Check an IP Address, Domain Name, Subnet, or ASN

178.104.130.179 was found in our database!

$ whois 178.104.130.179

country·🇩🇪 Germany

network·Standard

$ sikker risk 178.104.130.179scoring →

confidence

88%Very High

first_seen·Apr 15, 2026

last_seen·39m ago

sessions·4

events·4

$ sikker protocols 178.104.130.179

HTTPS

2 / 2

HTTP

1 / 1

TELNET

1 / 1

$ sikker summary 178.104.130.179

178.104.130.179 has a threat confidence score of 88%. This IP address from Germany has been observed in 4 honeypot sessions targeting HTTPS, HTTP, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 15, 2026, most recently active April 15, 2026.

$ sikker behaviors 178.104.130.179catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 178.104.130.179

php_phpunit_md5_marker74 http_method_get42 http_php_echo_md5_hello_phpunit_marker37 https_index_php_root_request6 https_query_thinkphp_invokefunction_md5_probe4 https_body_wget_curl_pipe_to_sh_apache_selfrep4 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 https_path_root2 https_hello_world_path_request2 https_public_index_php_request2 https_cgi_bin_sh_execution_request2 https_phpunit_eval_stdin_rce_probe2 https_php_lfi_tmp_index1_file_request2 http_body_wget_curl_pipe_to_sh_selfrep2 telnet_echo_hex_escape_sequence_output2 php_pearcmd_config_create_md5_hi_marker2 phpunit_eval_stdin_php_header_execution2 https_docker_containers_json_api_request2 https_phpunit_eval_stdin_lib_path_request2 https_phpunit_eval_stdin_license_path_request2

$ sikker related 178.104.130.179

🇩🇪·More threats fromGermany→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
152.70.29.221	97%	7,849
212.132.118.184	94%	1,462
158.173.154.36	85%	20,125
144.24.167.42	97%	5,887
158.173.154.29	86%	4,498