Check an IP Address, Domain Name, Subnet, or ASN

106.12.152.131 was found in our database!

$ whois 106.12.152.131

country·🇨🇳 China

isp·Beijing Baidu Netcom Science and Technology Co., Ltd.

asn·AS38365

network·Standard

$ sikker risk 106.12.152.131scoring →

confidence

99%Very High

first_seen·Feb 12, 2026

last_seen·1h ago

sessions·56

events·56

$ sikker protocols 106.12.152.131

SSH

55 / 55

TELNET

1 / 1

$ sikker summary 106.12.152.131

106.12.152.131 has a threat confidence score of 99%. This IP address from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.) has been observed in 56 honeypot sessions targeting SSH, TELNET protocols. Detected attack patterns include ssh authorized keys persistence established, ssh interactive environment profiling with access consolidation. First observed on February 12, 2026, most recently active April 2, 2026.

$ sikker behaviors 106.12.152.131catalog →

very_highSsh Authorized Keys Persistence Established8x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Interactive Environment Profiling With Access Consolidation1x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

mediumSsh Home Ssh Attribute Protection Removal Attempt3x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

mediumSsh Uname Kernel And Architecture Discovery2x

Identifies SSH session activity where the attacker executes uname -s -m to retrieve the operating system name and machine architecture for host fingerprinting and payload targeting.

$ sikker primitives 106.12.152.131

unix_home_ssh_directory_attribute_modification_attempt12 ssh_authorized_keys_replacement_home9 ssh_uname_kernel_and_arch2 ssh_uname_all1 ssh_whoami_user_identity1 ssh_uname_basic_invocation1 ssh_lscpu_model_field_filter1 ssh_cpuinfo_name_count_via_wc1 ssh_crontab_list_current_user1 ssh_uname_machine_architecture1 ssh_cpuinfo_model_name_line_count1 ssh_w_logged_in_users_enumeration1 ssh_free_mem_multi_field_extraction_mb1 ssh_df_head_second_line_field_extraction1 ssh_cpuinfo_model_field_subset_extraction1 ssh_chpasswd_password_update_via_echo_pipe1 ssh_top_interactive_process_monitor_invocation1 ssh_ls_binary_path_resolution_and_metadata_listing1 ssh_script_cleanup_process_kill_and_hosts_deny_clear1

$ sikker related 106.12.152.131

🇨🇳·More threats fromChina→AS·More threats fromBeijing Baidu Netcom Science and Technology Co., Ltd.→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
180.76.105.69	100%	527
120.48.153.92	100%	173
180.76.227.2	100%	831
120.48.175.69	100%	942
120.48.50.133	91%	23

IP Address	Confidence	Events
218.92.212.222	79%	17,793
49.64.85.138	100%	1,558
112.46.213.147	81%	11
180.184.28.15	81%	660
183.220.237.230	41%	272