Check an IP Address, Domain Name, Subnet, or ASN

47.243.150.134 was found in our database!

$ whois 47.243.150.134

country·🇭🇰 Hong Kong

city·Hong Kong

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 47.243.150.134scoring →

confidence

100%Very High

first_seen·Feb 24, 2026

last_seen·4m ago

sessions·119

events·121

$ sikker protocols 47.243.150.134

RDP

84 / 86

SMB

31 / 31

MSSQL

4 / 4

$ sikker summary 47.243.150.134

47.243.150.134 has a threat confidence score of 100%. This IP address from Hong Kong (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 119 honeypot sessions targeting RDP, SMB, MSSQL protocols. Detected attack patterns include smb remcom remote command execution, smb remcom stdout pipe access. First observed on February 24, 2026, most recently active April 7, 2026.

$ sikker behaviors 47.243.150.134catalog →

very_highSmb Remcom Remote Command Execution6x

Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.

highSmb Remcom Stdout Pipe Access19x

SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.

mediumRdp Nla Ntlm Authentication Attempt84x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

mediumSmb Ipc Administrative Share Access1x

Detects authenticated access to the IPC$ administrative share over SMB. This behavior indicates remote interaction with Windows inter-process communication mechanisms and is commonly observed during lateral movement, service enumeration, or preparation for remote command execution.

$ sikker primitives 47.243.150.134

rdp_nla_ntlm_auth84 smb_empty_rpc_call26 smb_ipc_share_access26 smb_file_create_remcom_std20 smb_remcom_pipe_open6 smb_svcctl_pipe_open6 smb_remcom_named_pipe_communication6

$ sikker related 47.243.150.134

🇭🇰·More threats fromHong Kong→AS·More threats fromAlibaba US Technology Co., Ltd.→RDP·More threats targetingRDP→SMB·More threats targetingSMB→MSSQ·More threats targetingMSSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
43.99.72.67	87%	3,327
8.213.82.138	95%	89
47.243.151.182	86%	8,091
8.218.244.97	95%	83
47.238.179.34	95%	88

IP Address	Confidence	Events
202.181.26.143	96%	272
8.218.190.228	36%	7
18.167.166.162	96%	132
165.154.2.235	96%	4,756
165.154.244.173	96%	2,399