Check an IP Address, Domain Name, Subnet, or ASN

49.176.254.65 was found in our database!

$ whois 49.176.254.65

country·🇦🇺 Australia

city·Perth

isp·Microplex PTY LTD

asn·AS4804

network·Standard

$ sikker risk 49.176.254.65scoring →

confidence

92%Very High

first_seen·Jan 24, 2026

last_seen·24d ago

sessions·20

events·98

$ sikker protocols 49.176.254.65

TELNET

20 / 98

$ sikker summary 49.176.254.65

49.176.254.65 has a threat confidence score of 92%. This IP address from Australia (AS4804, Microplex PTY LTD) has been observed in 20 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox multi method payload retrieval and execution, telnet busybox shell activation with capability check. First observed on January 24, 2026, most recently active February 24, 2026.

$ sikker behaviors 49.176.254.65catalog →

highTelnet Busybox Multi Method Payload Retrieval And Execution6x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 49.176.254.65

telnet_command_sh36 telnet_command_ping8 telnet_command_shell8 telnet_command_enable8 telnet_command_system8 telnet_command_linuxshell8 telnet_busybox_unknown_applet_invocation8 telnet_busybox_wget_execution7 telnet_busybox_ftpget_remote_file_download7 telnet_sh_execute_downloaded_script6 telnet_busybox_tftp_get_remote_file_stdout6 telnet_curl_remote_script_stdout_execution6

$ sikker related 49.176.254.65

🇦🇺·More threats fromAustralia→AS·More threats fromMicroplex PTY LTD→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
106.70.55.246	88%	10
1.41.26.143	19%	30
58.110.246.122	28%	1
114.74.243.231	43%	209
1.43.38.90	58%	1

IP Address	Confidence	Events
122.148.199.165	48%	305
221.121.151.132	95%	486
101.0.104.38	99%	6,948
103.73.64.73	94%	322
210.0.90.82	53%	474