Check an IP Address, Domain Name, Subnet, or ASN

171.211.125.105 was found in our database!

$ whois 171.211.125.105

country·🇨🇳 China

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 171.211.125.105scoring →

confidence

80%Very High

first_seen·Apr 2, 2026

last_seen·5m ago

sessions·11

events·11

$ sikker protocols 171.211.125.105

SSH

11 / 11

$ sikker summary 171.211.125.105

171.211.125.105 has a threat confidence score of 80%. This IP address from China (AS4134, Chinanet) has been observed in 11 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh base64 payload decode stage and validation. First observed on April 2, 2026, most recently active April 2, 2026.

$ sikker behaviors 171.211.125.105catalog →

highSsh Base64 Payload Decode Stage And Validation1x

Identifies SSH sessions where an actor decodes a base64-encoded payload, writes it to a hidden file (commonly in /tmp or /var), and validates its presence. This pattern indicates post-compromise payload staging prior to execution or persistence.

$ sikker primitives 171.211.125.105

ssh_which_command_resolution4 ssh_rm_force_tmp_file_deletion3 ssh_whoami_user_identity2 ssh_pwd_current_directory2 ssh_echo_base64_decode_to_stdout2 ssh_echo_base64_decode_redirect_to_hidden_file2 ssh_ls_hidden_file_in_var_and_tmp_and_echo_exists2 ssh_hostname1 ssh_uname_all1 ssh_ss_socket_count1 ssh_id_identity_query1 ssh_dd_write_speed_test_tmp1 ssh_history_tail_truncation1 ssh_uptime_stderr_suppressed1 ssh_netstat_listen_ports_head1 ssh_cpu_model_name_enumeration1 ssh_env_output_head_truncation1 ssh_ip_route_table_enumeration1 ssh_uname_kernel_release_query1 ssh_echo_chained_literal_output1

$ sikker related 171.211.125.105

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
1.192.212.177	80%	417
59.56.2.84	61%	3
222.176.201.160	23%	1
114.99.127.122	50%	437
59.173.108.169	23%	1

IP Address	Confidence	Events
114.55.137.231	84%	3,863
39.99.214.254	86%	79,764
14.103.115.213	100%	787
1.192.212.177	80%	416
118.145.246.225	94%	19