85.121.53.228 — M247 Europe SRL, DE — Very High (93%)

Check an IP Address, Domain Name, Subnet, or ASN

85.121.53.228 was found in our database!

Confidence Level

93%

Very High?

Geolocation

🇩🇪

GermanyFrankfurt am Main

ISPM247 Europe SRL

ASNAS9009

Activity Timeline

First seenFeb 2, 2026, 02:38 PM

Last seen26d ago

13Sessions

424Events

Protocol Breakdown

HTTPS

7 / 336

HTTP

1 / 47

TELNET

2 / 26

DOCKER

2 / 12

SSH

1 / 3

85.121.53.228 has a very high threat confidence level of 93%, originating from Frankfurt am Main, Germany, on the M247 Europe SRL network (9009). It has been observed across 13 sessions targeting HTTPS, HTTP, TELNET, DOCKER, SSH, with detected attack patterns including docker remote exec via api, First observed on February 2, 2026, most recently active February 4, 2026.

Behaviors

Classified behavioral patterns observed

Docker Remote Exec Via Api

high2x

Unauthenticated or externally triggered interaction with the Docker Engine HTTP API resulting in container enumeration (GET /containers/json) followed by multiple POST /containers/{id}/exec and /exec/{id}/start calls. This pattern strongly indicates remote command execution inside running containers through the Docker daemon. In honeypot telemetry this is typically associated with attackers abusing exposed Docker sockets (2375/2376) to gain execution, deploy payloads, or stage further compromise.

Primitives

Individual actions observed

Http Method Get43 Http Php Echo Md5 Hello Phpunit Marker37 Https Query Thinkphp Invokefunction Md5 Probe14 Https Body Wget Curl Pipe To Sh Apache Selfrep14 Https Php Ini Directive Injection Allow Url Include Auto Prepend File14 Https Path Root7 Https Phpunit Eval Stdin Rce Probe7 Https Cgi Bin Percent Encoded Directory Traversal Bin Sh7 Docker Post Method6 Docker Container Exec Path4 Telnet Echo Hex Escape Sequence Output4 Docker Get Method2 Telnet Command Sh2 Telnet Command Shell2 Telnet Command Enable2 Telnet Command System2 Docker Exec Start Endpoint2 Docker List Containers Endpoint2 Http Body Wget Curl Pipe To Sh Selfrep2 Http Thinkphp Invokefunction Call User Func Array Md52

Related Threats

Explore related threat intelligence

🇩🇪More threats fromGermany ASMore threats fromM247 Europe SRL HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP TELNETMore threats targetingTELNET DOCKERMore threats targetingDOCKER SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
89.45.4.110	32%	20
185.195.202.22	18%	16
89.238.167.134	23%	1
188.214.122.108	12%	3
146.70.160.174	17%	14

IP Address	Confidence	Events
146.0.42.48	88%	55,939
87.106.147.36	100%	29,226
87.98.242.75	97%	14,196
104.248.242.243	99%	191
62.171.129.237	99%	55,108