Check an IP Address, Domain Name, Subnet, or ASN

20.8.1.112 was found in our database!

$ whois 20.8.1.112

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.8.1.112scoring →

confidence

99%Very High

first_seen·Feb 18, 2026

last_seen·Mar 24, 2026

first_reported·Mar 5, 2026

last_reported·Mar 5, 2026

sessions·95

events·103

reports·1

$ sikker protocols 20.8.1.112

TELNET

77 / 85 / 1r

HTTP

16 / 16

HTTPS

2 / 2

$ sikker summary 20.8.1.112

20.8.1.112 has a threat confidence score of 99%. This IP address from The Netherlands (AS8075, Microsoft Corporation) has been observed in 95 honeypot sessions and reported 1 times targeting TELNET, HTTP, HTTPS protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on February 18, 2026, most recently active March 24, 2026.

$ sikker behaviors 20.8.1.112catalog →

highTelnet Shell Escalation With Busybox Execution Attempt76x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 20.8.1.112

telnet_command_sh77 telnet_command_shell77 telnet_command_system77 telnet_busybox_unknown_applet_invocation77 telnet_command_enable76 http_method_get3 http_path_cgibin_mainfunction_cgi_action_login_keypath_wget_memory_load_mips3

$ sikker reports 20.8.1.112submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 5, 2026, 08:41	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 20.8.1.112

🇳🇱·More threats fromThe Netherlands→AS·More threats fromMicrosoft Corporation→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
135.237.126.76	86%	198
20.102.100.198	91%	211
20.65.193.189	83%	165
135.237.126.221	77%	179
40.124.175.251	87%	180

IP Address	Confidence	Events
89.190.156.45	96%	189
45.153.34.118	97%	1,908
204.76.203.206	92%	35,041
89.190.156.47	96%	209
45.148.10.192	100%	45,092