Check an IP Address, Domain Name, Subnet, or ASN

144.31.11.68 was found in our database!

$ whois 144.31.11.68

country·🇺🇸 United States

city·Orem

isp·H2nexus Ltd

asn·AS215730

network·Standard

$ sikker risk 144.31.11.68scoring →

confidence

91%Very High

first_seen·Feb 27, 2026

last_seen·1h ago

sessions·27

events·27

$ sikker protocols 144.31.11.68

SSH

8 / 8

HTTP

5 / 5

HTTPS

5 / 5

DOCKER

5 / 5

TELNET

4 / 4

$ sikker summary 144.31.11.68

144.31.11.68 has a threat confidence score of 91%. This IP address from United States (AS215730, H2nexus Ltd) has been observed in 27 honeypot sessions targeting SSH, HTTP, HTTPS, DOCKER, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on February 27, 2026, most recently active March 23, 2026.

$ sikker behaviors 144.31.11.68catalog →

highHttp Mass Web Rce Exploitation Scanning5x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 144.31.11.68

http_method_get210 http_php_echo_md5_hello_phpunit_marker185 docker_post_method15 docker_container_exec_path10 http_body_wget_curl_pipe_to_sh_selfrep10 https_query_thinkphp_invokefunction_md5_probe10 https_body_wget_curl_pipe_to_sh_apache_selfrep10 http_thinkphp_invokefunction_call_user_func_array_md510 http_php_cgi_allow_url_include_auto_prepend_input_injection10 https_php_ini_directive_injection_allow_url_include_auto_prepend_file10 telnet_echo_hex_escape_sequence_output8 https_path_root5 docker_get_method5 docker_exec_start_endpoint5 docker_list_containers_endpoint5 http_cgi_bin_direct_bin_sh_access5 https_phpunit_eval_stdin_rce_probe5 http_phpunit_eval_stdin_php_path_access5 http_phpunit_license_eval_stdin_path_probe5 http_docker_api_containers_json_path_access5

$ sikker related 144.31.11.68

🇺🇸·More threats fromUnited States→AS·More threats fromH2nexus Ltd→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→DOCK·More threats targetingDOCKER→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.144.52.49	50%	3
144.31.4.70	25%	26
144.31.2.8	26%	1
94.159.111.151	100%	286
94.159.100.141	98%	97

IP Address	Confidence	Events
199.45.154.117	49%	495
3.129.187.38	100%	31,476
91.230.168.46	47%	24
209.222.101.54	98%	54,030
173.245.76.90	98%	109,373