Check an IP Address, Domain Name, Subnet, or ASN

118.145.213.116 was found in our database!

$ whois 118.145.213.116

country·🇨🇳 China

isp·Beijing Volcano Engine Technology Co., Ltd.

asn·AS137718

network·Standard

$ sikker risk 118.145.213.116scoring →

confidence

83%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·114

events·350

$ sikker protocols 118.145.213.116

SSH

114 / 350

$ sikker summary 118.145.213.116

118.145.213.116 has a threat confidence score of 83%. This IP address from China (AS137718, Beijing Volcano Engine Technology Co., Ltd.) has been observed in 114 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh automated post compromise recon and persistence chain. First observed on January 21, 2026, most recently active April 22, 2026.

$ sikker behaviors 118.145.213.116catalog →

very_highSsh Automated Post Compromise Recon And Persistence Chain1x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 118.145.213.116

unix_home_ssh_directory_attribute_modification_attempt2 ssh_uname_all1 ssh_whoami_user_identity1 ssh_uname_basic_invocation1 ssh_lscpu_model_field_filter1 ssh_cpuinfo_name_count_via_wc1 ssh_crontab_list_current_user1 ssh_uname_machine_architecture1 ssh_cpuinfo_model_name_line_count1 ssh_w_logged_in_users_enumeration1 ssh_authorized_keys_replacement_home1 ssh_free_mem_multi_field_extraction_mb1 ssh_df_head_second_line_field_extraction1 ssh_cpuinfo_model_field_subset_extraction1 ssh_passwd_stdin_password_change_pipeline1 ssh_top_interactive_process_monitor_invocation1 ssh_passwd_noninteractive_stdin_password_change1 ssh_ls_binary_path_resolution_and_metadata_listing1

$ sikker related 118.145.213.116

🇨🇳·More threats fromChina→AS·More threats fromBeijing Volcano Engine Technology Co., Ltd.→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
115.190.56.163	95%	2,068
115.190.180.203	95%	81
115.190.106.26	95%	2,940
115.190.1.54	95%	1,969
115.190.222.175	94%	1,258

IP Address	Confidence	Events
47.112.174.69	84%	4,429
120.48.37.54	93%	225
111.228.60.223	95%	1,764
175.42.32.205	96%	10,293
36.25.240.114	99%	6,632