Check an IP Address, Domain Name, Subnet, or ASN

68.183.234.194 was found in our database!

$ whois 68.183.234.194

country·🇸🇬 Singapore

city·Singapore

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 68.183.234.194scoring →

confidence

100%Very High

first_seen·Jan 21, 2026

last_seen·2h ago

first_reported·Feb 27, 2026

last_reported·25d ago

sessions·579

events·1,547

reports·6

$ sikker protocols 68.183.234.194

DOCKER

249 / 439

SSH

266 / 361 / 5r

HTTPS

7 / 336

HTTP

5 / 240

TELNET

52 / 171 / 1r

$ sikker summary 68.183.234.194

68.183.234.194 has a threat confidence score of 100%. This IP address from Singapore (AS14061, DigitalOcean, LLC) has been observed in 579 honeypot sessions and reported 6 times targeting DOCKER, SSH, HTTPS, HTTP, TELNET protocols. Detected attack patterns include docker remote exec via api. First observed on January 21, 2026, most recently active April 12, 2026.

$ sikker behaviors 68.183.234.194catalog →

highDocker Remote Exec Via Api38x

Attacker interaction with an exposed Docker Engine API resulting in container enumeration followed by remote command execution inside running containers. The sequence of GET /containers/json and subsequent POST /containers/{id}/exec and /exec/{id}/start calls represents deliberate hands-on-keyboard activity where the adversary uses the Docker daemon as a control plane to execute commands, deploy payloads, or pivot further within the host environment. This behavior reflects active container abuse observed directly through high-interaction honeypot instrumentation.

$ sikker primitives 68.183.234.194

docker_post_method747 docker_container_exec_path498 docker_get_method249 docker_exec_start_endpoint249 docker_list_containers_endpoint249 http_method_get215 http_php_echo_md5_hello_phpunit_marker185 telnet_echo_hex_escape_sequence_output103 ssh_password_authenthication.57 telnet_command_system52 telnet_command_sh51 telnet_command_shell51 telnet_wget_sh_no_check_certificate_quiet_stdout_exec51 telnet_command_enable50 https_query_thinkphp_invokefunction_md5_probe14 https_body_wget_curl_pipe_to_sh_apache_selfrep14 https_php_ini_directive_injection_allow_url_include_auto_prepend_file14 http_body_wget_curl_pipe_to_sh_selfrep10 http_thinkphp_invokefunction_call_user_func_array_md510 http_php_cgi_allow_url_include_auto_prepend_input_injection10

$ sikker reports 68.183.234.194submit →

Showing 5 of 6 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 04:10	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 13, 2026, 15:29	Brute Force	SSH	SikkerGuard: 4 blocked packets
User	Mar 7, 2026, 14:12	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 3, 2026, 13:10	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Feb 27, 2026, 21:27	Brute Force	TELNET	SikkerGuard: 2 blocked packets

1 / 2

$ sikker related 68.183.234.194

🇸🇬·More threats fromSingapore→AS·More threats fromDigitalOcean, LLC→DOCK·More threats targetingDOCKER→SSH·More threats targetingSSH→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.22.218.119	93%	10,997
45.55.164.231	84%	218
104.248.143.70	87%	176
164.92.200.230	57%	26
164.92.124.232	84%	3,161

IP Address	Confidence	Events
54.151.176.0	85%	4,008
143.92.56.145	96%	4,857
134.122.189.28	97%	11,144
43.156.227.181	94%	1,037
43.134.11.242	96%	4,506