Confidence Level

97%

Very High?

Geolocation

🇫🇷

FranceLauterbourg

ISPContabo GmbH

ASNAS51167

Activity Timeline

First seenFeb 28, 2026, 12:32 PM

Last seen25m ago

107Sessions

107Events

Protocol Breakdown

SSH

32 / 32

HTTPS

30 / 30

DOCKER

24 / 24

HTTP

18 / 18

TELNET

3 / 3

144.91.93.174 has a very high threat confidence level of 97%, originating from Lauterbourg, France, on the Contabo GmbH network (51167). It has been observed across 107 sessions targeting SSH, HTTPS, DOCKER, HTTP, TELNET, with detected attack patterns including http mass web rce exploitation scanning, First observed on February 28, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Http Mass Web Rce Exploitation Scanning

high6x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

Primitives

Individual actions observed

Http Method Get756 Http Php Echo Md5 Hello Phpunit Marker666 Docker Post Method72 Https Body Wget Curl Pipe To Sh Apache Selfrep60 Https Php Ini Directive Injection Allow Url Include Auto Prepend File60 Https Query Thinkphp Invokefunction Md5 Probe56 Docker Container Exec Path48 Http Body Wget Curl Pipe To Sh Selfrep36 Http Thinkphp Invokefunction Call User Func Array Md536 Http Php Cgi Allow Url Include Auto Prepend Input Injection36 Https Path Root30 Https Phpunit Eval Stdin Rce Probe30 Http Php Shell Exec Base64 Decode Cve 2024 4577 Attempt30 Https Cgi Bin Percent Encoded Directory Traversal Bin Sh30 Docker Get Method24 Docker Exec Start Endpoint24 Docker List Containers Endpoint24 Http Cgi Bin Direct Bin Sh Access18 Http Phpunit Eval Stdin Php Path Access18 Http Phpunit License Eval Stdin Path Probe18

Related Threats

Explore related threat intelligence

🇫🇷More threats fromFrance ASMore threats fromContabo GmbH SSHMore threats targetingSSH HTTPSMore threats targetingHTTPS DOCKERMore threats targetingDOCKER HTTPMore threats targetingHTTP TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
62.171.129.237	99%	56,774
161.97.132.79	98%	56,493
158.220.99.197	88%	10
161.97.67.38	90%	8
173.212.228.191	100%	638

IP Address	Confidence	Events
51.91.168.102	99%	530,314
5.39.101.60	100%	37,039
51.83.143.139	90%	50,706
109.199.114.34	53%	367
91.196.152.104	68%	88