IOC Radar
IPMediumSignal 46/100

203.33.214.1

Location
AustraliaAustralia
Far Meadow, New South Wales
ASN
AS58519
Backforest Information Services
First Seen
Nov 12, 2024
Last Seen
Apr 1, 2026
Nov 12
First Seen
578d ago
Apr 1
Last Seen
73d ago
18
Reports
source reports
46%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryAUAustralia
RegionFar Meadow, New South Wales
ASNAS58519
OrganizationBackforest Information Services

Feed Intelligence Summary

18 reports46% confidence
18
Source reports
46%
Confidence score
Category tags
abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningapplication layer protocolasiaattackauaustraliaauthenticationauthentication attemptsauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute_forcecentoschinacisco devicecliftoncncommand and controlcommunication protocolcompromised credentialsconnectcowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata store exposuredecoy systemdevice managementdigitalocean vpsdistributed attacksdrive-by compromiseemailenergyenterprise networkingeuropeexploitation activityexploitation attemptsfail2ban blockedfailedfailed loginfileftpftp brute forcegame_servergithubgroupshoneytrap honeypotidentity & access exploitationindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityit infrastructurelamplamp attacklogin attemptmailoney attackmailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremanualmysqlnetworknetwork infrastructurenetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnginxnoticeoceaniaopensshpasswordpassword attackpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonransomwarereconnaissanceremote service exploitationremote service interactionremote servicesresearchedscanscannerscanning activityscriptsecurity policyserverservice scansftpsftp attacksftp exploit attemptslugsmtpsocial engineeringsoftware developmentsshssh attackssh monitoringstaging_serversurface webt1021t1021.004t1040t1041t1047t1053.005t1055t1059t1059.004t1071.001t1078t1078.001t1078.002t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1567t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceubuntuunauthorized accessunauthorized access attemptunited kingdomuploadvalid accountsvoipweb server attackszabbix

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
18
Reports
First seenNov 12, 2024
Last seenApr 1, 2026
GeolocationAU
CountryAustralia
LocationFar Meadow, New South Wales
ASNAS58519
OrgBackforest Information Services
Coords34.7732, 113.7220

VirusTotal

Not checked

WHOIS

description
2025-05-01T03:50:14.443Z Honeypot : Cowrie : Source: 203.33.214.1 Data: login attempt [root/Xq123456@] failed
raw
inetnum: 203.33.214.0 - 203.33.215.255 netname: CHINANET-FJ descr: CHINANET FUJIAN PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CN admin-c: CA67-AP tech-c: CA67-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-FJ mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:34Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-04-24T03:21:26Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC role: CHINANETFJ IP ADMIN address: 7,East Street,Fuzhou,Fujian,PRC country: CN phone: +86-591-83309761 fax-no: +86-591-83371954 e-mail: [email protected] remarks: send spam reports and abuse reports remarks: to [email protected] remarks: Please include detailed information and remarks: times in UTC admin-c: FH71-AP tech-c: FH71-AP nic-hdl: CA67-AP remarks: www.fjtelecom.com notify: [email protected] mnt-by: MAINT-CHINANET-FJ last-modified: 2011-12-06T00:10:50Z source: APNIC
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 18 threat reports