Check an IP Address, Domain Name, Subnet, or ASN

158.255.6.144 was found in our database!

$ whois 158.255.6.144

country·🇷🇺 Russia

city·Moscow

isp·Hostkey B.v.

asn·AS50867

network·Standard

$ sikker risk 158.255.6.144scoring →

confidence

97%Very High

first_seen·Mar 13, 2026

last_seen·8d ago

sessions·61

events·61

$ sikker protocols 158.255.6.144

TELNET

30 / 30

HTTP

27 / 27

HTTPS

4 / 4

$ sikker summary 158.255.6.144

158.255.6.144 has a threat confidence score of 97%. This IP address from Russia (AS50867, Hostkey B.v.) has been observed in 61 honeypot sessions targeting TELNET, HTTP, HTTPS protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 13, 2026, most recently active March 18, 2026.

$ sikker behaviors 158.255.6.144catalog →

highTelnet Shell Escalation With Busybox Execution Attempt21x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 158.255.6.144

telnet_command_sh30 telnet_command_shell30 telnet_command_system30 telnet_busybox_unknown_applet_invocation30 telnet_command_enable21 http_method_get2 https_path_root2

$ sikker related 158.255.6.144

🇷🇺·More threats fromRussia→AS·More threats fromHostkey B.v.→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
194.34.239.217	37%	1
91.218.247.107	75%	3
91.218.112.79	63%	4
31.192.111.118	51%	4
141.105.68.161	94%	17

IP Address	Confidence	Events
188.113.139.36	22%	61
2.63.211.145	79%	20,660
81.29.142.100	100%	29,320
77.40.50.115	29%	110
176.120.22.240	95%	407