Check an IP Address, Domain Name, Subnet, or ASN

220.154.136.8 was found in our database!

$ whois 220.154.136.8

country·🇨🇳 China

isp·China Telecom

asn·AS146966

network·Standard

$ sikker risk 220.154.136.8scoring →

confidence

99%Very High

first_seen·Mar 10, 2026

last_seen·7d ago

first_reported·Mar 11, 2026

last_reported·10d ago

sessions·106

events·106

reports·2

$ sikker protocols 220.154.136.8

SSH

50 / 50 / 1r

TELNET

30 / 30 / 1r

HTTPS

12 / 12

HTTP

7 / 7

DOCKER

7 / 7

$ sikker summary 220.154.136.8

220.154.136.8 has a threat confidence score of 99%. This IP address from China (AS146966, China Telecom) has been observed in 106 honeypot sessions and reported 2 times targeting SSH, TELNET, HTTPS, HTTP, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 10, 2026, most recently active March 16, 2026.

$ sikker behaviors 220.154.136.8catalog →

highHttp Mass Web Rce Exploitation Scanning7x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 220.154.136.8

http_method_get294 http_php_echo_md5_hello_phpunit_marker259 telnet_echo_hex_escape_sequence_output50 docker_post_method32 telnet_command_sh24 telnet_command_shell24 telnet_command_enable24 telnet_command_system24 telnet_wget_sh_no_check_certificate_quiet_stdout_exec23 https_body_wget_curl_pipe_to_sh_apache_selfrep18 docker_container_exec_path16 http_body_wget_curl_pipe_to_sh_selfrep14 http_thinkphp_invokefunction_call_user_func_array_md514 http_php_cgi_allow_url_include_auto_prepend_input_injection14 https_php_ini_directive_injection_allow_url_include_auto_prepend_file14 docker_get_method13 https_cgi_bin_percent_encoded_directory_traversal_bin_sh9 docker_exec_start_endpoint8 docker_list_containers_endpoint8 docker_api_ping7

$ sikker reports 220.154.136.8submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 12, 2026, 07:47	Brute Force	SSH	SikkerGuard: 4 blocked packets
User	Mar 11, 2026, 17:24	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 220.154.136.8

🇨🇳·More threats fromChina→AS·More threats fromChina Telecom→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
221.229.106.252	57%	11
221.229.0.88	45%	7
121.237.180.162	74%	48
114.230.235.15	35%	3
121.237.180.222	21%	24

IP Address	Confidence	Events
8.137.53.39	84%	40,859
47.104.14.251	81%	429
112.46.213.189	82%	5
115.190.115.50	97%	1,162
14.103.114.205	100%	627