Check an IP Address, Domain Name, Subnet, or ASN

178.71.209.194 was found in our database!

$ whois 178.71.209.194

country·🇷🇺 Russia

city·St Petersburg

isp·Rostelecom

asn·AS12389

network·Standard

$ sikker risk 178.71.209.194scoring →

confidence

71%High

first_seen·Mar 3, 2026

last_seen·2h ago

sessions·17

events·17

$ sikker protocols 178.71.209.194

TELNET

17 / 17

$ sikker summary 178.71.209.194

178.71.209.194 has a threat confidence score of 71%. This IP address from Russia (AS12389, Rostelecom) has been observed in 17 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 3, 2026, most recently active March 20, 2026.

$ sikker behaviors 178.71.209.194catalog →

highTelnet Shell Escalation With Busybox Execution Attempt3x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 178.71.209.194

telnet_command_enable11 telnet_command_system10 telnet_command_sh4 telnet_command_shell4 telnet_busybox_unknown_applet_invocation4

$ sikker related 178.71.209.194

🇷🇺·More threats fromRussia→AS·More threats fromRostelecom→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
2.63.211.145	79%	19,719
178.44.195.245	32%	23
212.220.71.42	27%	84
178.69.224.233	35%	167
78.36.4.34	16%	16

IP Address	Confidence	Events
89.109.22.192	29%	106
79.126.113.160	35%	3
94.77.14.10	35%	3
81.29.142.100	100%	26,879
2.63.211.145	79%	19,719