Check an IP Address, Domain Name, Subnet, or ASN

147.45.50.108 was found in our database!

$ whois 147.45.50.108

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Global Connectivity Solutions Llp

asn·AS215540

network·Standard

$ sikker risk 147.45.50.108scoring →

confidence

100%Very High

first_seen·Jan 25, 2026

last_seen·7h ago

first_reported·Mar 1, 2026

last_reported·Mar 1, 2026

sessions·49

events·213

reports·1

$ sikker protocols 147.45.50.108

HTTPS

6 / 100

HTTP

12 / 59 / 1r

DOCKER

14 / 19

TELNET

6 / 18

SSH

11 / 17

$ sikker summary 147.45.50.108

147.45.50.108 has a threat confidence score of 100%. This IP address from The Netherlands (AS215540, Global Connectivity Solutions Llp) has been observed in 49 honeypot sessions and reported 1 times targeting HTTPS, HTTP, DOCKER, TELNET, SSH protocols. Detected attack patterns include http mass web rce exploitation scanning, docker remote exec via api. First observed on January 25, 2026, most recently active April 6, 2026.

$ sikker behaviors 147.45.50.108catalog →

highHttp Mass Web Rce Exploitation Scanning11x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

highDocker Remote Exec Via Api1x

Unauthenticated or externally triggered interaction with the Docker Engine HTTP API resulting in container enumeration (GET /containers/json) followed by multiple POST /containers/{id}/exec and /exec/{id}/start calls. This pattern strongly indicates remote command execution inside running containers through the Docker daemon. In honeypot telemetry this is typically associated with attackers abusing exposed Docker sockets (2375/2376) to gain execution, deploy payloads, or stage further compromise.

$ sikker primitives 147.45.50.108

http_method_get504 http_php_echo_md5_hello_phpunit_marker444 docker_post_method42 php_phpunit_md5_marker37 docker_container_exec_path28 http_body_wget_curl_pipe_to_sh_selfrep24 http_thinkphp_invokefunction_call_user_func_array_md524 http_php_cgi_allow_url_include_auto_prepend_input_injection24 docker_get_method14 docker_exec_start_endpoint14 docker_list_containers_endpoint14 http_cgi_bin_direct_bin_sh_access12 telnet_echo_hex_escape_sequence_output12 http_phpunit_eval_stdin_php_path_access12 http_phpunit_license_eval_stdin_path_probe12 http_phpunit_util_php_eval_stdin_path_access12 http_root_phpunit_src_eval_stdin_path_access12 http_root_phpunit_util_eval_stdin_path_access12 http_double_vendor_phpunit_eval_stdin_path_probe12 http_phpunit_src_util_php_eval_stdin_path_access12

$ sikker reports 147.45.50.108submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 1, 2026, 12:15	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 147.45.50.108

🇳🇱·More threats fromThe Netherlands→AS·More threats fromGlobal Connectivity Solutions Llp→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
78.153.155.71	72%	104
193.39.208.26	100%	153
193.233.253.17	97%	48
147.45.60.22	99%	127
147.45.50.81	94%	24

IP Address	Confidence	Events
45.148.10.240	100%	529,867
45.148.10.192	100%	29,122
185.214.74.251	99%	49
46.151.178.13	93%	3,731
172.71.98.89	24%	18