Check an IP Address, Domain Name, Subnet, or ASN

119.147.37.242 was found in our database!

$ whois 119.147.37.242

country·🇨🇳 China

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 119.147.37.242scoring →

confidence

98%Very High

first_seen·Mar 14, 2026

last_seen·1h ago

sessions·32

events·32

$ sikker protocols 119.147.37.242

SSH

32 / 32

$ sikker summary 119.147.37.242

119.147.37.242 has a threat confidence score of 98%. This IP address from China (AS4134, Chinanet) has been observed in 32 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh automated post compromise recon and persistence chain, ssh authorized keys persistence established. First observed on March 14, 2026, most recently active March 17, 2026.

$ sikker behaviors 119.147.37.242catalog →

very_highSsh Automated Post Compromise Recon And Persistence Chain4x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

very_highSsh Authorized Keys Persistence Established2x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

$ sikker primitives 119.147.37.242

ssh_authorized_keys_replacement_home6 unix_home_ssh_directory_attribute_modification_attempt6 ssh_uname_all4 ssh_whoami_user_identity4 ssh_uname_basic_invocation4 ssh_lscpu_model_field_filter4 ssh_cpuinfo_name_count_via_wc4 ssh_crontab_list_current_user4 ssh_uname_machine_architecture4 ssh_cpuinfo_model_name_line_count4 ssh_w_logged_in_users_enumeration4 ssh_free_mem_multi_field_extraction_mb4 ssh_df_head_second_line_field_extraction4 ssh_cpuinfo_model_field_subset_extraction4 ssh_passwd_stdin_password_change_pipeline4 ssh_top_interactive_process_monitor_invocation4 ssh_passwd_noninteractive_stdin_password_change4 ssh_ls_binary_path_resolution_and_metadata_listing4

$ sikker related 119.147.37.242

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
36.99.46.101	100%	525
115.231.201.134	25%	12
121.229.13.210	100%	768
220.161.125.186	24%	24
222.222.168.9	100%	483

IP Address	Confidence	Events
139.129.13.203	85%	33,483
112.27.178.171	62%	1,682
58.17.107.46	16%	14
111.19.212.140	100%	506
112.92.167.50	100%	232