← Back to feed

Subnet 14.103.114.0/24

SUBNET Active high

Why this campaign was detected

11 IPs from the same /24 subnet (14.103.114.0/24) were observed attacking our sensors within the same time window. All belong to China Telecom Group (AS4811). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.

Primary ASN

AS4811 · China Telecom Group

Subnet

14.103.114.0/24

Country

🇨🇳 CN

Cloud Provider

—

Member Count

11 IPs

Below average

Total Events

1025

Below average by volume

Started / Ended

2026-02-18 12:22 — ongoing

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1078

Credential Access

T1110 T1110.001

Discovery

T1016 T1046 T1082

Command and Control

T1105

Member Actors

IP Address	Behavior	Confidence	Flags	Events	Agents	Attack Types	Hostname	Last Seen
14.103.114.136	credential_harvester	65%	1x OSINT	160	2	ssh:bruteforce	—	2026-05-30 01:41	evidence →
14.103.114.244	scanner	58%		28	2	ssh:bruteforce	—	2026-05-30 13:29	evidence →
14.103.114.172	scanner	56%	1x OSINT	148	2	ssh:bruteforce	—	2026-05-25 09:11	evidence →
14.103.114.195	scanner	55%	1x OSINT	104	2	ssh:bruteforce	—	2026-05-30 13:16	evidence →
14.103.114.17	scanner	52%		205	2	ssh:bruteforce	—	2026-05-30 18:40	evidence →
14.103.114.63	credential_harvester	51%		143	1	ssh:bruteforce	—	2026-05-30 01:43	evidence →
14.103.114.22	scanner	47%	1x OSINT	35	3	ssh:bruteforce	—	2026-05-24 17:55	evidence →
14.103.114.89	credential_harvester	45%	1x OSINT	133	2	ssh:bruteforce	—	2026-05-25 06:47	evidence →
14.103.114.234	scanner	39%		37	2	ssh:bruteforce	—	2026-05-26 20:48	evidence →
14.103.114.20	credential_probe	30%	1x OSINT	28	1	ssh:bruteforce	—	2026-05-29 06:54	evidence →
14.103.114.55	scanner	21%		4	1	ssh:bruteforce	—	2026-05-28 11:05	evidence →

VPN Known VPN or proxy provider

DROP ASN on Spamhaus DROP list

Nx OSINT Corroborated by N external threat feeds