Check an IP Address, Domain Name, Subnet, or ASN

171.83.24.31 was found in our database!

$ whois 171.83.24.31

country·🇨🇳 China

city·Wuhan

isp·CHINATELECOM Hubei province Wuhan 5G network

asn·AS137266

network·Standard

$ sikker risk 171.83.24.31scoring →

confidence

100%Very High

first_seen·Feb 15, 2026

last_seen·24d ago

sessions·113

events·113

$ sikker protocols 171.83.24.31

SSH

113 / 113

$ sikker summary 171.83.24.31

171.83.24.31 has a threat confidence score of 100%. This IP address from China (AS137266, CHINATELECOM Hubei province Wuhan 5G network) has been observed in 113 honeypot sessions targeting SSH protocols. Detected attack patterns include ssh authorized keys persistence established, ssh automated post compromise recon and persistence chain. First observed on February 15, 2026, most recently active February 26, 2026.

$ sikker behaviors 171.83.24.31catalog →

very_highSsh Authorized Keys Persistence Established29x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

very_highSsh Automated Post Compromise Recon And Persistence Chain1x

Identifies an SSH session performing comprehensive automated host reconnaissance (CPU, memory, disk, processes, users), followed by credential modification and SSH key manipulation consistent with scripted post-compromise takeover and persistence establishment.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 171.83.24.31

unix_home_ssh_directory_attribute_modification_attempt32 ssh_authorized_keys_replacement_home31 ssh_cpuinfo_name_count_via_wc2 ssh_uname_all1 ssh_whoami_user_identity1 ssh_uname_basic_invocation1 ssh_lscpu_model_field_filter1 ssh_crontab_list_current_user1 ssh_uname_machine_architecture1 ssh_cpuinfo_model_name_line_count1 ssh_w_logged_in_users_enumeration1 ssh_free_mem_multi_field_extraction_mb1 ssh_df_head_second_line_field_extraction1 ssh_cpuinfo_model_field_subset_extraction1 ssh_passwd_stdin_password_change_pipeline1 ssh_top_interactive_process_monitor_invocation1 ssh_passwd_noninteractive_stdin_password_change1 ssh_ls_binary_path_resolution_and_metadata_listing1

$ sikker related 171.83.24.31

🇨🇳·More threats fromChina→AS·More threats fromCHINATELECOM Hubei province Wuhan 5G network→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
27.17.208.242	92%	29
171.83.17.126	23%	1
171.83.21.91	81%	8
27.19.172.74	39%	4
171.83.25.254	89%	26

IP Address	Confidence	Events
39.164.94.190	49%	353
47.109.53.221	84%	1,693
112.27.102.29	39%	149
117.48.143.69	82%	2,469
182.40.103.253	100%	1,214