Check an IP Address, Domain Name, Subnet, or ASN

216.167.92.154 was found in our database!

$ whois 216.167.92.154

country·🇺🇸 United States

isp·NTT America, Inc.

asn·AS2914

network·Standard

$ sikker risk 216.167.92.154scoring →

confidence

95%Very High

first_seen·Apr 9, 2026

last_seen·4d ago

sessions·22

events·22

$ sikker protocols 216.167.92.154

SSH

7 / 7

DOCKER

5 / 5

HTTPS

4 / 4

TELNET

4 / 4

HTTP

2 / 2

$ sikker summary 216.167.92.154

216.167.92.154 has a threat confidence score of 95%. This IP address from United States (AS2914, NTT America, Inc.) has been observed in 22 honeypot sessions targeting SSH, DOCKER, HTTPS, TELNET, HTTP protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 9, 2026, most recently active April 13, 2026.

$ sikker behaviors 216.167.92.154catalog →

highHttp Mass Web Rce Exploitation Scanning2x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 216.167.92.154

php_phpunit_md5_marker148 http_method_get84 http_php_echo_md5_hello_phpunit_marker74 docker_post_method15 https_index_php_root_request12 docker_container_exec_path10 telnet_echo_hex_escape_sequence_output8 https_query_thinkphp_invokefunction_md5_probe8 https_body_wget_curl_pipe_to_sh_apache_selfrep8 https_php_ini_directive_injection_allow_url_include_auto_prepend_file8 docker_get_method5 docker_exec_start_endpoint5 docker_list_containers_endpoint5 https_path_root4 telnet_command_shell4 telnet_command_enable4 telnet_command_system4 https_hello_world_path_request4 https_public_index_php_request4 https_cgi_bin_sh_execution_request4

$ sikker related 216.167.92.154

🇺🇸·More threats fromUnited States→AS·More threats fromNTT America, Inc.→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
216.167.38.97	23%	1
216.167.35.4	48%	3
216.167.38.207	76%	2
216.167.32.116	79%	3
216.167.36.175	81%	8

IP Address	Confidence	Events
167.94.146.58	50%	3,640
198.235.24.119	98%	407
205.210.31.217	99%	395
64.20.60.134	91%	294
16.58.56.214	100%	51,595