Check an IP Address, Domain Name, Subnet, or ASN

194.163.148.66 was found in our database!

$ whois 194.163.148.66

country·🇫🇷 France

city·Lauterbourg

isp·Contabo GmbH

asn·AS51167

network·Standard

$ sikker risk 194.163.148.66scoring →

confidence

94%Very High

first_seen·Feb 19, 2026

last_seen·28d ago

first_reported·Mar 11, 2026

last_reported·Mar 11, 2026

sessions·13

events·13

reports·1

$ sikker protocols 194.163.148.66

HTTP

7 / 7 / 1r

TELNET

6 / 6

$ sikker summary 194.163.148.66

194.163.148.66 has a threat confidence score of 94%. This IP address from France (AS51167, Contabo GmbH) has been observed in 13 honeypot sessions and reported 1 times targeting HTTP, TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt, http goform webslogin probe and auth attempt. First observed on February 19, 2026, most recently active March 17, 2026.

$ sikker behaviors 194.163.148.66catalog →

highTelnet Shell Escalation With Busybox Execution Attempt5x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

highHttp Goform Webslogin Probe And Auth Attempt1x

Sequence of requests including probing activity and access to /goform/websLogin, followed by a credential submission (user_name and password), indicating an authentication attempt against a router or embedded device login endpoint.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 194.163.148.66

telnet_command_shell6 telnet_command_enable6 telnet_command_system6 telnet_busybox_unknown_applet_invocation6 telnet_command_sh5 http_method_get1 http_path_bad_request1 http_goform_webslogin_request1 http_goform_webslogin_credentials_post1

$ sikker reports 194.163.148.66submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 11, 2026, 12:24	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 194.163.148.66

🇫🇷·More threats fromFrance→AS·More threats fromContabo GmbH→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
94.72.99.244	94%	83
149.102.135.125	96%	1,239
157.173.117.246	96%	1,024
158.220.86.73	95%	2,769
94.72.102.118	95%	3,264

IP Address	Confidence	Events
54.38.41.116	85%	45,491
184.174.37.124	96%	1,061
185.107.80.93	94%	1,644
51.83.143.139	89%	96,210
75.119.156.101	96%	1,251