Check an IP Address, Domain Name, Subnet, or ASN

113.56.161.85 was found in our database!

$ whois 113.56.161.85

country·🇨🇳 China

isp·CHINA UNICOM China169 Backbone

asn·AS4837

network·Standard

$ sikker risk 113.56.161.85scoring →

confidence

96%Very High

first_seen·Mar 12, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·2h ago

sessions·40

events·40

reports·2

$ sikker protocols 113.56.161.85

SSH

24 / 24 / 1r

TELNET

7 / 7 / 1r

HTTP

3 / 3

HTTPS

3 / 3

DOCKER

3 / 3

$ sikker summary 113.56.161.85

113.56.161.85 has a threat confidence score of 96%. This IP address from China (AS4837, CHINA UNICOM China169 Backbone) has been observed in 40 honeypot sessions and reported 2 times targeting SSH, TELNET, HTTP, HTTPS, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 12, 2026, most recently active March 16, 2026.

$ sikker behaviors 113.56.161.85catalog →

highHttp Mass Web Rce Exploitation Scanning3x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 113.56.161.85

http_method_get126 http_php_echo_md5_hello_phpunit_marker111 telnet_echo_hex_escape_sequence_output14 docker_post_method9 telnet_command_sh7 telnet_command_shell7 telnet_command_enable7 telnet_command_system7 telnet_wget_sh_no_check_certificate_quiet_stdout_exec7 docker_container_exec_path6 http_body_wget_curl_pipe_to_sh_selfrep6 https_body_wget_curl_pipe_to_sh_apache_selfrep6 http_thinkphp_invokefunction_call_user_func_array_md56 http_php_cgi_allow_url_include_auto_prepend_input_injection6 https_php_ini_directive_injection_allow_url_include_auto_prepend_file6 https_path_root3 docker_get_method3 docker_exec_start_endpoint3 docker_list_containers_endpoint3 http_cgi_bin_direct_bin_sh_access3

$ sikker reports 113.56.161.85submit →

2 reports from 1 contributor

Date	Category	Protocol	Comment
Mar 16, 2026	Brute Force	SSH	SikkerGuard: 2 blocked packets
Mar 14, 2026	Brute Force	TELNET	SikkerGuard: 4 blocked packets

$ sikker related 113.56.161.85

🇨🇳·More threats fromChina→AS·More threats fromCHINA UNICOM China169 Backbone→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
116.2.87.35	100%	94
121.29.84.6	23%	1
60.13.6.247	23%	1
42.48.38.209	18%	2
122.96.28.67	23%	1

IP Address	Confidence	Events
58.209.234.84	100%	678
106.225.218.43	99%	395
47.111.74.73	84%	2,869
182.40.103.253	100%	1,182
180.76.98.88	100%	860