Check an IP Address, Domain Name, Subnet, or ASN

2.211.190.178 was found in our database!

$ whois 2.211.190.178

country·🇩🇪 Germany

city·Stuttgart

isp·Telefonica Germany

asn·AS6805

network·Standard

$ sikker risk 2.211.190.178scoring →

confidence

71%High

first_seen·Feb 21, 2026

last_seen·28d ago

sessions·3

events·3

$ sikker protocols 2.211.190.178

TELNET

3 / 3

$ sikker summary 2.211.190.178

2.211.190.178 has a threat confidence score of 71%. This IP address from Germany (AS6805, Telefonica Germany) has been observed in 3 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on February 21, 2026, most recently active February 21, 2026.

$ sikker behaviors 2.211.190.178catalog →

highTelnet Shell Escalation With Busybox Execution Attempt2x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 2.211.190.178

telnet_command_sh3 telnet_command_shell3 telnet_command_enable3 telnet_command_system3 telnet_busybox_unknown_applet_invocation3

$ sikker related 2.211.190.178

🇩🇪·More threats fromGermany→AS·More threats fromTelefonica Germany→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
2.215.161.87	76%	20
77.188.170.91	69%	2
77.11.117.183	58%	1
77.191.49.78	69%	2
77.14.43.16	58%	1

IP Address	Confidence	Events
49.51.169.239	96%	2,622
43.131.57.101	96%	2,863
47.87.140.88	91%	346
213.202.219.124	69%	11
146.0.42.48	87%	61,965