Check an IP Address, Domain Name, Subnet, or ASN

117.72.44.129 was found in our database!

$ whois 117.72.44.129

country·🇨🇳 China

isp·China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch

asn·AS141679

network·Standard

$ sikker risk 117.72.44.129scoring →

confidence

72%High

first_seen·Mar 12, 2026

last_seen·1h ago

sessions·11

events·11

$ sikker protocols 117.72.44.129

SSH

6 / 6

HTTPS

2 / 2

HTTP

1 / 1

DOCKER

1 / 1

TELNET

1 / 1

$ sikker summary 117.72.44.129

117.72.44.129 has a threat confidence score of 72%. This IP address from China (AS141679, China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch) has been observed in 11 honeypot sessions targeting SSH, HTTPS, HTTP, DOCKER, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 12, 2026, most recently active March 28, 2026.

$ sikker behaviors 117.72.44.129catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 117.72.44.129

http_method_get42 http_php_echo_md5_hello_phpunit_marker37 https_body_wget_curl_pipe_to_sh_apache_selfrep4 docker_post_method3 docker_container_exec_path2 http_body_wget_curl_pipe_to_sh_selfrep2 telnet_echo_hex_escape_sequence_output2 http_thinkphp_invokefunction_call_user_func_array_md52 https_cgi_bin_percent_encoded_directory_traversal_bin_sh2 http_php_cgi_allow_url_include_auto_prepend_input_injection2 https_php_ini_directive_injection_allow_url_include_auto_prepend_file2 https_path_root1 docker_get_method1 telnet_command_sh1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 docker_exec_start_endpoint1 docker_list_containers_endpoint1 http_cgi_bin_direct_bin_sh_access1

$ sikker related 117.72.44.129

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom Beijing Tianjin Hebei Big Data Industry Park Branch→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
117.72.156.151	89%	83
111.228.28.53	28%	9
117.72.86.161	39%	4
117.72.193.19	30%	2
111.228.24.62	60%	4

IP Address	Confidence	Events
101.126.69.201	100%	520
222.89.169.98	100%	1,363
111.113.9.34	27%	48
36.139.228.248	58%	21
60.161.14.45	55%	614