Check an IP Address, Domain Name, Subnet, or ASN

183.56.235.140 was found in our database!

$ whois 183.56.235.140

country·🇨🇳 China

city·Guangzhou

isp·China Telecom

asn·AS135089

network·Standard

$ sikker risk 183.56.235.140scoring →

confidence

86%Very High

first_seen·Mar 31, 2026

last_seen·1h ago

sessions·11

events·11

$ sikker protocols 183.56.235.140

SSH

6 / 6

HTTP

2 / 2

TELNET

2 / 2

HTTPS

1 / 1

$ sikker summary 183.56.235.140

183.56.235.140 has a threat confidence score of 86%. This IP address from China (AS135089, China Telecom) has been observed in 11 honeypot sessions targeting SSH, HTTP, TELNET, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 31, 2026, most recently active April 2, 2026.

$ sikker behaviors 183.56.235.140catalog →

highHttp Mass Web Rce Exploitation Scanning2x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 183.56.235.140

http_method_get84 http_php_echo_md5_hello_phpunit_marker74 http_body_wget_curl_pipe_to_sh_selfrep4 telnet_echo_hex_escape_sequence_output4 http_thinkphp_invokefunction_call_user_func_array_md54 http_php_cgi_allow_url_include_auto_prepend_input_injection4 telnet_command_sh2 telnet_command_shell2 telnet_command_enable2 telnet_command_system2 http_cgi_bin_direct_bin_sh_access2 http_phpunit_eval_stdin_php_path_access2 http_phpunit_license_eval_stdin_path_probe2 http_docker_api_containers_json_path_access2 http_phpunit_util_php_eval_stdin_path_access2 http_root_phpunit_src_eval_stdin_path_access2 http_root_phpunit_util_eval_stdin_path_access2 https_query_thinkphp_invokefunction_md5_probe2 https_body_wget_curl_pipe_to_sh_apache_selfrep2 http_double_vendor_phpunit_eval_stdin_path_probe2

$ sikker related 183.56.235.140

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
183.56.216.153	100%	682
183.56.243.176	93%	5,736
14.18.122.240	100%	282
183.56.241.96	97%	41
183.56.199.196	97%	37

IP Address	Confidence	Events
8.138.98.143	86%	3,191
36.104.147.6	100%	776
114.98.230.202	100%	858
112.46.214.7	88%	2,617
220.205.122.34	100%	779