Check an IP Address, Domain Name, Subnet, or ASN

38.165.42.102 was found in our database!

$ whois 38.165.42.102

country·🇺🇸 United States

isp·AROSSCLOUD INC.

asn·AS400619

network·Standard

$ sikker risk 38.165.42.102scoring →

confidence

93%Very High

first_seen·Mar 18, 2026

last_seen·10h ago

first_reported·Mar 17, 2026

last_reported·3d ago

sessions·13

events·13

reports·1

$ sikker protocols 38.165.42.102

SSH

8 / 8

HTTP

3 / 3 / 1r

HTTPS

1 / 1

TELNET

1 / 1

$ sikker summary 38.165.42.102

38.165.42.102 has a threat confidence score of 93%. This IP address from United States (AS400619, AROSSCLOUD INC.) has been observed in 13 honeypot sessions and reported 1 times targeting SSH, HTTP, HTTPS, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 17, 2026, most recently active March 20, 2026.

$ sikker behaviors 38.165.42.102catalog →

highHttp Mass Web Rce Exploitation Scanning3x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 38.165.42.102

http_method_get126 http_php_echo_md5_hello_phpunit_marker111 http_body_wget_curl_pipe_to_sh_selfrep6 http_thinkphp_invokefunction_call_user_func_array_md56 http_php_cgi_allow_url_include_auto_prepend_input_injection6 http_cgi_bin_direct_bin_sh_access3 http_phpunit_eval_stdin_php_path_access3 http_phpunit_license_eval_stdin_path_probe3 http_docker_api_containers_json_path_access3 http_phpunit_util_php_eval_stdin_path_access3 http_root_phpunit_src_eval_stdin_path_access3 http_root_phpunit_util_eval_stdin_path_access3 http_double_vendor_phpunit_eval_stdin_path_probe3 http_phpunit_src_util_php_eval_stdin_path_access3 http_root_phpunit_util_php_eval_stdin_path_access3 http_lang_parameter_deep_path_traversal_tmp_index13 http_pearcmd_config_create_path_traversal_md5_write3 http_phpunit_legacy_util_php_eval_stdin_path_access3 http_root_phpunit_src_util_php_eval_stdin_path_access3 http_cgi_bin_percent_encoded_directory_traversal_bin_sh3

$ sikker reports 38.165.42.102submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 17, 2026, 09:19	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 38.165.42.102

🇺🇸·More threats fromUnited States→AS·More threats fromAROSSCLOUD INC.→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
38.55.146.197	35%	10
38.55.146.194	30%	2
154.193.217.134	30%	2
38.55.146.198	28%	24
38.55.146.205	48%	2

IP Address	Confidence	Events
172.236.228.197	90%	1,733
144.172.105.60	98%	37,888
97.74.90.88	96%	2,418
71.6.135.131	100%	2,883
45.205.1.8	95%	5,305