Check an IP Address, Domain Name, Subnet, or ASN

222.186.170.245 was found in our database!

$ whois 222.186.170.245

country·🇨🇳 China

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 222.186.170.245scoring →

confidence

96%Very High

first_seen·Apr 8, 2026

last_seen·14m ago

sessions·21

events·21

$ sikker protocols 222.186.170.245

SSH

21 / 21

$ sikker summary 222.186.170.245

222.186.170.245 has a threat confidence score of 96%. This IP address from China (AS4134, Chinanet) has been observed in 21 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh automated post compromise recon and persistence chain, ssh interactive environment profiling with access consolidation. First observed on April 8, 2026, most recently active April 15, 2026.

$ sikker behaviors 222.186.170.245catalog →

very_highSsh Automated Post Compromise Recon And Persistence Chain2x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

very_highSsh Interactive Environment Profiling With Access Consolidation1x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

mediumSsh Uname Kernel And Architecture Discovery1x

Identifies SSH session activity where the attacker executes uname -s -m to retrieve the operating system name and machine architecture for host fingerprinting and payload targeting.

$ sikker primitives 222.186.170.245

ssh_uname_all3 ssh_whoami_user_identity3 ssh_uname_basic_invocation3 ssh_lscpu_model_field_filter3 ssh_cpuinfo_name_count_via_wc3 ssh_crontab_list_current_user3 ssh_uname_machine_architecture3 ssh_cpuinfo_model_name_line_count3 ssh_w_logged_in_users_enumeration3 ssh_authorized_keys_replacement_home3 ssh_free_mem_multi_field_extraction_mb3 ssh_df_head_second_line_field_extraction3 ssh_cpuinfo_model_field_subset_extraction3 ssh_top_interactive_process_monitor_invocation3 ssh_ls_binary_path_resolution_and_metadata_listing3 unix_home_ssh_directory_attribute_modification_attempt3 ssh_passwd_stdin_password_change_pipeline2 ssh_passwd_noninteractive_stdin_password_change2 ssh_uname_kernel_and_arch1 ssh_chpasswd_password_update_via_echo_pipe1

$ sikker related 222.186.170.245

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
218.13.227.26	67%	550
113.62.129.20	97%	4,699
180.100.214.142	97%	2,577
171.15.129.8	95%	1,737
218.86.247.190	97%	5,581

IP Address	Confidence	Events
218.13.227.26	67%	550
8.148.180.18	84%	6,870
115.190.240.99	95%	156
36.25.240.114	99%	3,487
1.95.73.244	96%	1,719