Check an IP Address, Domain Name, Subnet, or ASN

117.80.237.11 was found in our database!

$ whois 117.80.237.11

country·🇨🇳 China

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 117.80.237.11scoring →

confidence

88%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Feb 26, 2026

last_reported·20d ago

sessions·79

events·128

reports·2

$ sikker protocols 117.80.237.11

SSH

45 / 60

TELNET

15 / 37 / 2r

HTTPS

7 / 14

DOCKER

6 / 9

HTTP

6 / 8

$ sikker summary 117.80.237.11

117.80.237.11 has a threat confidence score of 88%. This IP address from China (AS4134, Chinanet) has been observed in 79 honeypot sessions and reported 2 times targeting SSH, TELNET, HTTPS, DOCKER, HTTP protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on January 23, 2026, most recently active March 25, 2026.

$ sikker behaviors 117.80.237.11catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 117.80.237.11

http_method_get42 http_php_echo_md5_hello_phpunit_marker37 telnet_echo_hex_escape_sequence_output7 docker_get_method5 docker_list_containers_endpoint5 docker_post_method4 http_body_wget_curl_pipe_to_sh_selfrep4 https_body_wget_curl_pipe_to_sh_apache_selfrep4 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 telnet_command_sh3 telnet_command_shell3 telnet_command_enable3 telnet_command_system3 docker_container_exec_path3 ssh_password_authenthication.3 telnet_wget_sh_no_check_certificate_quiet_stdout_exec3 https_path_root2 http_cgi_bin_direct_bin_sh_access2 https_phpunit_eval_stdin_rce_probe2 http_thinkphp_invokefunction_call_user_func_array_md52

$ sikker reports 117.80.237.11submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 4, 2026, 20:11	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Feb 26, 2026, 18:26	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 117.80.237.11

🇨🇳·More threats fromChina→AS·More threats fromChinanet→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
220.178.8.154	93%	500
106.4.161.63	23%	1
59.173.108.18	23%	1
175.30.48.232	13%	2
222.94.32.219	23%	1

IP Address	Confidence	Events
8.162.14.145	84%	26,977
8.137.53.39	84%	42,886
47.120.20.202	82%	44,278
153.37.76.34	94%	531
123.188.239.125	97%	3,406