Check an IP Address, Domain Name, Subnet, or ASN

154.219.103.140 was found in our database!

$ whois 154.219.103.140

country·🇭🇰 Hong Kong

isp·cognetcloud INC

asn·AS401701

network·Standard

$ sikker risk 154.219.103.140scoring →

confidence

97%Very High

first_seen·Mar 11, 2026

last_seen·6h ago

first_reported·Mar 13, 2026

last_reported·8h ago

sessions·51

events·51

reports·5

$ sikker protocols 154.219.103.140

SSH

25 / 25 / 3r

TELNET

19 / 19 / 2r

HTTP

3 / 3

DOCKER

3 / 3

HTTPS

1 / 1

$ sikker summary 154.219.103.140

154.219.103.140 has a threat confidence score of 97%. This IP address from Hong Kong (AS401701, cognetcloud INC) has been observed in 51 honeypot sessions and reported 5 times targeting SSH, TELNET, HTTP, DOCKER, HTTPS protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 11, 2026, most recently active March 16, 2026.

$ sikker behaviors 154.219.103.140catalog →

highHttp Mass Web Rce Exploitation Scanning3x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 154.219.103.140

http_method_get126 http_php_echo_md5_hello_phpunit_marker111 telnet_echo_hex_escape_sequence_output34 telnet_command_sh17 telnet_command_shell17 telnet_command_enable17 telnet_command_system17 telnet_wget_sh_no_check_certificate_quiet_stdout_exec17 docker_post_method9 docker_container_exec_path6 http_body_wget_curl_pipe_to_sh_selfrep6 http_thinkphp_invokefunction_call_user_func_array_md56 http_php_cgi_allow_url_include_auto_prepend_input_injection6 docker_get_method3 docker_exec_start_endpoint3 docker_list_containers_endpoint3 http_cgi_bin_direct_bin_sh_access3 http_phpunit_eval_stdin_php_path_access3 http_phpunit_license_eval_stdin_path_probe3 http_docker_api_containers_json_path_access3

$ sikker reports 154.219.103.140submit →

Showing 5 of 5 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 16, 2026, 10:04	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 16, 2026, 03:15	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 17:04	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 13, 2026, 18:41	Brute Force	SSH	SikkerGuard: 4 blocked packets
User	Mar 13, 2026, 08:54	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 154.219.103.140

🇭🇰·More threats fromHong Kong→AS·More threats fromcognetcloud INC→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
85.137.242.119	80%	2,125
45.207.221.76	30%	2
38.76.218.105	55%	5
154.222.24.142	100%	689
149.88.76.88	24%	23

IP Address	Confidence	Events
172.110.223.55	100%	56,200
185.216.119.134	100%	794
85.137.242.119	80%	2,124
27.122.56.141	62%	33
165.154.1.212	90%	32