Check an IP Address, Domain Name, Subnet, or ASN

94.23.167.143 was found in our database!

$ whois 94.23.167.143

country·🇩🇪 Germany

city·Saarbrücken

isp·OVH SAS

asn·AS16276

network·Standard

$ sikker risk 94.23.167.143scoring →

confidence

80%Very High

first_seen·Apr 3, 2026

last_seen·1h ago

sessions·255

events·255

$ sikker protocols 94.23.167.143

SIP

255 / 255

$ sikker summary 94.23.167.143

94.23.167.143 has a threat confidence score of 80%. This IP address from Germany (AS16276, OVH SAS) has been observed in 255 honeypot sessions targeting SIP protocols. First observed on April 3, 2026, most recently active April 20, 2026.

$ sikker behaviors 94.23.167.143catalog →

lowSip Options Capability Probe Structured255x

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

$ sikker primitives 94.23.167.143

sip_call_id_long_numeric255 sip_call_id_alphanumeric_entropy255

$ sikker related 94.23.167.143

🇩🇪·More threats fromGermany→AS·More threats fromOVH SAS→SIP·More threats targetingSIP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
54.38.41.116	85%	49,826
51.83.143.139	89%	100,825
51.195.20.203	97%	2,706
51.89.235.201	88%	78,680
5.196.63.60	98%	16,486

IP Address	Confidence	Events
146.0.42.48	86%	75,072
45.65.112.108	86%	3,649
216.24.213.226	88%	16,802
165.245.218.96	80%	24
217.216.108.129	87%	2,992