Check an IP Address, Domain Name, Subnet, or ASN

47.254.28.88 was found in our database!

$ whois 47.254.28.88

country·🇺🇸 United States

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 47.254.28.88scoring →

confidence

87%Very High

first_seen·Feb 9, 2026

last_seen·1d ago

sessions·39

events·86

$ sikker protocols 47.254.28.88

HTTPS

11 / 58

DOCKER

20 / 20

SSH

8 / 8

$ sikker summary 47.254.28.88

47.254.28.88 has a threat confidence score of 87%. This IP address from United States (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 39 honeypot sessions targeting HTTPS, DOCKER, SSH protocols. Detected attack patterns include https multi vector web rce and payload execution attempt. First observed on February 9, 2026, most recently active April 4, 2026.

$ sikker behaviors 47.254.28.88catalog →

very_highHttps Multi Vector Web Rce And Payload Execution Attempt1x

Sequence of requests including PHPUnit eval-stdin endpoint probing across multiple paths, PHP payload execution markers, PEAR config-create file write attempts, local file inclusion targeting /tmp/index1, direct shell access via /cgi-bin/bin/sh, and payload delivery using wget/curl piped to sh, indicating an automated multi-vector remote code execution and payload deployment attempt.

$ sikker primitives 47.254.28.88

docker_post_method60 docker_container_exec_path40 php_phpunit_md5_marker37 docker_get_method20 docker_exec_start_endpoint20 docker_list_containers_endpoint20 https_query_thinkphp_invokefunction_md5_probe18 https_body_wget_curl_pipe_to_sh_apache_selfrep18 https_php_ini_directive_injection_allow_url_include_auto_prepend_file18 https_path_root9 https_phpunit_eval_stdin_rce_probe9 phpunit_eval_stdin_php_header_execution9 phpunit_eval_stdin_endpoint_access_legacy_path9 phpunit_eval_stdin_endpoint_access_src_variant9 phpunit_eval_stdin_endpoint_access_nested_src_path9 phpunit_eval_stdin_endpoint_access_nested_legacy_path9 https_cgi_bin_percent_encoded_directory_traversal_bin_sh9 https_index_php_root_request3 https_php_cve_2024_4577_base64_exec_marker2 https_hello_world_path_request1

$ sikker related 47.254.28.88

🇺🇸·More threats fromUnited States→AS·More threats fromAlibaba US Technology Co., Ltd.→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.83.163.189	86%	20,198
8.210.142.27	82%	17,265
47.242.52.32	80%	15,241
47.74.213.140	83%	55,990
47.76.91.78	83%	728

IP Address	Confidence	Events
64.62.197.182	99%	1,861
20.163.33.220	84%	223
18.218.118.203	100%	39,320
3.129.187.38	100%	38,865
72.52.77.123	98%	3,405