← Back to feed

Subnet 14.103.114.0/24

SUBNET Active high
Why this campaign was detected
3 IPs from the same /24 subnet (14.103.114.0/24) were observed attacking our sensors within the same time window. All belong to China Telecom Group (AS4811). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS4811 · China Telecom Group
Subnet
14.103.114.0/24
Country
🇨🇳 CN
Cloud Provider
Member Count
3 IPs
Below average
Total Events
432
Below average by volume
Started / Ended
2026-02-18 12:22 — ongoing
Attack Types
ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
14.103.114.197 scanner 71% 244 3 ssh:bruteforce 2026-07-14 21:36 evidence →
14.103.114.89 credential_harvester 56% 1x OSINT 163 2 ssh:bruteforce 2026-07-17 19:59 evidence →
14.103.114.221 scanner 37% 1x OSINT 25 2 ssh:bruteforce 2026-07-15 15:51 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds