Check an IP Address, Domain Name, Subnet, or ASN

213.199.57.161 was found in our database!

$ whois 213.199.57.161

country·🇫🇷 France

city·Lauterbourg

isp·Contabo GmbH

asn·AS51167

network·Standard

$ sikker risk 213.199.57.161scoring →

confidence

95%Very High

first_seen·Apr 4, 2026

last_seen·6h ago

sessions·4

events·4

$ sikker protocols 213.199.57.161

HTTPS

2 / 2

HTTP

1 / 1

DOCKER

1 / 1

$ sikker summary 213.199.57.161

213.199.57.161 has a threat confidence score of 95%. This IP address from France (AS51167, Contabo GmbH) has been observed in 4 honeypot sessions targeting HTTPS, HTTP, DOCKER protocols. Detected attack patterns include https multi vector web rce and payload execution attempt, http mass web rce exploitation scanning. First observed on April 4, 2026, most recently active April 5, 2026.

$ sikker behaviors 213.199.57.161catalog →

very_highHttps Multi Vector Web Rce And Payload Execution Attempt1x

Sequence of requests including PHPUnit eval-stdin endpoint probing across multiple paths, PHP payload execution markers, PEAR config-create file write attempts, local file inclusion targeting /tmp/index1, direct shell access via /cgi-bin/bin/sh, and payload delivery using wget/curl piped to sh, indicating an automated multi-vector remote code execution and payload deployment attempt.

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 213.199.57.161

php_phpunit_md5_marker74 http_method_get42 http_php_echo_md5_hello_phpunit_marker37 https_index_php_root_request6 https_query_thinkphp_invokefunction_md5_probe4 https_body_wget_curl_pipe_to_sh_apache_selfrep4 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 docker_post_method3 https_path_root2 docker_container_exec_path2 https_hello_world_path_request2 https_public_index_php_request2 https_cgi_bin_sh_execution_request2 https_phpunit_eval_stdin_rce_probe2 https_php_lfi_tmp_index1_file_request2 http_body_wget_curl_pipe_to_sh_selfrep2 php_pearcmd_config_create_md5_hi_marker2 phpunit_eval_stdin_php_header_execution2 https_docker_containers_json_api_request2 https_phpunit_eval_stdin_lib_path_request2

$ sikker related 213.199.57.161

🇫🇷·More threats fromFrance→AS·More threats fromContabo GmbH→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
161.97.164.177	98%	18
194.163.159.77	95%	1,304
94.72.110.157	95%	716
62.171.133.1	96%	16,456
158.220.105.40	91%	8

IP Address	Confidence	Events
54.38.41.116	86%	40,628
137.74.16.110	97%	1,860
51.91.168.102	99%	697,066
51.83.143.139	89%	86,888
5.189.130.33	66%	1,832