Check an IP Address, Domain Name, Subnet, or ASN

38.250.116.34 was found in our database!

$ whois 38.250.116.34

country·🇵🇪 Peru

isp·Red Cientifica Peruana

asn·AS3132

network·Standard

$ sikker risk 38.250.116.34scoring →

confidence

100%Very High

first_seen·Mar 5, 2026

last_seen·1d ago

sessions·365

events·365

$ sikker protocols 38.250.116.34

SSH

357 / 357

DOCKER

5 / 5

HTTPS

2 / 2

HTTP

1 / 1

$ sikker summary 38.250.116.34

38.250.116.34 has a threat confidence score of 100%. This IP address from Peru (AS3132, Red Cientifica Peruana) has been observed in 365 honeypot sessions targeting SSH, DOCKER, HTTPS, HTTP protocols. Detected attack patterns include ssh hardened host profiling and shell rc immutability bypass, http mass web rce exploitation scanning. First observed on March 5, 2026, most recently active April 19, 2026.

$ sikker behaviors 38.250.116.34catalog →

highSsh Hardened Host Profiling And Shell Rc Immutability Bypass349x

Identifies SSH post-auth activity combining resilient multi-source CPU enumeration (explicit /usr/bin/nproc fallback) with removal of the immutable flag from ~/.shellrc via chattr, indicating host profiling followed by shell configuration tampering for persistence preparation.

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 38.250.116.34

hardened_cpu_enumeration_with_explicit_nproc_path350 unix_chattr_remove_immutable_flag_home_shell_rc349 php_phpunit_md5_marker74 http_method_get42 http_php_echo_md5_hello_phpunit_marker37 docker_post_method15 docker_container_exec_path10 https_index_php_root_request6 docker_get_method5 docker_exec_start_endpoint5 docker_list_containers_endpoint5 https_query_thinkphp_invokefunction_md5_probe4 https_body_wget_curl_pipe_to_sh_apache_selfrep4 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 https_path_root2 https_hello_world_path_request2 https_public_index_php_request2 https_cgi_bin_sh_execution_request2 https_phpunit_eval_stdin_rce_probe2 https_php_lfi_tmp_index1_file_request2

$ sikker related 38.250.116.34

🇵🇪·More threats fromPeru→AS·More threats fromRed Cientifica Peruana→SSH·More threats targetingSSH→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
161.132.51.203	98%	3,857
161.132.4.167	99%	353
38.250.161.250	100%	120
161.132.56.31	23%	61
161.132.39.242	99%	72

IP Address	Confidence	Events
161.132.180.118	100%	1,084
200.37.179.83	50%	539
200.106.49.149	56%	490
190.223.36.108	56%	520
161.132.159.2	38%	334