120.48.130.213 — Beijing Baidu Netcom Science and Technology Co., Ltd., CN — Very High (100%)

Check an IP Address, Domain Name, Subnet, or ASN

120.48.130.213 was found in our database!

Confidence Level

100%

Very High?

Geolocation

🇨🇳

ChinaBeijing

ISPBeijing Baidu Netcom Science and Technology Co., Ltd.

ASNAS38365

Activity Timeline

First seenJan 21, 2026, 11:09 AM

Last seen3h ago

427Sessions

781Events

Protocol Breakdown

SSH

427 / 781

120.48.130.213 has a very high threat confidence level of 100%, originating from Beijing, China, on the Beijing Baidu Netcom Science and Technology Co., Ltd. network (38365). It has been observed across 427 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain, First observed on January 21, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Authorized Keys Persistence Established

very_high61x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Ssh Automated Post Compromise Recon And Persistence Chain

very_high2x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

Ssh Home Ssh Attribute Protection Removal Attempt

medium3x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

Primitives

Individual actions observed

Unix Home Ssh Directory Attribute Modification Attempt66 Ssh Authorized Keys Replacement Home63 Ssh Uname All2 Ssh Whoami User Identity2 Ssh Uname Basic Invocation2 Ssh Lscpu Model Field Filter2 Ssh Cpuinfo Name Count Via Wc2 Ssh Crontab List Current User2 Ssh Uname Machine Architecture2 Ssh Cpuinfo Model Name Line Count2 Ssh W Logged In Users Enumeration2 Ssh Free Mem Multi Field Extraction Mb2 Ssh Df Head Second Line Field Extraction2 Ssh Cpuinfo Model Field Subset Extraction2 Ssh Passwd Stdin Password Change Pipeline2 Ssh Top Interactive Process Monitor Invocation2 Ssh Passwd Noninteractive Stdin Password Change2 Ssh Ls Binary Path Resolution And Metadata Listing2

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromBeijing Baidu Netcom Science and Technology Co., Ltd.SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
106.12.29.184	100%	658
120.48.52.58	100%	668
106.13.181.87	53%	362
180.76.202.69	100%	629
106.13.121.235	100%	677

IP Address	Confidence	Events
39.103.198.31	83%	678
210.14.142.89	100%	840
122.115.225.109	100%	504
106.12.29.184	100%	660
36.134.69.15	100%	487