Check an IP Address, Domain Name, Subnet, or ASN

130.162.132.75 was found in our database!

$ whois 130.162.132.75

country·🇰🇷 South Korea

city·Seoul

isp·Oracle Corporation

asn·AS31898

network·Standard

$ sikker risk 130.162.132.75scoring →

confidence

100%Very High

first_seen·Feb 20, 2026

last_seen·2h ago

first_reported·Mar 19, 2026

last_reported·2d ago

sessions·230

events·230

reports·1

$ sikker protocols 130.162.132.75

SSH

230 / 230 / 1r

$ sikker summary 130.162.132.75

130.162.132.75 has a threat confidence score of 100%. This IP address from South Korea (AS31898, Oracle Corporation) has been observed in 230 honeypot sessions and reported 1 times targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain. First observed on February 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 130.162.132.75catalog →

very_highSsh Authorized Keys Persistence Established56x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Automated Post Compromise Recon And Persistence Chain1x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

$ sikker primitives 130.162.132.75

ssh_authorized_keys_replacement_home57 unix_home_ssh_directory_attribute_modification_attempt57 ssh_uname_all1 ssh_whoami_user_identity1 ssh_uname_basic_invocation1 ssh_lscpu_model_field_filter1 ssh_cpuinfo_name_count_via_wc1 ssh_crontab_list_current_user1 ssh_uname_machine_architecture1 ssh_cpuinfo_model_name_line_count1 ssh_w_logged_in_users_enumeration1 ssh_free_mem_multi_field_extraction_mb1 ssh_df_head_second_line_field_extraction1 ssh_cpuinfo_model_field_subset_extraction1 ssh_passwd_stdin_password_change_pipeline1 ssh_top_interactive_process_monitor_invocation1 ssh_passwd_noninteractive_stdin_password_change1 ssh_ls_binary_path_resolution_and_metadata_listing1

$ sikker reports 130.162.132.75submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	Mar 19, 2026, 01:59	Brute Force	SSH	SikkerGuard: 14 blocked packets

$ sikker related 130.162.132.75

🇰🇷·More threats fromSouth Korea→AS·More threats fromOracle Corporation→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
134.185.117.241	100%	7,489
130.61.73.99	67%	14
146.235.40.233	73%	19
64.181.211.198	97%	87
161.118.244.10	72%	177

IP Address	Confidence	Events
118.128.157.134	97%	3,424
223.175.83.185	49%	9
43.128.156.102	96%	1,576
183.110.216.133	96%	1,840
222.103.93.113	97%	2,285