Check an IP Address, Domain Name, Subnet, or ASN

14.103.112.243 was found in our database!

$ whois 14.103.112.243

country·🇨🇳 China

isp·China Telecom Group

asn·AS4811

network·Standard

$ sikker risk 14.103.112.243scoring →

confidence

100%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·292

events·547

$ sikker protocols 14.103.112.243

SSH

292 / 547

$ sikker summary 14.103.112.243

14.103.112.243 has a threat confidence score of 100%. This IP address from China (AS4811, China Telecom Group) has been observed in 292 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh interactive environment profiling with access consolidation, ssh automated post compromise recon and persistence chain. First observed on January 21, 2026, most recently active March 16, 2026.

$ sikker behaviors 14.103.112.243catalog →

very_highSsh Authorized Keys Persistence Established33x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Interactive Environment Profiling With Access Consolidation5x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

very_highSsh Automated Post Compromise Recon And Persistence Chain2x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

$ sikker primitives 14.103.112.243

ssh_authorized_keys_replacement_home41 unix_home_ssh_directory_attribute_modification_attempt41 ssh_uname_all7 ssh_whoami_user_identity7 ssh_uname_basic_invocation7 ssh_lscpu_model_field_filter7 ssh_cpuinfo_name_count_via_wc7 ssh_crontab_list_current_user7 ssh_uname_machine_architecture7 ssh_cpuinfo_model_name_line_count7 ssh_w_logged_in_users_enumeration7 ssh_free_mem_multi_field_extraction_mb7 ssh_df_head_second_line_field_extraction7 ssh_cpuinfo_model_field_subset_extraction7 ssh_top_interactive_process_monitor_invocation7 ssh_ls_binary_path_resolution_and_metadata_listing7 ssh_chpasswd_password_update_via_echo_pipe5 ssh_script_cleanup_process_kill_and_hosts_deny_clear5 ssh_passwd_stdin_password_change_pipeline2 ssh_passwd_noninteractive_stdin_password_change2

$ sikker related 14.103.112.243

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom Group→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
14.103.127.231	100%	522
14.103.220.97	100%	729
14.103.174.120	100%	425
14.103.115.156	100%	1,275
14.103.112.228	100%	672

IP Address	Confidence	Events
42.233.128.109	100%	13
139.196.233.120	83%	21,500
139.198.30.179	81%	910
110.41.49.9	94%	70
111.228.55.0	73%	41