Check an IP Address, Domain Name, Subnet, or ASN

216.48.176.84 was found in our database!

$ whois 216.48.176.84

country·🇮🇳 India

isp·282, Sector 19

asn·AS132420

network·Standard

$ sikker risk 216.48.176.84scoring →

confidence

99%Very High

first_seen·Mar 30, 2026

last_seen·22m ago

sessions·402

events·402

$ sikker protocols 216.48.176.84

TELNET

402 / 402

$ sikker summary 216.48.176.84

216.48.176.84 has a threat confidence score of 99%. This IP address from India (AS132420, 282, Sector 19) has been observed in 402 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 30, 2026, most recently active April 20, 2026.

$ sikker behaviors 216.48.176.84catalog →

highTelnet Shell Escalation With Busybox Execution Attempt376x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 216.48.176.84

telnet_command_shell401 telnet_command_system400 telnet_command_sh399 telnet_busybox_unknown_applet_invocation398 telnet_command_enable382

$ sikker related 216.48.176.84

🇮🇳·More threats fromIndia→AS·More threats from282, Sector 19→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
116.204.174.176	86%	29
216.48.180.225	79%	5
164.52.220.153	69%	5
164.52.216.225	23%	1
216.48.176.155	23%	1

IP Address	Confidence	Events
117.252.93.114	49%	474
52.66.69.41	96%	4,655
103.109.181.59	96%	1,436
223.235.64.126	51%	277
59.95.97.197	96%	2,827