Check an IP Address, Domain Name, Subnet, or ASN

178.211.153.109 was found in our database!

$ whois 178.211.153.109

country·🇷🇺 Russia

isp·Grand Ltd

asn·AS56340

network·Standard

$ sikker risk 178.211.153.109scoring →

confidence

91%Very High

first_seen·Feb 21, 2026

last_seen·27d ago

sessions·10

events·10

$ sikker protocols 178.211.153.109

TELNET

10 / 10

$ sikker summary 178.211.153.109

178.211.153.109 has a threat confidence score of 91%. This IP address from Russia (AS56340, Grand Ltd) has been observed in 10 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 21, 2026, most recently active February 21, 2026.

$ sikker behaviors 178.211.153.109catalog →

highTelnet Busybox Shell Activation With Capability Check9x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 178.211.153.109

telnet_command_sh18 telnet_command_ping9 telnet_command_shell9 telnet_command_enable9 telnet_command_system9 telnet_command_linuxshell9 telnet_busybox_unknown_applet_invocation9

$ sikker related 178.211.153.109

🇷🇺·More threats fromRussia→AS·More threats fromGrand Ltd→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.91.107.76	60%	26
77.91.108.143	49%	323
5.35.52.241	98%	96
109.248.217.167	23%	1
5.101.12.35	22%	8

IP Address	Confidence	Events
62.183.82.70	52%	435
193.143.1.23	77%	69
82.208.122.218	31%	121
62.148.137.18	36%	191
81.29.142.100	100%	27,392