Check an IP Address, Domain Name, Subnet, or ASN

178.104.59.17 was found in our database!

$ whois 178.104.59.17

country·🇩🇪 Germany

network·Standard

$ sikker risk 178.104.59.17scoring →

confidence

97%Very High

first_seen·Mar 18, 2026

last_seen·3h ago

first_reported·Mar 19, 2026

last_reported·1d ago

sessions·18

events·18

reports·2

$ sikker protocols 178.104.59.17

HTTP

5 / 5 / 1r

HTTPS

4 / 4

DOCKER

4 / 4

TELNET

3 / 3 / 1r

SSH

2 / 2

$ sikker summary 178.104.59.17

178.104.59.17 has a threat confidence score of 97%. This IP address from Germany has been observed in 18 honeypot sessions and reported 2 times targeting HTTP, HTTPS, DOCKER, TELNET, SSH protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 18, 2026, most recently active March 21, 2026.

$ sikker behaviors 178.104.59.17catalog →

highHttp Mass Web Rce Exploitation Scanning5x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 178.104.59.17

http_method_get210 http_php_echo_md5_hello_phpunit_marker185 docker_post_method12 http_body_wget_curl_pipe_to_sh_selfrep10 http_thinkphp_invokefunction_call_user_func_array_md510 http_php_cgi_allow_url_include_auto_prepend_input_injection10 docker_container_exec_path8 https_query_thinkphp_invokefunction_md5_probe8 https_body_wget_curl_pipe_to_sh_apache_selfrep8 https_php_ini_directive_injection_allow_url_include_auto_prepend_file8 http_cgi_bin_direct_bin_sh_access5 telnet_echo_hex_escape_sequence_output5 http_phpunit_eval_stdin_php_path_access5 http_phpunit_license_eval_stdin_path_probe5 http_docker_api_containers_json_path_access5 http_phpunit_util_php_eval_stdin_path_access5 http_root_phpunit_src_eval_stdin_path_access5 http_root_phpunit_util_eval_stdin_path_access5 http_double_vendor_phpunit_eval_stdin_path_probe5 http_phpunit_src_util_php_eval_stdin_path_access5

$ sikker reports 178.104.59.17submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 03:49	Brute Force	TELNET	SikkerGuard: 4 blocked packets
User	Mar 19, 2026, 16:07	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 178.104.59.17

🇩🇪·More threats fromGermany→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
62.171.133.1	95%	7,677
49.51.169.239	96%	2,255
68.183.217.184	97%	33
3.76.217.234	44%	4
5.83.144.23	79%	352