Check an IP Address, Domain Name, Subnet, or ASN

163.7.6.154 was found in our database!

$ whois 163.7.6.154

country·🇮🇩 Indonesia

isp·Byteplus Pte. Ltd.

asn·AS150436

network·Standard

$ sikker risk 163.7.6.154scoring →

confidence

94%Very High

first_seen·Feb 26, 2026

last_seen·1h ago

first_reported·Mar 5, 2026

last_reported·4d ago

sessions·74

events·74

reports·2

$ sikker protocols 163.7.6.154

SSH

30 / 30 / 1r

TELNET

15 / 15

HTTP

11 / 11 / 1r

HTTPS

11 / 11

DOCKER

7 / 7

$ sikker summary 163.7.6.154

163.7.6.154 has a threat confidence score of 94%. This IP address from Indonesia (AS150436, Byteplus Pte. Ltd.) has been observed in 74 honeypot sessions and reported 2 times targeting SSH, TELNET, HTTP, HTTPS, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 26, 2026, most recently active March 20, 2026.

$ sikker behaviors 163.7.6.154catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 163.7.6.154

http_method_get88 http_php_echo_md5_hello_phpunit_marker83 telnet_echo_hex_escape_sequence_output24 https_body_wget_curl_pipe_to_sh_apache_selfrep20 https_php_ini_directive_injection_allow_url_include_auto_prepend_file20 docker_post_method18 http_body_wget_curl_pipe_to_sh_selfrep18 http_php_cgi_allow_url_include_auto_prepend_input_injection15 telnet_command_shell12 telnet_command_enable12 telnet_command_system12 docker_container_exec_path12 telnet_wget_sh_no_check_certificate_quiet_stdout_exec12 telnet_command_sh11 https_path_root10 http_cgi_bin_direct_bin_sh_access10 https_cgi_bin_percent_encoded_directory_traversal_bin_sh10 https_phpunit_eval_stdin_rce_probe8 http_cgi_bin_percent_encoded_directory_traversal_bin_sh8 docker_get_method7

$ sikker reports 163.7.6.154submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 07:53	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 5, 2026, 06:11	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 163.7.6.154

🇮🇩·More threats fromIndonesia→AS·More threats fromByteplus Pte. Ltd.→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
163.7.8.90	83%	7
150.5.135.108	78%	101
45.78.207.244	100%	526
163.7.9.54	91%	27
163.7.3.156	96%	66

IP Address	Confidence	Events
43.129.53.179	96%	688
43.133.139.204	96%	872
103.183.10.67	100%	21
43.157.224.94	96%	955
43.129.33.196	96%	882