14.103.173.201 — China Telecom Group, CN — High (74%)

Check an IP Address, Domain Name, Subnet, or ASN

14.103.173.201 was found in our database!

Confidence Level

74%

High?

Geolocation

🇨🇳

China

ISPChina Telecom Group

ASNAS4811

Activity Timeline

First seenJan 20, 2026, 10:56 PM

Last seen21d ago

393Sessions

1,348Events

Protocol Breakdown

SSH

393 / 1348

14.103.173.201 has a high threat confidence level of 74%, originating from China, on the China Telecom Group network (4811). It has been observed across 393 sessions targeting SSH, First observed on January 20, 2026, most recently active February 9, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Home Ssh Attribute Protection Removal Attempt

medium1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

Primitives

Individual actions observed

Unix Home Ssh Directory Attribute Modification Attempt1

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromChina Telecom Group SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
218.78.100.21	35%	3
14.103.120.75	100%	547
14.103.122.187	100%	751
14.103.119.118	100%	340
14.103.118.212	100%	708

IP Address	Confidence	Events
14.103.114.227	100%	991
106.12.148.252	65%	629
117.191.83.250	54%	370
14.103.79.220	100%	121
123.138.237.110	70%	43