Check an IP Address, Domain Name, Subnet, or ASN

14.22.76.75 was found in our database!

$ whois 14.22.76.75

country·🇨🇳 China

isp·China Telecom

asn·AS135089

network·Standard

$ sikker risk 14.22.76.75scoring →

confidence

81%Very High

first_seen·Mar 18, 2026

last_seen·Mar 21, 2026

sessions·4

events·4

$ sikker protocols 14.22.76.75

HTTPS

2 / 2

SSH

1 / 1

TELNET

1 / 1

$ sikker summary 14.22.76.75

14.22.76.75 has a threat confidence score of 81%. This IP address from China (AS135089, China Telecom) has been observed in 4 honeypot sessions targeting HTTPS, SSH, TELNET protocols. Detected attack patterns include docker remote exec via api, docker api container exec attempt. First observed on March 18, 2026, most recently active March 21, 2026.

$ sikker behaviors 14.22.76.75catalog →

highDocker Remote Exec Via Api1x

Attacker interaction with an exposed Docker Engine API resulting in container enumeration followed by remote command execution inside running containers. The sequence of GET /containers/json and subsequent POST /containers/{id}/exec and /exec/{id}/start calls represents deliberate hands-on-keyboard activity where the adversary uses the Docker daemon as a control plane to execute commands, deploy payloads, or pivot further within the host environment. This behavior reflects active container abuse observed directly through high-interaction honeypot instrumentation.

highDocker Api Container Exec Attempt1x

Sequence of Docker API interactions involving container enumeration and execution endpoints, including GET requests to list containers followed by POST requests to exec endpoints, indicating an attempt to execute commands inside containers via the Docker remote API.

$ sikker primitives 14.22.76.75

docker_post_method3 docker_container_exec_path2 telnet_echo_hex_escape_sequence_output2 https_query_thinkphp_invokefunction_md5_probe2 https_body_wget_curl_pipe_to_sh_apache_selfrep2 https_php_ini_directive_injection_allow_url_include_auto_prepend_file2 https_path_root1 docker_get_method1 telnet_command_sh1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 docker_exec_start_endpoint1 docker_list_containers_endpoint1 https_phpunit_eval_stdin_rce_probe1 phpunit_eval_stdin_php_header_execution1 phpunit_eval_stdin_endpoint_access_legacy_path1 phpunit_eval_stdin_endpoint_access_src_variant1 phpunit_eval_stdin_endpoint_access_nested_src_path1 phpunit_eval_stdin_endpoint_access_nested_legacy_path1

$ sikker related 14.22.76.75

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom→HTTP·More threats targetingHTTPS→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
183.56.252.185	93%	368
14.22.82.116	100%	907
183.56.243.176	94%	5,904
183.56.235.140	99%	177
14.18.122.240	100%	356

IP Address	Confidence	Events
8.138.98.143	82%	13,191
27.37.77.72	100%	55
120.48.37.54	92%	145
8.138.219.65	87%	14,508
8.142.178.141	94%	1,009