Confidence Level

88%

Very High?

Geolocation

🇫🇷

FranceLauterbourg

ISPContabo GmbH

ASNAS51167

Activity Timeline

First seenMar 6, 2026, 04:24 AM

Last seen2h ago

11Sessions

11Events

Protocol Breakdown

SSH

4 / 4

HTTPS

3 / 3

HTTP

2 / 2

DOCKER

2 / 2

161.97.173.52 has a very high threat confidence level of 88%, originating from Lauterbourg, France, on the Contabo GmbH network (51167). It has been observed across 11 sessions targeting SSH, HTTPS, HTTP, DOCKER, with detected attack patterns including http mass web rce exploitation scanning, First observed on March 6, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Http Mass Web Rce Exploitation Scanning

high2x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

Primitives

Individual actions observed

Http Method Get84 Http Php Echo Md5 Hello Phpunit Marker74 Docker Post Method6 Https Query Thinkphp Invokefunction Md5 Probe6 Https Body Wget Curl Pipe To Sh Apache Selfrep6 Https Php Ini Directive Injection Allow Url Include Auto Prepend File6 Docker Container Exec Path4 Http Body Wget Curl Pipe To Sh Selfrep4 Http Thinkphp Invokefunction Call User Func Array Md54 Http Php Cgi Allow Url Include Auto Prepend Input Injection4 Https Path Root3 Https Phpunit Eval Stdin Rce Probe3 Https Cgi Bin Percent Encoded Directory Traversal Bin Sh3 Docker Get Method2 Docker Exec Start Endpoint2 Docker List Containers Endpoint2 Http Cgi Bin Direct Bin Sh Access2 Http Phpunit Eval Stdin Php Path Access2 Http Phpunit License Eval Stdin Path Probe2 Http Docker Api Containers Json Path Access2

Related Threats

Explore related threat intelligence

🇫🇷More threats fromFrance ASMore threats fromContabo GmbH SSHMore threats targetingSSH HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP DOCKERMore threats targetingDOCKER { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
109.199.114.34	53%	367
62.171.129.237	99%	56,780
161.97.132.79	98%	56,499
173.249.50.59	100%	671
62.171.133.1	82%	4,994

IP Address	Confidence	Events
51.91.168.102	99%	530,314
5.39.101.60	100%	37,039
51.83.143.139	90%	50,706
109.199.114.34	53%	367
91.196.152.104	68%	88