Check an IP Address, Domain Name, Subnet, or ASN

36.154.50.214 was found in our database!

$ whois 36.154.50.214

country·🇨🇳 China

isp·China Mobile communications corporation

asn·AS56046

network·Standard

$ sikker risk 36.154.50.214scoring →

confidence

100%Very High

first_seen·Feb 12, 2026

last_seen·6h ago

first_reported·Feb 26, 2026

last_reported·28d ago

sessions·299

events·371

reports·3

$ sikker protocols 36.154.50.214

SSH

109 / 110 / 2r

HTTP

53 / 100

HTTPS

51 / 63

TELNET

41 / 53 / 1r

DOCKER

45 / 45

$ sikker summary 36.154.50.214

36.154.50.214 has a threat confidence score of 100%. This IP address from China (AS56046, China Mobile communications corporation) has been observed in 299 honeypot sessions and reported 3 times targeting SSH, HTTP, HTTPS, TELNET, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 12, 2026, most recently active April 15, 2026.

$ sikker behaviors 36.154.50.214catalog →

highHttp Mass Web Rce Exploitation Scanning42x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 36.154.50.214

http_method_get2044 http_php_echo_md5_hello_phpunit_marker1803 php_phpunit_md5_marker254 docker_post_method133 http_body_wget_curl_pipe_to_sh_selfrep106 http_php_cgi_allow_url_include_auto_prepend_input_injection106 http_thinkphp_invokefunction_call_user_func_array_md596 docker_container_exec_path89 telnet_echo_hex_escape_sequence_output78 http_php_shell_exec_base64_decode_cve_2024_4577_attempt54 http_cgi_bin_direct_bin_sh_access53 http_phpunit_eval_stdin_php_path_access53 http_phpunit_util_php_eval_stdin_path_access53 http_phpunit_src_util_php_eval_stdin_path_access53 http_phpunit_legacy_util_php_eval_stdin_path_access53 http_cgi_bin_percent_encoded_directory_traversal_bin_sh53 http_phpunit_license_eval_stdin_path_probe52 https_body_wget_curl_pipe_to_sh_apache_selfrep52 https_php_ini_directive_injection_allow_url_include_auto_prepend_file52 http_double_vendor_phpunit_eval_stdin_path_probe50

$ sikker reports 36.154.50.214submit →

Showing 3 of 3 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 09:18	Brute Force	SSH	SikkerGuard: 4 blocked packets
User	Feb 26, 2026, 22:36	Brute Force	SSH	SikkerGuard: 4 blocked packets
User	Feb 26, 2026, 10:56	Brute Force	TELNET	SikkerGuard: 4 blocked packets

$ sikker related 36.154.50.214

🇨🇳·More threats fromChina→AS·More threats fromChina Mobile communications corporation→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
36.139.35.145	97%	5,642
223.108.176.162	97%	6,046
112.25.140.211	48%	449
223.109.200.241	43%	11
36.213.149.43	48%	2

IP Address	Confidence	Events
8.148.180.18	85%	8,073
175.42.32.205	96%	8,166
36.138.134.121	100%	618
60.12.5.190	49%	456
111.228.34.6	95%	1,254