Check an IP Address, Domain Name, Subnet, or ASN

189.206.96.173 was found in our database!

$ whois 189.206.96.173

country·🇲🇽 Mexico

isp·Alestra, S. de R.L. de C.V.

asn·AS11172

network·Standard

$ sikker risk 189.206.96.173scoring →

confidence

89%Very High

first_seen·Mar 17, 2026

last_seen·1h ago

sessions·13

events·13

$ sikker protocols 189.206.96.173

DOCKER

6 / 6

HTTP

4 / 4

SSH

2 / 2

HTTPS

1 / 1

$ sikker summary 189.206.96.173

189.206.96.173 has a threat confidence score of 89%. This IP address from Mexico (AS11172, Alestra, S. de R.L. de C.V.) has been observed in 13 honeypot sessions targeting DOCKER, HTTP, SSH, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 17, 2026, most recently active March 21, 2026.

$ sikker behaviors 189.206.96.173catalog →

highHttp Mass Web Rce Exploitation Scanning4x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 189.206.96.173

http_method_get168 http_php_echo_md5_hello_phpunit_marker148 docker_post_method18 docker_container_exec_path12 http_body_wget_curl_pipe_to_sh_selfrep8 http_thinkphp_invokefunction_call_user_func_array_md58 http_php_cgi_allow_url_include_auto_prepend_input_injection8 docker_get_method6 docker_exec_start_endpoint6 docker_list_containers_endpoint6 http_cgi_bin_direct_bin_sh_access4 http_phpunit_eval_stdin_php_path_access4 http_phpunit_license_eval_stdin_path_probe4 http_docker_api_containers_json_path_access4 http_phpunit_util_php_eval_stdin_path_access4 http_root_phpunit_src_eval_stdin_path_access4 http_root_phpunit_util_eval_stdin_path_access4 http_double_vendor_phpunit_eval_stdin_path_probe4 http_phpunit_src_util_php_eval_stdin_path_access4 http_root_phpunit_util_php_eval_stdin_path_access4

$ sikker related 189.206.96.173

🇲🇽·More threats fromMexico→AS·More threats fromAlestra, S. de R.L. de C.V.→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
200.52.113.66	88%	64
200.188.91.220	43%	337
200.94.131.82	19%	40
207.248.247.137	25%	58
189.206.101.226	48%	323

IP Address	Confidence	Events
187.191.2.213	100%	5,364
200.79.136.162	32%	101
189.181.245.114	30%	22
189.136.101.142	94%	31
200.124.160.2	42%	351