20.215.130.165 — Microsoft Corporation, PL — Medium (56%)

Check an IP Address, Domain Name, Subnet, or ASN

20.215.130.165 was found in our database!

Confidence Level

56%

Medium?

Geolocation

🇵🇱

PolandWarsaw

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenMar 5, 2026, 04:29 PM

Last seen1h ago

1Sessions

1Events

Protocol Breakdown

TELNET

1 / 1

20.215.130.165 has a moderate threat confidence level of 56%, originating from Warsaw, Poland, on the Microsoft Corporation network (8075). It has been observed across 1 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on March 5, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh1 Telnet Command Shell1 Telnet Command Enable1 Telnet Command System1 Telnet Busybox Unknown Applet Invocation1

Related Threats

Explore related threat intelligence

🇵🇱More threats fromPoland ASMore threats fromMicrosoft Corporation TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
40.82.214.8	100%	511
20.65.194.73	69%	140
135.237.127.87	79%	147
52.165.81.64	75%	146
172.174.244.189	61%	121

IP Address	Confidence	Events
51.77.32.116	99%	108,166
195.3.221.86	100%	3,681
193.34.212.9	91%	1,062
57.128.212.198	100%	862
83.168.90.177	100%	207