Check an IP Address, Domain Name, Subnet, or ASN

176.77.71.177 was found in our database!

$ whois 176.77.71.177

country·🇷🇺 Russia

city·Samara

isp·PJSC MegaFon

asn·AS12714

network·Standard

$ sikker risk 176.77.71.177scoring →

confidence

99%Very High

first_seen·Feb 20, 2026

last_seen·9d ago

sessions·42

events·42

$ sikker protocols 176.77.71.177

TELNET

42 / 42

$ sikker summary 176.77.71.177

176.77.71.177 has a threat confidence score of 99%. This IP address from Russia (AS12714, PJSC MegaFon) has been observed in 42 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check, telnet busybox multi method payload retrieval and execution. First observed on February 20, 2026, most recently active March 10, 2026.

$ sikker behaviors 176.77.71.177catalog →

highTelnet Busybox Shell Activation With Capability Check21x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

highTelnet Busybox Multi Method Payload Retrieval And Execution7x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 176.77.71.177

telnet_command_sh77 telnet_command_ping28 telnet_command_shell28 telnet_command_enable28 telnet_command_system28 telnet_command_linuxshell28 telnet_busybox_unknown_applet_invocation28 telnet_busybox_wget_execution7 telnet_sh_execute_downloaded_script7 telnet_busybox_ftpget_remote_file_download7 telnet_busybox_tftp_get_remote_file_stdout7 telnet_curl_remote_script_stdout_execution7

$ sikker related 176.77.71.177

🇷🇺·More threats fromRussia→AS·More threats fromPJSC MegaFon→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
176.194.111.108	50%	10
95.220.116.254	73%	8
176.106.133.179	16%	11
46.72.112.237	35%	3
79.120.30.97	17%	3

IP Address	Confidence	Events
94.243.11.158	100%	1,009
194.186.195.209	45%	392
82.151.116.76	34%	156
31.23.215.209	23%	1
80.87.206.253	99%	112