Check an IP Address, Domain Name, Subnet, or ASN

183.141.208.15 was found in our database!

$ whois 183.141.208.15

country·🇨🇳 China

city·Jiaxing

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 183.141.208.15scoring →

confidence

99%Very High

first_seen·Mar 25, 2026

last_seen·1h ago

sessions·29

events·29

$ sikker protocols 183.141.208.15

SSH

29 / 29

$ sikker summary 183.141.208.15

183.141.208.15 has a threat confidence score of 99%. This IP address from China (AS4134, Chinanet) has been observed in 29 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh interactive environment profiling with access consolidation, ssh authorized keys persistence established. First observed on March 25, 2026, most recently active March 29, 2026.

$ sikker behaviors 183.141.208.15catalog →

very_highSsh Interactive Environment Profiling With Access Consolidation4x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

very_highSsh Authorized Keys Persistence Established3x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 183.141.208.15

unix_home_ssh_directory_attribute_modification_attempt8 ssh_authorized_keys_replacement_home7 ssh_uname_all4 ssh_whoami_user_identity4 ssh_uname_basic_invocation4 ssh_lscpu_model_field_filter4 ssh_cpuinfo_name_count_via_wc4 ssh_crontab_list_current_user4 ssh_uname_machine_architecture4 ssh_cpuinfo_model_name_line_count4 ssh_w_logged_in_users_enumeration4 ssh_free_mem_multi_field_extraction_mb4 ssh_df_head_second_line_field_extraction4 ssh_cpuinfo_model_field_subset_extraction4 ssh_chpasswd_password_update_via_echo_pipe4 ssh_top_interactive_process_monitor_invocation4 ssh_ls_binary_path_resolution_and_metadata_listing4 ssh_script_cleanup_process_kill_and_hosts_deny_clear4

$ sikker related 183.141.208.15

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
36.104.144.114	100%	776
124.116.23.182	38%	44
122.224.240.99	100%	1,053
182.200.50.66	48%	2
116.21.127.60	69%	136

IP Address	Confidence	Events
39.99.214.254	85%	71,251
36.213.78.209	92%	33
120.196.66.80	100%	246
154.8.141.239	94%	44
36.104.144.114	100%	776