Check an IP Address, Domain Name, Subnet, or ASN

8.222.185.214 was found in our database!

$ whois 8.222.185.214

country·🇸🇬 Singapore

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 8.222.185.214scoring →

confidence

91%Very High

first_seen·Jan 25, 2026

last_seen·32m ago

sessions·41

events·77

$ sikker protocols 8.222.185.214

TELNET

13 / 49

SSH

28 / 28

$ sikker summary 8.222.185.214

8.222.185.214 has a threat confidence score of 91%. This IP address from Singapore (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 41 honeypot sessions targeting TELNET, SSH protocols. Detected attack patterns include telnet shell breakout with busybox payload execution, telnet shell escalation with busybox execution attempt. First observed on January 25, 2026, most recently active March 20, 2026.

$ sikker behaviors 8.222.185.214catalog →

highTelnet Shell Breakout With Busybox Payload Execution6x

Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 8.222.185.214

ssh_uname_single_flag_query_via_awk13 telnet_command_sh9 telnet_command_shell9 telnet_command_system9 telnet_busybox_unknown_applet_invocation9 telnet_command_linuxshell8 telnet_command_enable7 ssh_uname_s_v_n_r_m6 ssh_nproc_available_cpu_count6 ssh_uname_machine_architecture5 ssh_lspci_vga_and_3d_controller_enumeration5 ssh_nvidia_smi_product_name_gpu_count_query4 ssh_nvidia_smi_product_name_filter2 telnet_system_command_invocation1

$ sikker related 8.222.185.214

🇸🇬·More threats fromSingapore→AS·More threats fromAlibaba US Technology Co., Ltd.→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.237.191.34	87%	26,923
47.83.114.189	84%	2,848
8.216.133.44	96%	133
43.98.163.124	77%	15
8.210.139.191	84%	2,493

IP Address	Confidence	Events
47.74.213.140	83%	48,439
202.79.174.13	77%	209
134.122.132.101	82%	641
103.141.235.46	96%	143
157.245.207.166	61%	13