Significant Threat
IP 193.22.146.182 is a high-risk address originating from Germany and operated by Contabo GmbH (AS51167), linked to systematic hacking activity and web application intrusion attempts that generated 2,704 abuse reports from automated honeypot sensors over approximately five months between October 2025 and February 2026.
According to data aggregated from 20 distinct automated honeypot sensors, this IP has been flagged predominantly for hacking-related activity (19 recent reports), supplemented by web application attack signatures (2 reports) and potential exploitation indicators (2 reports). The reported attack patterns observed include web application reconnaissance probes, generic exploit and malware delivery attempts, and targeted Redis database protocol attacks. Despite the high volume of cumulative reports, the activity frequency metric registers at 0/10, suggesting the malicious behavior may be sporadic or concentrated in short intensive bursts rather than continuous sustained traffic. The German network hosting this address is a commercial provider known to serve diverse customer bases, which complicates rapid attribution but reinforces the importance of treating these reports as credible indicators of hostile intent.
The dominant hacking classification encompasses a broad spectrum of unauthorized access activities, including vulnerability exploitation, intrusion attempts, and credential-based attacks against exposed services. Web application attack patterns targeting the same infrastructure suggest the operator is conducting multi-vector reconnaissance and exploitation campaigns, while the presence of Redis-specific attack signatures indicates deliberate probing of commonly misconfigured database services. Collectively, these patterns describe an IP engaged in active reconnaissance and exploitation rather than passive scanning, posing a direct threat to any exposed SSH, web application, or database services within range of these automated attack scripts.
Site operators should implement immediate defensive measures including blocking or rate-limiting this IP at the firewall level, deploying web application firewalls to filter known attack signatures, and hardening authentication mechanisms on exposed services with strong password policies and multi-factor authentication where feasible. Organizations running publicly accessible Redis instances should verify that authentication and network-level access controls are properly configured to prevent unauthorized command execution. Regular security audits and prompt patching of internet-facing services will reduce the effectiveness of any exploitation attempts that do bypass perimeter defenses, and monitoring authentication logs for unusual source IP patterns can help identify additional malicious infrastructure sharing similar attack profiles.
FR 
UA 
HK 
BE 
PL