Check an IP Address, Domain Name, Subnet, or ASN

64.31.18.114 was found in our database!

$ whois 64.31.18.114

country·🇺🇸 United States

city·Chicago

isp·Limestone Networks, Inc.

asn·AS46475

network·Standard

$ sikker risk 64.31.18.114scoring →

confidence

94%Very High

first_seen·Mar 3, 2026

last_seen·4d ago

sessions·38

events·38

$ sikker protocols 64.31.18.114

DOCKER

14 / 14

HTTPS

12 / 12

HTTP

8 / 8

SSH

2 / 2

TELNET

2 / 2

$ sikker summary 64.31.18.114

64.31.18.114 has a threat confidence score of 94%. This IP address from United States (AS46475, Limestone Networks, Inc.) has been observed in 38 honeypot sessions targeting DOCKER, HTTPS, HTTP, SSH, TELNET protocols. Detected attack patterns include http mass web rce exploitation scanning. First observed on March 3, 2026, most recently active March 17, 2026.

$ sikker behaviors 64.31.18.114catalog →

highHttp Mass Web Rce Exploitation Scanning5x

Coordinated automated exploitation attempts targeting public-facing web services, including PHPUnit eval-stdin access, PHP-CGI argument injection, Docker API exposure, directory traversal, ThinkPHP invokeFunction abuse, and command execution patterns (wget/curl pipe to shell). Identifies opportunistic bot-driven RCE scanning and framework-specific exploit chaining against internet-exposed applications.

$ sikker primitives 64.31.18.114

http_method_get336 http_php_echo_md5_hello_phpunit_marker296 docker_post_method42 docker_container_exec_path28 https_query_thinkphp_invokefunction_md5_probe24 https_body_wget_curl_pipe_to_sh_apache_selfrep24 https_php_ini_directive_injection_allow_url_include_auto_prepend_file24 http_body_wget_curl_pipe_to_sh_selfrep16 http_thinkphp_invokefunction_call_user_func_array_md516 http_php_cgi_allow_url_include_auto_prepend_input_injection16 docker_get_method14 docker_exec_start_endpoint14 docker_list_containers_endpoint14 https_path_root12 https_phpunit_eval_stdin_rce_probe12 https_cgi_bin_percent_encoded_directory_traversal_bin_sh12 http_cgi_bin_direct_bin_sh_access8 http_phpunit_eval_stdin_php_path_access8 http_phpunit_license_eval_stdin_path_probe8 http_docker_api_containers_json_path_access8

$ sikker related 64.31.18.114

🇺🇸·More threats fromUnited States→AS·More threats fromLimestone Networks, Inc.→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
86.38.216.164	96%	27
89.116.64.33	51%	2
185.167.61.76	57%	3
140.99.223.46	23%	1
86.110.51.47	89%	14

IP Address	Confidence	Events
206.189.203.71	77%	9
34.82.98.110	79%	6,050
185.218.138.28	97%	5,068
165.227.84.26	95%	54
162.254.3.130	87%	16,417