Check an IP Address, Domain Name, Subnet, or ASN

150.5.133.80 was found in our database!

$ whois 150.5.133.80

country·🇭🇰 Hong Kong

city·Hong Kong

isp·Byteplus Pte. Ltd.

asn·AS150436

network·Standard

$ sikker risk 150.5.133.80scoring →

confidence

94%Very High

first_seen·Apr 9, 2026

last_seen·17d ago

first_reported·Apr 10, 2026

last_reported·21d ago

sessions·20

events·20

reports·1

$ sikker protocols 150.5.133.80

SSH

7 / 7 / 1r

TELNET

5 / 5

HTTP

3 / 3

DOCKER

3 / 3

HTTPS

2 / 2

$ sikker summary 150.5.133.80

150.5.133.80 has a threat confidence score of 94%. This IP address from Hong Kong (AS150436, Byteplus Pte. Ltd.) has been observed in 20 honeypot sessions and reported 1 times targeting SSH, TELNET, HTTP, DOCKER, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 9, 2026, most recently active April 14, 2026.

$ sikker behaviors 150.5.133.80catalog →

highHttp Mass Web Rce Exploitation Scanning1x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 150.5.133.80

http_method_get83 http_php_echo_md5_hello_phpunit_marker75 php_phpunit_md5_marker41 docker_post_method9 telnet_echo_hex_escape_sequence_output7 docker_container_exec_path6 http_body_wget_curl_pipe_to_sh_selfrep6 http_php_cgi_allow_url_include_auto_prepend_input_injection6 https_body_wget_curl_pipe_to_sh_apache_selfrep4 http_thinkphp_invokefunction_call_user_func_array_md54 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 docker_get_method3 telnet_command_sh3 telnet_command_enable3 telnet_command_system3 docker_exec_start_endpoint3 https_index_php_root_request3 docker_list_containers_endpoint3 http_cgi_bin_direct_bin_sh_access3 http_phpunit_eval_stdin_php_path_access3

$ sikker reports 150.5.133.80submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	Apr 10, 2026, 13:09	Brute Force	SSH	—

$ sikker related 150.5.133.80

🇭🇰·More threats fromHong Kong→AS·More threats fromByteplus Pte. Ltd.→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.78.202.217	100%	732
45.78.208.179	26%	10
101.47.16.134	98%	34
163.7.3.26	100%	980
101.47.8.188	100%	425

IP Address	Confidence	Events
223.223.219.225	95%	1,108
154.209.4.37	95%	2,538
123.58.212.9	96%	8,685
152.32.188.71	96%	3,109
47.243.224.67	95%	1,482