Check an IP Address, Domain Name, Subnet, or ASN

14.29.245.15 was found in our database!

$ whois 14.29.245.15

country·🇨🇳 China

city·Shanghai

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 14.29.245.15scoring →

confidence

99%Very High

first_seen·Mar 5, 2026

last_seen·1h ago

sessions·80

events·80

$ sikker protocols 14.29.245.15

SSH

80 / 80

$ sikker summary 14.29.245.15

14.29.245.15 has a threat confidence score of 99%. This IP address from China (AS4134, Chinanet) has been observed in 80 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain. First observed on March 5, 2026, most recently active March 16, 2026.

$ sikker behaviors 14.29.245.15catalog →

very_highSsh Authorized Keys Persistence Established6x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Automated Post Compromise Recon And Persistence Chain6x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

$ sikker primitives 14.29.245.15

ssh_authorized_keys_replacement_home12 unix_home_ssh_directory_attribute_modification_attempt12 ssh_uname_all6 ssh_whoami_user_identity6 ssh_uname_basic_invocation6 ssh_lscpu_model_field_filter6 ssh_cpuinfo_name_count_via_wc6 ssh_crontab_list_current_user6 ssh_uname_machine_architecture6 ssh_cpuinfo_model_name_line_count6 ssh_w_logged_in_users_enumeration6 ssh_free_mem_multi_field_extraction_mb6 ssh_df_head_second_line_field_extraction6 ssh_cpuinfo_model_field_subset_extraction6 ssh_passwd_stdin_password_change_pipeline6 ssh_top_interactive_process_monitor_invocation6 ssh_passwd_noninteractive_stdin_password_change6 ssh_ls_binary_path_resolution_and_metadata_listing6

$ sikker related 14.29.245.15

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
180.103.119.98	100%	406
124.225.88.153	99%	10,646
222.93.127.249	99%	102
123.160.164.62	95%	29
36.99.46.101	100%	517

IP Address	Confidence	Events
36.137.79.219	86%	234
47.121.27.80	79%	18,050
39.164.91.67	52%	385
120.253.79.34	53%	676
124.225.88.153	99%	10,648