Check an IP Address, Domain Name, Subnet, or ASN

113.30.148.216 was found in our database!

$ whois 113.30.148.216

country·🇪🇸 Spain

city·Madrid

isp·Kamatera, Inc.

asn·AS36007

network·Standard

$ sikker risk 113.30.148.216scoring →

confidence

98%Very High

first_seen·Apr 20, 2026

last_seen·1m ago

sessions·35

events·35

$ sikker protocols 113.30.148.216

SSH

35 / 35

$ sikker summary 113.30.148.216

113.30.148.216 has a threat confidence score of 98%. This IP address from Spain (AS36007, Kamatera, Inc.) has been observed in 35 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh shell history tampering via environment reload. First observed on April 20, 2026, most recently active April 20, 2026.

$ sikker behaviors 113.30.148.216catalog →

highSsh Shell History Tampering Via Environment Reload31x

Identifies an SSH session where the actor manipulates shell environment variables (such as HISTFILE, HISTSIZE, HISTCONTROL, or related variables) and reloads or reinitializes shell history in order to suppress, overwrite, or control command logging. The combination of explicitly setting environment variables and triggering a history reload indicates deliberate command history tampering rather than normal shell usage.

$ sikker primitives 113.30.148.216

ssh_echo_shell_environment_variable33 ssh_history_environment_manipulation_and_reload33

$ sikker related 113.30.148.216

🇪🇸·More threats fromSpain→AS·More threats fromKamatera, Inc.→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
114.29.239.185	96%	5,675
45.61.52.18	100%	268
45.61.57.163	35%	7
209.182.217.63	75%	4
93.93.205.119	98%	42

IP Address	Confidence	Events
91.126.40.196	42%	316
85.152.57.60	50%	534
79.117.252.166	88%	172
185.44.62.109	94%	447
187.33.155.173	95%	976