IPMediumSignal 55/100

`94.231.206.14`

Location

China

Shenzhen, Guangdong

ASN

AS213412

Onyphe SAS

First Seen

Nov 27, 2025

Last Seen

Jun 13, 2026

Nov 27

First Seen

209d ago

Jun 13

Last Seen

10d ago

Reports

source reports

55%

Confidence

medium

Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

55%

Signal Score

55 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

94 techniques

Network Information

Country

China

RegionShenzhen, Guangdong

ASNAS213412

OrganizationOnyphe SAS

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

15 reports55% confidence

Source reports

55%

Confidence score

Category tags

abuseaccess attemptsaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackattack activityattacker ipsattacker-ipattacking-ipsaustraliaauthentication attemptsautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botblog spambotnetbotnet activitybotnet activity detectedbotnet activity detectionbotnet indicatorsbotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcec&c communicationc2c2 communicationchinaciscocisco devicecisco exploitationcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecloud_infrastructurecncommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostscompromised systemcompromised systemsconnected devicesconpot honeypotcowriecowrie attackscowrie honeypotcowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential theftcredential-accesscredential-harvestingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos activityddos attackddos botnetddos reflectiondecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean ipsdionaeadionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationenv-huntingeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexternal access attemptsexternal attackexternal threatexternal-threatexternal_threatfattfingerprintingfranceftpftp brute forcehackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpshydraics securityidentity & access exploitationidsimapindicatorindicators-of-compromiseindustrial control systemsindustrial iotinitial accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-scanninginternet-wide observationinternet-wide scaninternet_wide_scanintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackipv4ipv4 activityipv4 indicatorsipv4-addressesipv4-scanningipv4_activityipv4_indicatorslamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinuxlinux serverslinux systemslinux-server-attacklinux_server_attackslogin attackmailoney honeypotmalicious activitymalicious activity detectedmalicious infrastructuremalicious softwaremalicious trafficmalicious-login-attemptsmalicious-scanmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware indicatorsmalware propagationmalware_activitymass-scanningmasscanmsp-ctimssqlmssql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-reconnaissancenetwork_discoverynetwork_scannetwork_scanningnginxnmapoceaniaopenctiopportunistic-attackp0fpassword attackpassword attacksphishingphishing attackphishing campaignphishing trapport-scanningportscanpossible malware distributionpossible mirai variantpotential credential stuffingpre-attackprocess injectionprotocol exploitationprotocol-abusepublic cloud targetingransomwarereconnaissanceremote accessremote service exploitationremote servicesresearchedresource hijackingsansscannerscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice enumerationservice scanservice scanningservice-discoverysftpsftp access attemptsftp activitysftp attacksftp attackssftp exploitation attemptsftp-attacksgsingaporesipsip attackssip brute forcesip scanningsmart devicessmb attackssmb brute forcesmtpsocial engineeringsocradar honeypotsoftware exploitationspamspam botnetspam campaignsspam sendingsql injectionsshssh attackssh attacksssh monitoringssh-brute-forcesyn_scansystem accesst-pott1003t1003.001t1003.002t1003.003t1003.004t1003.005t1003.006t1003.007t1003.008t1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.004t1076t1077t1078t1078.002t1078.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1555.001t1555.002t1555.003t1555.004t1555.005t1555.006t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1571t1573t1573.001t1573.002t1583t1589t1590t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp-scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelthreat intelligencethreat preventionthreat-intelligencetor nodetpottraffic anomalyudp port scanudp scanudp-scanunattributed activityunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunknown threat actorurlsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb serverweb server attacksweb spamweb trafficweb-application-attackweb_attackxmas_scan

Activity Timeline

1 total obs

Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

55%

Confidence

Reports

First seenNov 27, 2025

Last seenJun 13, 2026

GeolocationCN

CountryChina

LocationShenzhen, Guangdong

ASNAS213412

OrgOnyphe SAS

Coords48.8582, 2.3387

VPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw: inetnum: 94.0.0.0 - 94.255.255.255 netname: IANA-NETBLOCK-94 descr: This network range is not allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email [email protected]. mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-30/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-28/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-22/, ip_iocs.csv, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-22/

`94.231.206.14`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey