Check an IP Address, Domain Name, Subnet, or ASN

212.19.23.247 was found in our database!

$ whois 212.19.23.247

country·🇷🇺 Russia

city·Khabarovsk

isp·JSC Redcom-lnternet

asn·AS8749

network·Standard

$ sikker risk 212.19.23.247scoring →

confidence

64%High

first_seen·Feb 7, 2026

last_seen·26d ago

sessions·11

events·62

$ sikker protocols 212.19.23.247

TELNET

11 / 62

$ sikker summary 212.19.23.247

212.19.23.247 has a threat confidence score of 64%. This IP address from Russia (AS8749, JSC Redcom-lnternet) has been observed in 11 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on February 7, 2026, most recently active February 22, 2026.

$ sikker behaviors 212.19.23.247catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 212.19.23.247

telnet_command_shell2 telnet_command_enable2 telnet_command_system2 telnet_command_sh1 telnet_system_command_invocation1 telnet_busybox_unknown_applet_invocation1

$ sikker related 212.19.23.247

🇷🇺·More threats fromRussia→AS·More threats fromJSC Redcom-lnternet→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
46.183.134.19	35%	165
212.19.10.9	29%	88
46.183.130.23	46%	7
94.125.48.35	33%	2

IP Address	Confidence	Events
77.94.120.206	100%	7,924
81.29.142.6	100%	20,428
178.206.227.46	31%	114
95.215.0.144	98%	9,965
45.91.64.7	100%	7,255