Check an IP Address, Domain Name, Subnet, or ASN

190.173.52.2 was found in our database!

$ whois 190.173.52.2

country·🇦🇷 Argentina

city·San Luis

isp·Telefonica de Argentina

asn·AS22927

network·Standard

$ sikker risk 190.173.52.2scoring →

confidence

64%High

first_seen·Mar 21, 2026

last_seen·1h ago

sessions·1

events·1

$ sikker protocols 190.173.52.2

HTTP

1 / 1

$ sikker summary 190.173.52.2

190.173.52.2 has a threat confidence score of 64%. This IP address from Argentina (AS22927, Telefonica de Argentina) has been observed in 1 honeypot sessions targeting HTTP protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 21, 2026, most recently active March 21, 2026.

$ sikker behaviors 190.173.52.2catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 190.173.52.2

http_method_get42 http_php_echo_md5_hello_phpunit_marker37 http_body_wget_curl_pipe_to_sh_selfrep2 http_thinkphp_invokefunction_call_user_func_array_md52 http_php_cgi_allow_url_include_auto_prepend_input_injection2 http_cgi_bin_direct_bin_sh_access1 http_phpunit_eval_stdin_php_path_access1 http_phpunit_license_eval_stdin_path_probe1 http_docker_api_containers_json_path_access1 http_phpunit_util_php_eval_stdin_path_access1 http_root_phpunit_src_eval_stdin_path_access1 http_root_phpunit_util_eval_stdin_path_access1 http_double_vendor_phpunit_eval_stdin_path_probe1 http_phpunit_src_util_php_eval_stdin_path_access1 http_root_phpunit_util_php_eval_stdin_path_access1 http_lang_parameter_deep_path_traversal_tmp_index11 http_pearcmd_config_create_path_traversal_md5_write1 http_phpunit_legacy_util_php_eval_stdin_path_access1 http_root_phpunit_src_util_php_eval_stdin_path_access1 http_cgi_bin_percent_encoded_directory_traversal_bin_sh1

$ sikker related 190.173.52.2

🇦🇷·More threats fromArgentina→AS·More threats fromTelefonica de Argentina→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
186.39.121.102	98%	25
181.23.110.237	70%	80
190.178.28.224	35%	3
186.57.137.136	72%	4
181.24.64.63	39%	4

IP Address	Confidence	Events
66.97.45.164	51%	4
190.3.115.218	78%	11
170.155.12.21	46%	407
170.155.12.2	54%	819
200.110.180.14	33%	2