Check an IP Address, Domain Name, Subnet, or ASN

46.44.13.166 was found in our database!

$ whois 46.44.13.166

country·🇷🇺 Russia

city·Moscow

isp·LLC trc Fiord

asn·AS51369

network·Standard

$ sikker risk 46.44.13.166scoring →

confidence

96%Very High

first_seen·Feb 19, 2026

last_seen·Feb 19, 2026

sessions·27

events·27

$ sikker protocols 46.44.13.166

TELNET

27 / 27

$ sikker summary 46.44.13.166

46.44.13.166 has a threat confidence score of 96%. This IP address from Russia (AS51369, LLC trc Fiord) has been observed in 27 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 19, 2026, most recently active February 19, 2026.

$ sikker behaviors 46.44.13.166catalog →

highTelnet Busybox Shell Activation With Capability Check16x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 46.44.13.166

telnet_command_sh32 telnet_command_ping16 telnet_command_shell16 telnet_command_enable16 telnet_command_system16 telnet_command_linuxshell16 telnet_busybox_unknown_applet_invocation16

$ sikker related 46.44.13.166

🇷🇺·More threats fromRussia→AS·More threats fromLLC trc Fiord→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
46.44.35.80	98%	31
46.44.19.88	23%	1
46.44.41.201	92%	10

IP Address	Confidence	Events
212.113.98.30	100%	14,949
95.71.126.178	40%	269
83.239.84.130	52%	457
82.147.88.2	97%	12,697
78.25.124.115	23%	33