Check an IP Address, Domain Name, Subnet, or ASN

103.39.221.249 was found in our database!

$ whois 103.39.221.249

country·🇨🇳 China

isp·China Telecom Group

asn·AS4816

network·Standard

$ sikker risk 103.39.221.249scoring →

confidence

96%Very High

first_seen·Feb 19, 2026

last_seen·20d ago

sessions·43

events·43

$ sikker protocols 103.39.221.249

SSH

14 / 14

HTTPS

9 / 9

HTTP

8 / 8

DOCKER

6 / 6

TELNET

6 / 6

$ sikker summary 103.39.221.249

103.39.221.249 has a threat confidence score of 96%. This IP address from China (AS4816, China Telecom Group) has been observed in 43 honeypot sessions targeting SSH, HTTPS, HTTP, DOCKER, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 19, 2026, most recently active March 1, 2026.

$ sikker behaviors 103.39.221.249catalog →

highHttp Mass Web Rce Exploitation Scanning8x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 103.39.221.249

http_method_get336 http_php_echo_md5_hello_phpunit_marker296 docker_post_method18 http_body_wget_curl_pipe_to_sh_selfrep16 https_body_wget_curl_pipe_to_sh_apache_selfrep16 http_thinkphp_invokefunction_call_user_func_array_md516 http_php_shell_exec_base64_decode_cve_2024_4577_attempt16 http_php_cgi_allow_url_include_auto_prepend_input_injection16 https_php_ini_directive_injection_allow_url_include_auto_prepend_file16 docker_container_exec_path12 telnet_echo_hex_escape_sequence_output12 https_path_root8 http_cgi_bin_direct_bin_sh_access8 http_phpunit_eval_stdin_php_path_access8 http_phpunit_license_eval_stdin_path_probe8 http_docker_api_containers_json_path_access8 http_phpunit_util_php_eval_stdin_path_access8 http_root_phpunit_src_eval_stdin_path_access8 http_root_phpunit_util_eval_stdin_path_access8 http_double_vendor_phpunit_eval_stdin_path_probe8

$ sikker related 103.39.221.249

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom Group→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.250.184.6	72%	60
103.191.243.59	78%	253
103.39.213.131	88%	191
103.39.213.200	26%	15
43.254.157.231	29%	94

IP Address	Confidence	Events
117.29.8.219	23%	1
47.120.20.202	82%	40,844
1.85.216.130	26%	1
221.199.73.151	14%	3
112.122.236.149	23%	1