219.150.93.157 — ASN for TIANJIN Provincial Net of CT, CN — Very High (100%)

Check an IP Address, Domain Name, Subnet, or ASN

219.150.93.157 was found in our database!

Confidence Level

100%

Very High?

Geolocation

🇨🇳

China

ISPASN for TIANJIN Provincial Net of CT

ASNAS17638

Activity Timeline

First seenJan 20, 2026, 04:29 PM

Last seen7h ago

352Sessions

603Events

Protocol Breakdown

SSH

352 / 603

219.150.93.157 has a very high threat confidence level of 100%, originating from China, on the ASN for TIANJIN Provincial Net of CT network (17638). It has been observed across 352 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain, ssh interactive environment profiling with access consolidation, First observed on January 20, 2026, most recently active March 2, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Authorized Keys Persistence Established

very_high54x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Ssh Automated Post Compromise Recon And Persistence Chain

very_high1x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

Ssh Interactive Environment Profiling With Access Consolidation

very_high1x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

Primitives

Individual actions observed

Ssh Authorized Keys Replacement Home56 Unix Home Ssh Directory Attribute Modification Attempt56 Ssh Uname All2 Ssh Whoami User Identity2 Ssh Uname Basic Invocation2 Ssh Lscpu Model Field Filter2 Ssh Cpuinfo Name Count Via Wc2 Ssh Crontab List Current User2 Ssh Uname Machine Architecture2 Ssh Cpuinfo Model Name Line Count2 Ssh W Logged In Users Enumeration2 Ssh Free Mem Multi Field Extraction Mb2 Ssh Df Head Second Line Field Extraction2 Ssh Cpuinfo Model Field Subset Extraction2 Ssh Top Interactive Process Monitor Invocation2 Ssh Ls Binary Path Resolution And Metadata Listing2 Ssh Passwd Stdin Password Change Pipeline1 Ssh Chpasswd Password Update Via Echo Pipe1 Ssh Passwd Noninteractive Stdin Password Change1 Ssh Script Cleanup Process Kill And Hosts Deny Clear1

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromASN for TIANJIN Provincial Net of CT SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
36.106.167.245	23%	1
180.213.44.242	100%	188
36.106.166.83	23%	1
36.106.166.62	21%	2
36.106.166.21	23%	1

IP Address	Confidence	Events
14.103.114.227	100%	991
106.12.148.252	65%	629
117.191.83.250	54%	370
14.103.79.220	100%	121
123.138.237.110	70%	43