Check an IP Address, Domain Name, Subnet, or ASN

106.13.224.150 was found in our database!

$ whois 106.13.224.150

country·🇨🇳 China

isp·Beijing Baidu Netcom Science and Technology Co., Ltd.

asn·AS38365

network·Standard

$ sikker risk 106.13.224.150scoring →

confidence

99%Very High

first_seen·Mar 17, 2026

last_seen·7m ago

first_reported·Mar 19, 2026

last_reported·13h ago

sessions·57

events·57

reports·2

$ sikker protocols 106.13.224.150

SSH

30 / 30 / 1r

DOCKER

10 / 10

HTTP

9 / 9

HTTPS

5 / 5

TELNET

3 / 3 / 1r

$ sikker summary 106.13.224.150

106.13.224.150 has a threat confidence score of 99%. This IP address from China (AS38365, Beijing Baidu Netcom Science and Technology Co., Ltd.) has been observed in 57 honeypot sessions and reported 2 times targeting SSH, DOCKER, HTTP, HTTPS, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 17, 2026, most recently active March 20, 2026.

$ sikker behaviors 106.13.224.150catalog →

highHttp Mass Web Rce Exploitation Scanning9x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 106.13.224.150

http_method_get378 http_php_echo_md5_hello_phpunit_marker333 docker_post_method30 docker_container_exec_path20 http_body_wget_curl_pipe_to_sh_selfrep18 http_thinkphp_invokefunction_call_user_func_array_md518 http_php_cgi_allow_url_include_auto_prepend_input_injection18 docker_get_method10 docker_exec_start_endpoint10 docker_list_containers_endpoint10 https_body_wget_curl_pipe_to_sh_apache_selfrep10 https_php_ini_directive_injection_allow_url_include_auto_prepend_file10 http_cgi_bin_direct_bin_sh_access9 http_phpunit_eval_stdin_php_path_access9 http_phpunit_license_eval_stdin_path_probe9 http_docker_api_containers_json_path_access9 http_phpunit_util_php_eval_stdin_path_access9 http_root_phpunit_src_eval_stdin_path_access9 http_root_phpunit_util_eval_stdin_path_access9 http_double_vendor_phpunit_eval_stdin_path_probe9

$ sikker reports 106.13.224.150submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 03:14	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 19, 2026, 16:52	Brute Force	SSH	SikkerGuard: 4 blocked packets

$ sikker related 106.13.224.150

🇨🇳·More threats fromChina→AS·More threats fromBeijing Baidu Netcom Science and Technology Co., Ltd.→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
180.76.232.81	96%	223
106.13.124.241	70%	423
106.13.114.161	100%	630
120.48.165.96	94%	332
120.48.123.76	100%	1,304

IP Address	Confidence	Events
36.212.221.214	95%	109
120.48.122.158	100%	567
175.178.128.197	95%	535
203.189.195.8	100%	779
220.181.1.163	100%	2,612