Check an IP Address, Domain Name, Subnet, or ASN

8.222.236.85 was found in our database!

$ whois 8.222.236.85

country·🇸🇬 Singapore

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 8.222.236.85scoring →

confidence

99%Very High

first_seen·Jan 28, 2026

last_seen·2h ago

sessions·51

events·132

$ sikker protocols 8.222.236.85

TELNET

21 / 94

SSH

30 / 38

$ sikker summary 8.222.236.85

8.222.236.85 has a threat confidence score of 99%. This IP address from Singapore (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 51 honeypot sessions targeting TELNET, SSH protocols. Detected attack patterns include ssh authorized keys persistence established, telnet shell breakout with busybox payload execution. First observed on January 28, 2026, most recently active March 28, 2026.

$ sikker behaviors 8.222.236.85catalog →

very_highSsh Authorized Keys Persistence Established8x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

highTelnet Shell Breakout With Busybox Payload Execution12x

Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.

mediumSsh Home Ssh Attribute Protection Removal Attempt1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

$ sikker primitives 8.222.236.85

telnet_command_sh14 telnet_command_shell14 telnet_command_system14 telnet_command_linuxshell14 telnet_busybox_unknown_applet_invocation14 telnet_command_enable13 unix_home_ssh_directory_attribute_modification_attempt9 ssh_authorized_keys_replacement_home8 telnet_system_command_invocation1

$ sikker related 8.222.236.85

🇸🇬·More threats fromSingapore→AS·More threats fromAlibaba US Technology Co., Ltd.→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
43.99.27.72	87%	2,132
47.238.76.68	88%	14,632
47.83.114.189	81%	4,789
47.76.27.68	80%	3,016
47.238.152.243	77%	2,577

IP Address	Confidence	Events
134.122.176.8	96%	3,496
139.99.82.70	94%	519
119.28.112.251	86%	21
43.133.59.138	96%	2,426
43.156.13.43	96%	2,390