpossible botnet activitypossible botnet infectionpossible malware distributionpotential intrusionprocess injectionprotocol exploitationprotocol-probingproxyransomwareraspberry-pireconnaissancereconnaissance activityremote accessremote access attacksremote access attemptremote servicesresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssectigo publicsecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserverserver maniaservice enumerationservice exploitationservice scanservice: ftpservice: sshsftpsftp access attemptsftp attacksftp exploitation attemptsshell command executionsipsip brute forcesip scanningsitesmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth ridingspamsql injectionsql-injectionsshssh attackssh bruteforcessh monitoringssh-brutessh_brute_forcestaging_serverstatesunitedsuricata alertst1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1563t1565t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1588t1588.004t1589t1589.002t1590t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp/iptelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-inteltimeouttop10.txttopips.txttor nodetpottraffic from gbubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvaryvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb application attacksweb application scanweb attackweb brute forceweb exploitationweb shell detectionweb spamweb trafficweb-attack

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

54%

Confidence

Reports

First seenJun 24, 2024

Last seenJun 6, 2026

GeolocationCN

CountryChina

LocationGuangzhou, Guangdong

ASNAS135089

OrgChinanet GD

Coords34.7732, 113.7220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Banned by Fail2Ban [sshd]
raw: inetnum: 14.16.0.0 - 14.31.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:05Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
references: https://purplesynapz.com/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-16/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-05-16/, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-01/

`14.22.82.116`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy