Check an IP Address, Domain Name, Subnet, or ASN

193.36.85.146 was found in our database!

$ whois 193.36.85.146

country·🇩🇪 Germany

city·Frankfurt am Main

isp·BitCommand LLC

asn·AS212552

network·Standard

$ sikker risk 193.36.85.146scoring →

confidence

86%Very High

first_seen·Feb 26, 2026

last_seen·22d ago

sessions·9

events·9

$ sikker protocols 193.36.85.146

SSH

4 / 4

HTTP

2 / 2

DOCKER

2 / 2

TELNET

1 / 1

$ sikker summary 193.36.85.146

193.36.85.146 has a threat confidence score of 86%. This IP address from Germany (AS212552, BitCommand LLC) has been observed in 9 honeypot sessions targeting SSH, HTTP, DOCKER, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 26, 2026, most recently active February 27, 2026.

$ sikker behaviors 193.36.85.146catalog →

highHttp Mass Web Rce Exploitation Scanning2x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 193.36.85.146

http_method_get84 http_php_echo_md5_hello_phpunit_marker74 docker_post_method6 docker_container_exec_path4 http_body_wget_curl_pipe_to_sh_selfrep4 http_thinkphp_invokefunction_call_user_func_array_md54 http_php_shell_exec_base64_decode_cve_2024_4577_attempt4 http_php_cgi_allow_url_include_auto_prepend_input_injection4 docker_get_method2 docker_exec_start_endpoint2 docker_list_containers_endpoint2 http_cgi_bin_direct_bin_sh_access2 telnet_echo_hex_escape_sequence_output2 http_phpunit_eval_stdin_php_path_access2 http_phpunit_license_eval_stdin_path_probe2 http_docker_api_containers_json_path_access2 http_phpunit_util_php_eval_stdin_path_access2 http_root_phpunit_src_eval_stdin_path_access2 http_root_phpunit_util_eval_stdin_path_access2 http_double_vendor_phpunit_eval_stdin_path_probe2

$ sikker related 193.36.85.146

🇩🇪·More threats fromGermany→AS·More threats fromBitCommand LLC→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
156.253.5.146	100%	211
82.115.19.29	75%	4
141.98.210.23	96%	45
82.115.16.205	85%	11
193.163.201.149	91%	17

IP Address	Confidence	Events
62.171.133.1	95%	7,649
194.164.195.247	99%	95
152.53.191.128	83%	54,026
62.171.129.237	99%	63,264
49.51.169.239	96%	2,223