Check an IP Address, Domain Name, Subnet, or ASN

194.163.183.223 was found in our database!

$ whois 194.163.183.223

country·🇫🇷 France

city·Lauterbourg

isp·Contabo GmbH

asn·AS51167

network·Standard

$ sikker risk 194.163.183.223scoring →

confidence

99%Very High

first_seen·Mar 9, 2026

last_seen·1h ago

first_reported·Mar 13, 2026

last_reported·6d ago

sessions·76

events·76

reports·1

$ sikker protocols 194.163.183.223

HTTPS

20 / 20

SSH

19 / 19

DOCKER

15 / 15

HTTP

13 / 13 / 1r

TELNET

9 / 9

$ sikker summary 194.163.183.223

194.163.183.223 has a threat confidence score of 99%. This IP address from France (AS51167, Contabo GmbH) has been observed in 76 honeypot sessions and reported 1 times targeting HTTPS, SSH, DOCKER, HTTP, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 9, 2026, most recently active March 19, 2026.

$ sikker behaviors 194.163.183.223catalog →

highHttp Mass Web Rce Exploitation Scanning13x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 194.163.183.223

http_method_get546 http_php_echo_md5_hello_phpunit_marker481 docker_post_method45 https_query_thinkphp_invokefunction_md5_probe40 https_body_wget_curl_pipe_to_sh_apache_selfrep40 https_php_ini_directive_injection_allow_url_include_auto_prepend_file40 docker_container_exec_path30 http_body_wget_curl_pipe_to_sh_selfrep26 http_thinkphp_invokefunction_call_user_func_array_md526 http_php_cgi_allow_url_include_auto_prepend_input_injection26 https_path_root20 https_phpunit_eval_stdin_rce_probe20 https_cgi_bin_percent_encoded_directory_traversal_bin_sh20 telnet_echo_hex_escape_sequence_output16 docker_get_method15 docker_exec_start_endpoint15 docker_list_containers_endpoint15 http_cgi_bin_direct_bin_sh_access13 http_phpunit_eval_stdin_php_path_access13 http_phpunit_license_eval_stdin_path_probe13

$ sikker reports 194.163.183.223submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 13, 2026, 20:37	Brute Force	HTTP	SikkerGuard: 4 blocked packets

$ sikker related 194.163.183.223

🇫🇷·More threats fromFrance→AS·More threats fromContabo GmbH→HTTP·More threats targetingHTTPS→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
173.249.46.143	76%	1,283
173.212.244.151	96%	151
94.72.102.118	95%	605
158.220.86.73	95%	473
173.212.252.39	43%	144

IP Address	Confidence	Events
51.91.168.102	99%	619,777
91.196.152.74	82%	111
51.83.143.139	90%	69,323
91.196.152.73	69%	71
161.97.132.79	98%	62,340