Check an IP Address, Domain Name, Subnet, or ASN

131.222.210.174 was found in our database!

$ whois 131.222.210.174

country·🇦🇪 United Arab Emirates

network·Standard

$ sikker risk 131.222.210.174scoring →

confidence

83%Very High

first_seen·May 1, 2026

last_seen·1h ago

sessions·54

events·54

$ sikker protocols 131.222.210.174

TELNET

54 / 54

$ sikker summary 131.222.210.174

131.222.210.174 has a threat confidence score of 83%. This IP address from United Arab Emirates has been observed in 54 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on May 1, 2026, most recently active May 1, 2026.

$ sikker behaviors 131.222.210.174catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 131.222.210.174

telnet_command_system46 telnet_command_enable45 telnet_command_shell7 telnet_command_sh1 telnet_busybox_unknown_applet_invocation1

$ sikker related 131.222.210.174

🇦🇪·More threats fromUnited Arab Emirates→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
31.56.209.38	98%	562
144.172.88.228	100%	1,806
20.203.42.204	100%	4,985
31.58.144.30	98%	35
43.225.52.157	94%	14