Check an IP Address, Domain Name, Subnet, or ASN

171.213.184.120 was found in our database!

$ whois 171.213.184.120

country·🇨🇳 China

city·Chengdu

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 171.213.184.120scoring →

confidence

87%Very High

first_seen·Mar 31, 2026

last_seen·9m ago

sessions·16

events·16

$ sikker protocols 171.213.184.120

MSSQL

13 / 13

SMB

3 / 3

$ sikker summary 171.213.184.120

171.213.184.120 has a threat confidence score of 87%. This IP address from China (AS4134, Chinanet) has been observed in 16 honeypot sessions targeting MSSQL, SMB protocols. Detected attack patterns include smb remcom remote command execution. First observed on March 31, 2026, most recently active April 1, 2026.

$ sikker behaviors 171.213.184.120catalog →

very_highSmb Remcom Remote Command Execution2x

Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.

$ sikker primitives 171.213.184.120

smb_empty_rpc_call2 smb_ipc_share_access2 smb_remcom_pipe_open2 smb_svcctl_pipe_open2 smb_remcom_named_pipe_communication2

$ sikker related 171.213.184.120

🇨🇳·More threats fromChina→AS·More threats fromChinanet→MSSQ·More threats targetingMSSQL→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
59.52.92.98	46%	452
14.29.170.54	100%	723
59.173.110.7	23%	1
222.185.236.166	52%	222
58.209.82.184	100%	734

IP Address	Confidence	Events
8.130.126.61	82%	20,004
8.134.159.4	94%	647
112.46.214.42	97%	3,274
47.109.53.221	84%	10,631
221.15.77.215	99%	9