Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
120.48.123.76 has a very high threat confidence level of 100%, originating from Beijing, China, on the Beijing Baidu Netcom Science and Technology Co., Ltd. network (38365). It has been observed across 511 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, ssh interactive environment profiling with access consolidation, ssh automated post compromise recon and persistence chain, First observed on January 21, 2026, most recently active March 3, 2026.
Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.
Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.
Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.
Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.