Check an IP Address, Domain Name, Subnet, or ASN

101.47.158.137 was found in our database!

$ whois 101.47.158.137

country·🇸🇬 Singapore

city·Singapore

isp·Byteplus Pte. Ltd.

asn·AS150436

network·Standard

$ sikker risk 101.47.158.137scoring →

confidence

100%Very High

first_seen·Mar 3, 2026

last_seen·4d ago

first_reported·Mar 6, 2026

last_reported·Mar 20, 2026

sessions·167

events·167

reports·3

$ sikker protocols 101.47.158.137

SSH

67 / 67 / 2r

TELNET

36 / 36 / 1r

HTTP

28 / 28

HTTPS

21 / 21

DOCKER

15 / 15

$ sikker summary 101.47.158.137

101.47.158.137 has a threat confidence score of 100%. This IP address from Singapore (AS150436, Byteplus Pte. Ltd.) has been observed in 167 honeypot sessions and reported 3 times targeting SSH, TELNET, HTTP, HTTPS, DOCKER protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 3, 2026, most recently active May 6, 2026.

$ sikker behaviors 101.47.158.137catalog →

highHttp Mass Web Rce Exploitation Scanning22x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 101.47.158.137

http_method_get1037 http_php_echo_md5_hello_phpunit_marker927 php_phpunit_md5_marker333 http_body_wget_curl_pipe_to_sh_selfrep56 telnet_echo_hex_escape_sequence_output56 http_php_cgi_allow_url_include_auto_prepend_input_injection55 https_body_wget_curl_pipe_to_sh_apache_selfrep44 http_thinkphp_invokefunction_call_user_func_array_md544 https_php_ini_directive_injection_allow_url_include_auto_prepend_file44 docker_post_method42 https_query_thinkphp_invokefunction_md5_probe42 telnet_command_sh28 telnet_command_shell28 telnet_command_enable28 docker_container_exec_path28 http_cgi_bin_direct_bin_sh_access28 http_cgi_bin_percent_encoded_directory_traversal_bin_sh28 telnet_command_system27 https_index_php_root_request27 http_phpunit_eval_stdin_php_path_access27

$ sikker reports 101.47.158.137submit →

Showing 3 of 3 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 20, 2026, 15:31	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 9, 2026, 20:04	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 6, 2026, 15:12	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 101.47.158.137

🇸🇬·More threats fromSingapore→AS·More threats fromByteplus Pte. Ltd.→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.78.198.204	100%	650
150.5.169.176	100%	1,148
45.78.198.167	100%	563
163.7.4.169	99%	71
163.7.5.228	29%	32

IP Address	Confidence	Events
43.160.207.19	94%	565
51.79.142.7	96%	6,040
103.23.172.59	95%	685
217.216.32.107	94%	554
84.247.151.57	94%	331