Check an IP Address, Domain Name, Subnet, or ASN

112.46.213.186 was found in our database!

$ whois 112.46.213.186

country·🇨🇳 China

isp·China Mobile Communications Group Co., Ltd.

asn·AS9808

network·Standard

$ sikker risk 112.46.213.186scoring →

confidence

92%Very High

first_seen·Jan 29, 2026

last_seen·9d ago

sessions·130

events·2,487

$ sikker protocols 112.46.213.186

TELNET

129 / 2,486

HTTP

1 / 1

$ sikker summary 112.46.213.186

112.46.213.186 has a threat confidence score of 92%. This IP address from China (AS9808, China Mobile Communications Group Co., Ltd.) has been observed in 130 honeypot sessions targeting TELNET, HTTP protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on January 29, 2026, most recently active April 9, 2026.

$ sikker behaviors 112.46.213.186catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Http Method Get1x

HTTP request using GET method.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 112.46.213.186

telnet_rm_absolute_path_file_removal771 telnet_busybox_rm_absolute_path728 telnet_busybox_echo_hex_redirect_write728 telnet_busybox_cat_hidden_absolute_path637 telnet_busybox_unknown_applet_invocation365 telnet_command_shell93 telnet_command_sh92 telnet_command_system92 telnet_command_cd91 telnet_command_su91 telnet_busybox_cat_proc_mounts91 telnet_busybox_rm_hidden_proc_path91 telnet_command_literal_token_zyad500191 telnet_relative_file_output_redirection91 telnet_busybox_chmod_numeric_permission_change91 telnet_command_enable79 http_method_get1

$ sikker related 112.46.213.186

🇨🇳·More threats fromChina→AS·More threats fromChina Mobile Communications Group Co., Ltd.→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
112.27.38.203	47%	417
36.140.66.12	95%	1,191
112.46.213.224	93%	87
112.46.214.96	94%	95
36.212.221.233	95%	1,895

IP Address	Confidence	Events
8.137.55.67	80%	3,256
58.211.125.146	58%	1,135
221.131.45.31	96%	6,322
180.76.177.53	94%	223
123.188.239.125	96%	8,173