Check an IP Address, Domain Name, Subnet, or ASN

2.26.81.183 was found in our database!

$ whois 2.26.81.183

country·🇬🇧 United Kingdom

city·Sheffield

isp·British Telecommunications PLC

asn·AS2856

network·Standard

$ sikker risk 2.26.81.183scoring →

confidence

98%Very High

first_seen·Apr 8, 2026

last_seen·2h ago

first_reported·Apr 12, 2026

last_reported·2d ago

sessions·36

events·36

reports·1

$ sikker protocols 2.26.81.183

SSH

17 / 17 / 1r

TELNET

9 / 9

HTTP

8 / 8

HTTPS

2 / 2

$ sikker summary 2.26.81.183

2.26.81.183 has a threat confidence score of 98%. This IP address from United Kingdom (AS2856, British Telecommunications PLC) has been observed in 36 honeypot sessions and reported 1 times targeting SSH, TELNET, HTTP, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 8, 2026, most recently active April 14, 2026.

$ sikker behaviors 2.26.81.183catalog →

highHttp Mass Web Rce Exploitation Scanning7x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 2.26.81.183

http_method_get335 http_php_echo_md5_hello_phpunit_marker296 php_phpunit_md5_marker39 telnet_echo_hex_escape_sequence_output17 http_body_wget_curl_pipe_to_sh_selfrep16 http_thinkphp_invokefunction_call_user_func_array_md516 http_php_cgi_allow_url_include_auto_prepend_input_injection16 telnet_command_sh9 telnet_command_shell9 telnet_wget_sh_no_check_certificate_quiet_stdout_exec9 telnet_command_enable8 telnet_command_system8 http_cgi_bin_direct_bin_sh_access8 http_phpunit_eval_stdin_php_path_access8 http_phpunit_license_eval_stdin_path_probe8 http_phpunit_util_php_eval_stdin_path_access8 http_root_phpunit_src_eval_stdin_path_access8 http_root_phpunit_util_eval_stdin_path_access8 http_double_vendor_phpunit_eval_stdin_path_probe8 http_phpunit_src_util_php_eval_stdin_path_access8

$ sikker reports 2.26.81.183submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	Apr 12, 2026, 21:51	Brute Force	SSH	—

$ sikker related 2.26.81.183

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromBritish Telecommunications PLC→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
31.96.69.224	21%	69
31.94.66.191	35%	3
109.147.181.72	72%	2
5.80.163.7	73%	11
86.188.222.131	45%	30

IP Address	Confidence	Events
64.89.163.131	100%	48,087
185.247.137.117	92%	569
185.247.137.110	95%	582
2.58.203.191	94%	665
193.104.222.13	97%	1,084