Check an IP Address, Domain Name, Subnet, or ASN

120.241.79.66 was found in our database!

$ whois 120.241.79.66

country·🇨🇳 China

isp·China Mobile communications corporation

asn·AS56040

network·Standard

$ sikker risk 120.241.79.66scoring →

confidence

100%Very High

first_seen·Feb 24, 2026

last_seen·13m ago

first_reported·Mar 3, 2026

last_reported·21d ago

sessions·584

events·584

reports·10

$ sikker protocols 120.241.79.66

SSH

318 / 318 / 6r

TELNET

166 / 166 / 4r

HTTP

36 / 36

DOCKER

34 / 34

HTTPS

30 / 30

$ sikker summary 120.241.79.66

120.241.79.66 has a threat confidence score of 100%. This IP address from China (AS56040, China Mobile communications corporation) has been observed in 584 honeypot sessions and reported 10 times targeting SSH, TELNET, HTTP, DOCKER, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 24, 2026, most recently active April 13, 2026.

$ sikker behaviors 120.241.79.66catalog →

highHttp Mass Web Rce Exploitation Scanning15x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 120.241.79.66

http_method_get911 http_php_echo_md5_hello_phpunit_marker824 telnet_echo_hex_escape_sequence_output273 telnet_command_shell136 telnet_command_sh135 telnet_command_system135 telnet_command_enable134 telnet_wget_sh_no_check_certificate_quiet_stdout_exec133 docker_post_method94 http_body_wget_curl_pipe_to_sh_selfrep68 docker_container_exec_path64 http_php_cgi_allow_url_include_auto_prepend_input_injection59 php_phpunit_md5_marker53 http_thinkphp_invokefunction_call_user_func_array_md536 http_cgi_bin_direct_bin_sh_access35 docker_get_method34 docker_list_containers_endpoint34 http_cgi_bin_percent_encoded_directory_traversal_bin_sh33 docker_exec_start_endpoint30 http_phpunit_eval_stdin_php_path_access27

$ sikker reports 120.241.79.66submit →

Showing 5 of 10 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 08:12	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 20, 2026, 12:24	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 18, 2026, 18:19	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 11, 2026, 22:41	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 10, 2026, 22:54	Brute Force	SSH	SikkerGuard: 2 blocked packets

1 / 2

$ sikker related 120.241.79.66

🇨🇳·More threats fromChina→AS·More threats fromChina Mobile communications corporation→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
36.141.79.94	100%	264
223.104.85.207	43%	1
223.104.72.205	43%	1
223.73.170.69	55%	15
120.232.251.12	19%	6

IP Address	Confidence	Events
8.137.53.39	84%	52,600
117.50.56.96	59%	4
47.120.4.54	86%	5,798
115.190.196.91	96%	416
139.155.83.28	82%	11