Check an IP Address, Domain Name, Subnet, or ASN

167.86.121.168 was found in our database!

$ whois 167.86.121.168

country·🇫🇷 France

city·Lauterbourg

isp·Contabo GmbH

asn·AS51167

network·Standard

$ sikker risk 167.86.121.168scoring →

confidence

100%Very High

first_seen·Feb 19, 2026

last_seen·10d ago

first_reported·Mar 19, 2026

last_reported·18d ago

sessions·348

events·348

reports·1

$ sikker protocols 167.86.121.168

TELNET

295 / 295

HTTP

48 / 48 / 1r

HTTPS

5 / 5

$ sikker summary 167.86.121.168

167.86.121.168 has a threat confidence score of 100%. This IP address from France (AS51167, Contabo GmbH) has been observed in 348 honeypot sessions and reported 1 times targeting TELNET, HTTP, HTTPS protocols. Detected attack patterns include http cgibin mainfunction wget mips exec, telnet shell escalation with busybox execution attempt. First observed on February 19, 2026, most recently active March 27, 2026.

$ sikker behaviors 167.86.121.168catalog →

very_highHttp Cgibin Mainfunction Wget Mips Exec1x

HTTP GET request to /cgibin/mainfunction.cgi with action=login and keyPath executing wget of memory_load.mips followed by chmod 777 and shell execution.

highTelnet Shell Escalation With Busybox Execution Attempt209x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 167.86.121.168

telnet_command_sh212 telnet_command_shell212 telnet_command_enable212 telnet_command_system212 telnet_busybox_unknown_applet_invocation212 http_method_get1 http_path_cgibin_mainfunction_cgi_action_login_keypath_wget_memory_load_mips1

$ sikker reports 167.86.121.168submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 15:01	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 167.86.121.168

🇫🇷·More threats fromFrance→AS·More threats fromContabo GmbH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
173.249.52.138	100%	1,065
173.212.244.151	100%	25,274
94.72.102.118	95%	2,251
194.180.176.29	95%	815
95.111.232.10	99%	241

IP Address	Confidence	Events
173.249.52.138	100%	1,065
20.216.162.218	89%	18
37.58.136.133	100%	1,135
87.106.25.167	99%	350
92.205.106.42	61%	28