Check an IP Address, Domain Name, Subnet, or ASN

163.7.1.156 was found in our database!

$ whois 163.7.1.156

country·🇮🇩 Indonesia

isp·Byteplus Pte. Ltd.

asn·AS150436

network·Standard

$ sikker risk 163.7.1.156scoring →

confidence

99%Very High

first_seen·Feb 16, 2026

last_seen·1h ago

first_reported·Feb 27, 2026

last_reported·16d ago

sessions·112

events·114

reports·2

$ sikker protocols 163.7.1.156

SSH

44 / 46 / 1r

DOCKER

19 / 19

HTTP

17 / 17

HTTPS

17 / 17

TELNET

15 / 15 / 1r

$ sikker summary 163.7.1.156

163.7.1.156 has a threat confidence score of 99%. This IP address from Indonesia (AS150436, Byteplus Pte. Ltd.) has been observed in 112 honeypot sessions and reported 2 times targeting SSH, DOCKER, HTTP, HTTPS, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 16, 2026, most recently active March 20, 2026.

$ sikker behaviors 163.7.1.156catalog →

highHttp Mass Web Rce Exploitation Scanning13x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 163.7.1.156

http_method_get639 http_php_echo_md5_hello_phpunit_marker565 docker_post_method56 docker_container_exec_path38 http_body_wget_curl_pipe_to_sh_selfrep32 http_php_cgi_allow_url_include_auto_prepend_input_injection32 https_body_wget_curl_pipe_to_sh_apache_selfrep31 http_thinkphp_invokefunction_call_user_func_array_md530 https_php_ini_directive_injection_allow_url_include_auto_prepend_file30 telnet_echo_hex_escape_sequence_output29 http_php_shell_exec_base64_decode_cve_2024_4577_attempt22 https_query_thinkphp_invokefunction_md5_probe20 docker_get_method19 docker_list_containers_endpoint19 docker_exec_start_endpoint18 http_cgi_bin_direct_bin_sh_access16 http_phpunit_eval_stdin_php_path_access16 http_phpunit_license_eval_stdin_path_probe16 http_phpunit_util_php_eval_stdin_path_access16 http_root_phpunit_src_eval_stdin_path_access16

$ sikker reports 163.7.1.156submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 4, 2026, 20:41	Brute Force	TELNET	SikkerGuard: 4 blocked packets
User	Feb 27, 2026, 12:56	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 163.7.1.156

🇮🇩·More threats fromIndonesia→AS·More threats fromByteplus Pte. Ltd.→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
101.47.13.68	90%	27
163.7.6.74	97%	45
101.47.135.95	100%	573
45.78.230.231	100%	701
45.78.194.242	100%	417

IP Address	Confidence	Events
43.129.33.196	96%	949
43.129.50.42	96%	925
43.173.30.16	96%	983
43.133.138.59	96%	949
36.66.16.233	100%	725