Check an IP Address, Domain Name, Subnet, or ASN

81.71.158.242 was found in our database!

$ whois 81.71.158.242

country·🇨🇳 China

city·Guangzhou

isp·Shenzhen Tencent Computer Systems Company Limited

asn·AS45090

network·Standard

$ sikker risk 81.71.158.242scoring →

confidence

96%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·56

events·323

$ sikker protocols 81.71.158.242

HTTPS

10 / 175

TELNET

13 / 60

DOCKER

14 / 49

SSH

18 / 38

HTTP

1 / 1

$ sikker summary 81.71.158.242

81.71.158.242 has a threat confidence score of 96%. This IP address from China (AS45090, Shenzhen Tencent Computer Systems Company Limited) has been observed in 56 honeypot sessions targeting HTTPS, TELNET, DOCKER, SSH, HTTP protocols. Detected attack patterns include docker remote exec via api, http mass web rce exploitation scanning. First observed on January 23, 2026, most recently active April 1, 2026.

$ sikker behaviors 81.71.158.242catalog →

highDocker Remote Exec Via Api7x

Unauthenticated or externally triggered interaction with the Docker Engine HTTP API resulting in container enumeration (GET /containers/json) followed by multiple POST /containers/{id}/exec and /exec/{id}/start calls. This pattern strongly indicates remote command execution inside running containers through the Docker daemon. In honeypot telemetry this is typically associated with attackers abusing exposed Docker sockets (2375/2376) to gain execution, deploy payloads, or stage further compromise.

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 81.71.158.242

http_method_get42 docker_post_method42 http_php_echo_md5_hello_phpunit_marker37 docker_container_exec_path28 telnet_echo_hex_escape_sequence_output26 docker_get_method14 docker_exec_start_endpoint14 docker_list_containers_endpoint14 https_body_wget_curl_pipe_to_sh_apache_selfrep14 https_php_ini_directive_injection_allow_url_include_auto_prepend_file14 telnet_command_sh13 telnet_command_shell13 telnet_command_enable13 telnet_command_system13 telnet_wget_sh_no_check_certificate_quiet_stdout_exec13 https_query_thinkphp_invokefunction_md5_probe10 ssh_password_authenthication.8 https_path_root7 https_phpunit_eval_stdin_rce_probe7 https_cgi_bin_percent_encoded_directory_traversal_bin_sh7

$ sikker related 81.71.158.242

🇨🇳·More threats fromChina→AS·More threats fromShenzhen Tencent Computer Systems Company Limited→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→DOCK·More threats targetingDOCKER→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
139.199.80.137	86%	109,107
175.24.174.41	59%	242
101.35.251.162	24%	15
192.144.228.217	75%	4
43.138.40.107	93%	80

IP Address	Confidence	Events
120.48.199.28	93%	8,324
39.99.214.254	86%	78,482
118.196.30.45	100%	421
180.76.236.214	100%	293
139.199.80.137	86%	109,112