← Back to feed
Subnet 14.103.114.0/24
SUBNET Active highWhy this campaign was detected
3 IPs from the same /24 subnet (14.103.114.0/24) were observed attacking our sensors within the same time window. All belong to China Telecom Group (AS4811). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS4811 · China Telecom Group
Subnet
14.103.114.0/24
Country
🇨🇳 CN
Cloud Provider
—
Member Count
3 IPs
Below average
Total Events
432
Below average by volume
Started / Ended
2026-02-18 12:22 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Command and Control
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 14.103.114.197 | scanner | 71% | 244 | 3 | ssh:bruteforce | — | 2026-07-14 21:36 | evidence → | |
| 14.103.114.89 | credential_harvester | 56% | 1x OSINT | 163 | 2 | ssh:bruteforce | — | 2026-07-17 19:59 | evidence → |
| 14.103.114.221 | scanner | 37% | 1x OSINT | 25 | 2 | ssh:bruteforce | — | 2026-07-15 15:51 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds