Check an IP Address, Domain Name, Subnet, or ASN

176.16.205.27 was found in our database!

$ whois 176.16.205.27

country·🇸🇦 Saudi Arabia

city·Medina

isp·Etihad Etisalat, a joint stock company

asn·AS35819

network·Standard

$ sikker risk 176.16.205.27scoring →

confidence

84%Very High

first_seen·Apr 30, 2026

last_seen·4h ago

sessions·6

events·6

$ sikker protocols 176.16.205.27

TELNET

6 / 6

$ sikker summary 176.16.205.27

176.16.205.27 has a threat confidence score of 84%. This IP address from Saudi Arabia (AS35819, Etihad Etisalat, a joint stock company) has been observed in 6 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on April 30, 2026, most recently active April 30, 2026.

$ sikker behaviors 176.16.205.27catalog →

highTelnet Shell Escalation With Busybox Execution Attempt5x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 176.16.205.27

telnet_command_enable6 telnet_command_system6 telnet_command_sh5 telnet_command_shell5 telnet_busybox_unknown_applet_invocation5

$ sikker related 176.16.205.27

🇸🇦·More threats fromSaudi Arabia→AS·More threats fromEtihad Etisalat, a joint stock company→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
176.16.42.55	86%	7
46.152.144.169	46%	1
176.16.192.2	61%	1
37.126.127.111	35%	3
37.126.48.255	76%	50

IP Address	Confidence	Events
95.177.176.173	67%	5
8.213.50.61	93%	809
78.95.186.121	62%	1
80.238.201.4	33%	1
176.16.42.55	86%	7