Check an IP Address, Domain Name, Subnet, or ASN

118.196.29.193 was found in our database!

$ whois 118.196.29.193

country·🇨🇳 China

isp·China Telecom Group

asn·AS4811

network·Standard

$ sikker risk 118.196.29.193scoring →

confidence

99%Very High

first_seen·Mar 2, 2026

last_seen·46m ago

sessions·108

events·108

$ sikker protocols 118.196.29.193

SSH

108 / 108

$ sikker summary 118.196.29.193

118.196.29.193 has a threat confidence score of 99%. This IP address from China (AS4811, China Telecom Group) has been observed in 108 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain. First observed on March 2, 2026, most recently active March 16, 2026.

$ sikker behaviors 118.196.29.193catalog →

very_highSsh Authorized Keys Persistence Established9x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Automated Post Compromise Recon And Persistence Chain2x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 118.196.29.193

unix_home_ssh_directory_attribute_modification_attempt12 ssh_authorized_keys_replacement_home11 ssh_uname_all2 ssh_whoami_user_identity2 ssh_uname_basic_invocation2 ssh_lscpu_model_field_filter2 ssh_cpuinfo_name_count_via_wc2 ssh_crontab_list_current_user2 ssh_uname_machine_architecture2 ssh_cpuinfo_model_name_line_count2 ssh_w_logged_in_users_enumeration2 ssh_free_mem_multi_field_extraction_mb2 ssh_df_head_second_line_field_extraction2 ssh_cpuinfo_model_field_subset_extraction2 ssh_passwd_stdin_password_change_pipeline2 ssh_top_interactive_process_monitor_invocation2 ssh_passwd_noninteractive_stdin_password_change2 ssh_ls_binary_path_resolution_and_metadata_listing2

$ sikker related 118.196.29.193

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom Group→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
218.78.59.30	100%	124
14.103.111.13	100%	695
118.196.26.161	100%	447
14.103.71.220	100%	1,091
14.103.115.234	100%	540

IP Address	Confidence	Events
222.209.84.37	37%	155
14.103.122.90	100%	543
43.226.45.89	51%	35
14.103.153.174	100%	742
14.103.127.199	100%	890