Check an IP Address, Domain Name, Subnet, or ASN

20.2.63.131 was found in our database!

$ whois 20.2.63.131

country·🇭🇰 Hong Kong

city·Hong Kong

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.2.63.131scoring →

confidence

56%Medium

first_seen·Mar 22, 2026

last_seen·1h ago

sessions·1

events·1

$ sikker protocols 20.2.63.131

TELNET

1 / 1

$ sikker summary 20.2.63.131

20.2.63.131 has a threat confidence score of 56%. This IP address from Hong Kong (AS8075, Microsoft Corporation) has been observed in 1 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 22, 2026, most recently active March 22, 2026.

$ sikker behaviors 20.2.63.131catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 20.2.63.131

telnet_command_sh1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 telnet_busybox_unknown_applet_invocation1

$ sikker related 20.2.63.131

🇭🇰·More threats fromHong Kong→AS·More threats fromMicrosoft Corporation→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.221.71.226	39%	306
20.168.121.93	56%	38
20.118.217.181	82%	152
20.169.50.74	71%	47
20.65.195.61	68%	120

IP Address	Confidence	Events
23.249.28.115	100%	507
172.110.223.49	97%	19,615
154.23.141.99	93%	174
172.110.223.44	99%	39,188
103.210.237.236	97%	3,023