Check an IP Address, Domain Name, Subnet, or ASN

103.143.11.229 was found in our database!

$ whois 103.143.11.229

country·🇭🇰 Hong Kong

isp·YISU CLOUD LTD

asn·AS138152

network·Standard

$ sikker risk 103.143.11.229scoring →

confidence

90%Very High

first_seen·Apr 10, 2026

last_seen·47m ago

sessions·25

events·25

$ sikker protocols 103.143.11.229

SSH

16 / 16

HTTP

4 / 4

TELNET

3 / 3

HTTPS

2 / 2

$ sikker summary 103.143.11.229

103.143.11.229 has a threat confidence score of 90%. This IP address from Hong Kong (AS138152, YISU CLOUD LTD) has been observed in 25 honeypot sessions targeting SSH, HTTP, TELNET, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on April 10, 2026, most recently active April 14, 2026.

$ sikker behaviors 103.143.11.229catalog →

highHttp Mass Web Rce Exploitation Scanning3x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 103.143.11.229

http_method_get126 http_php_echo_md5_hello_phpunit_marker111 php_phpunit_md5_marker12 http_body_wget_curl_pipe_to_sh_selfrep7 telnet_echo_hex_escape_sequence_output6 http_thinkphp_invokefunction_call_user_func_array_md56 http_php_cgi_allow_url_include_auto_prepend_input_injection6 http_cgi_bin_direct_bin_sh_access4 https_body_wget_curl_pipe_to_sh_apache_selfrep4 https_php_ini_directive_injection_allow_url_include_auto_prepend_file4 telnet_command_sh3 telnet_command_shell3 telnet_command_enable3 telnet_command_system3 http_phpunit_eval_stdin_php_path_access3 http_phpunit_license_eval_stdin_path_probe3 http_docker_api_containers_json_path_access3 http_phpunit_util_php_eval_stdin_path_access3 http_root_phpunit_src_eval_stdin_path_access3 http_root_phpunit_util_eval_stdin_path_access3

$ sikker related 103.143.11.229

🇭🇰·More threats fromHong Kong→AS·More threats fromYISU CLOUD LTD→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
154.92.22.79	91%	183
103.143.238.100	100%	676
156.227.233.77	100%	1,180
156.236.75.188	100%	906
103.146.52.37	34%	4

IP Address	Confidence	Events
43.99.27.72	88%	8,358
8.218.223.148	96%	635
47.76.235.206	97%	3,253
39.109.116.131	93%	713
47.86.62.106	75%	3,483