223.109.140.47 — China Mobile communications corporation, CN — Very High (98%)

Check an IP Address, Domain Name, Subnet, or ASN

223.109.140.47 was found in our database!

Confidence Level

98%

Very High?

Geolocation

🇨🇳

China

ISPChina Mobile communications corporation

ASNAS56046

Activity Timeline

First seenFeb 7, 2026, 09:45 AM

Last seen2h ago

67Sessions

74Events

Protocol Breakdown

SSH

67 / 74

223.109.140.47 has a very high threat confidence level of 98%, originating from China, on the China Mobile communications corporation network (56046). It has been observed across 67 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, ssh interactive environment profiling with access consolidation, First observed on February 7, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Authorized Keys Persistence Established

very_high5x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Ssh Interactive Environment Profiling With Access Consolidation

very_high1x

Identifies an SSH session performing multi-method system profiling (CPU model extraction, memory and disk inspection, active user/process monitoring), followed by SSH key replacement and password update indicative of interactive access validation and consolidation rather than single-shot automated takeover.

Ssh Uname Kernel And Architecture Discovery

medium3x

Identifies SSH session activity where the attacker executes uname -s -m to retrieve the operating system name and machine architecture for host fingerprinting and payload targeting.

Primitives

Individual actions observed

Ssh Authorized Keys Replacement Home6 Unix Home Ssh Directory Attribute Modification Attempt6 Ssh Uname Kernel And Arch3 Ssh Uname All1 Ssh Whoami User Identity1 Ssh Uname Basic Invocation1 Ssh Lscpu Model Field Filter1 Ssh Cpuinfo Name Count Via Wc1 Ssh Crontab List Current User1 Ssh Uname Machine Architecture1 Ssh Cpuinfo Model Name Line Count1 Ssh W Logged In Users Enumeration1 Ssh Free Mem Multi Field Extraction Mb1 Ssh Df Head Second Line Field Extraction1 Ssh Cpuinfo Model Field Subset Extraction1 Ssh Chpasswd Password Update Via Echo Pipe1 Ssh Top Interactive Process Monitor Invocation1 Ssh Ls Binary Path Resolution And Metadata Listing1 Ssh Script Cleanup Process Kill And Hosts Deny Clear1

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromChina Mobile communications corporation SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
223.107.72.234	52%	338
183.207.186.22	100%	530
36.151.150.98	33%	8
120.195.161.46	93%	80,951
36.153.164.122	48%	223

IP Address	Confidence	Events
49.118.254.249	79%	25
180.184.93.3	68%	42
49.88.156.34	99%	4,242
116.55.245.26	100%	452
59.80.22.209	70%	51