Check an IP Address, Domain Name, Subnet, or ASN

47.254.192.213 was found in our database!

$ whois 47.254.192.213

country·🇲🇾 Malaysia

city·Kuala Lumpur

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 47.254.192.213scoring →

confidence

89%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 11, 2026

last_reported·2d ago

sessions·420

events·538

reports·2

$ sikker protocols 47.254.192.213

REDIS

97 / 158

MONGODB

92 / 111 / 1r

MSSQL

104 / 104

SSH

58 / 76 / 1r

MYSQL

26 / 44

RDP

42 / 42

DOCKER

1 / 3

$ sikker summary 47.254.192.213

47.254.192.213 has a threat confidence score of 89%. This IP address from Malaysia (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 420 honeypot sessions and reported 2 times targeting REDIS, MONGODB, MSSQL, SSH, MYSQL and 2 other protocols. First observed on January 21, 2026, most recently active March 20, 2026.

$ sikker behaviors 47.254.192.213catalog →

mediumMysql User Schema Table Footprint Reconnaissance1x

Attacker enumerates non-system MySQL database schemas and associated table statistics (row counts, storage size, average row size) via metadata queries against the TABLES catalog. This activity indicates targeted discovery of accessible application datasets and data volume profiling to prioritize exfiltration, credential harvesting, or destructive actions against high-value databases.

infoRedis Info Command Invocation14x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 47.254.192.213

redis_info_lowercase46 redis_command_http_host_header_port_63795 docker_get_method3 docker_bad_request_uri3 mysql_select_tables_metadata_excluding_system_schemas1

$ sikker reports 47.254.192.213submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 17, 2026, 18:39	Brute Force	MONGODB	SikkerGuard: 2 blocked packets
User	Mar 11, 2026, 02:54	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 47.254.192.213

🇲🇾·More threats fromMalaysia→AS·More threats fromAlibaba US Technology Co., Ltd.→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→MSSQ·More threats targetingMSSQL→SSH·More threats targetingSSH→MYSQ·More threats targetingMYSQL→RDP·More threats targetingRDP→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.237.191.34	87%	26,461
8.218.174.114	89%	84
47.254.234.203	97%	230
8.210.28.151	88%	134,852
8.210.112.20	81%	25,762

IP Address	Confidence	Events
47.254.234.203	97%	230
103.131.135.246	36%	183
49.124.152.216	33%	87
47.250.81.7	83%	589
211.24.107.72	29%	73