Check an IP Address, Domain Name, Subnet, or ASN

176.125.252.215 was found in our database!

$ whois 176.125.252.215

country·🇮🇹 Italy

city·Volta Mantovana

isp·Open Fiber S.P.A.

asn·AS210218

network·Standard

$ sikker risk 176.125.252.215scoring →

confidence

57%Medium

first_seen·Mar 20, 2026

last_seen·21h ago

sessions·1

events·1

$ sikker protocols 176.125.252.215

TELNET

1 / 1

$ sikker summary 176.125.252.215

176.125.252.215 has a threat confidence score of 57%. This IP address from Italy (AS210218, Open Fiber S.P.A.) has been observed in 1 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on March 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 176.125.252.215catalog →

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 176.125.252.215

telnet_command_sh2 telnet_command_ping1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 telnet_command_linuxshell1 telnet_busybox_unknown_applet_invocation1

$ sikker related 176.125.252.215

🇮🇹·More threats fromItaly→AS·More threats fromOpen Fiber S.P.A.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
212.24.31.96	58%	1
78.40.165.157	43%	1
31.13.194.206	82%	359
164.40.187.145	80%	11

IP Address	Confidence	Events
95.225.188.232	32%	136
93.146.187.44	83%	420
94.35.140.5	42%	4
87.7.68.52	58%	1
83.224.171.149	58%	1