Check an IP Address, Domain Name, Subnet, or ASN

155.212.163.224 was found in our database!

$ whois 155.212.163.224

country·🇷🇺 Russia

isp·JSC IOT

asn·AS29182

network·Standard

$ sikker risk 155.212.163.224scoring →

confidence

95%Very High

first_seen·Mar 12, 2026

last_seen·4d ago

sessions·39

events·39

$ sikker protocols 155.212.163.224

HTTP

16 / 16

HTTPS

13 / 13

TELNET

10 / 10

$ sikker summary 155.212.163.224

155.212.163.224 has a threat confidence score of 95%. This IP address from Russia (AS29182, JSC IOT) has been observed in 39 honeypot sessions targeting HTTP, HTTPS, TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 12, 2026, most recently active March 16, 2026.

$ sikker behaviors 155.212.163.224catalog →

highTelnet Shell Escalation With Busybox Execution Attempt10x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 155.212.163.224

telnet_command_sh10 telnet_command_shell10 telnet_command_enable10 telnet_command_system10 telnet_busybox_unknown_applet_invocation10 http_method_get7 https_path_root7

$ sikker related 155.212.163.224

🇷🇺·More threats fromRussia→AS·More threats fromJSC IOT→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.107.127.19	81%	4
188.120.239.7	30%	2
217.28.220.146	83%	8
62.109.26.13	37%	1
92.63.106.184	51%	4

IP Address	Confidence	Events
212.164.61.202	24%	69
178.141.242.37	100%	11
213.176.247.202	29%	102
94.243.8.218	95%	3
185.55.172.13	22%	37