Check an IP Address, Domain Name, Subnet, or ASN

5.16.181.160 was found in our database!

$ whois 5.16.181.160

country·🇷🇺 Russia

isp·JSC ER-Telecom Holding

asn·AS31363

network·Standard

$ sikker risk 5.16.181.160scoring →

confidence

100%Very High

first_seen·Feb 16, 2026

last_seen·1d ago

first_reported·Mar 9, 2026

last_reported·1d ago

sessions·47

events·47

reports·3

$ sikker protocols 5.16.181.160

TELNET

47 / 47 / 3r

$ sikker summary 5.16.181.160

5.16.181.160 has a threat confidence score of 100%. This IP address from Russia (AS31363, JSC ER-Telecom Holding) has been observed in 47 honeypot sessions and reported 3 times targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check, telnet busybox multi method payload retrieval and execution. First observed on February 16, 2026, most recently active March 19, 2026.

$ sikker behaviors 5.16.181.160catalog →

highTelnet Busybox Shell Activation With Capability Check17x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

highTelnet Busybox Multi Method Payload Retrieval And Execution13x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 5.16.181.160

telnet_command_sh102 telnet_command_ping31 telnet_command_shell31 telnet_command_enable31 telnet_command_system31 telnet_command_linuxshell31 telnet_busybox_unknown_applet_invocation31 telnet_busybox_wget_execution14 telnet_busybox_ftpget_remote_file_download14 telnet_curl_remote_script_stdout_execution14 telnet_sh_execute_downloaded_script13 telnet_busybox_tftp_get_remote_file_stdout13

$ sikker reports 5.16.181.160submit →

Showing 3 of 3 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 23:16	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 18:15	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 9, 2026, 02:42	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 5.16.181.160

🇷🇺·More threats fromRussia→AS·More threats fromJSC ER-Telecom Holding→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
178.251.140.3	100%	570
5.3.100.152	51%	11
195.91.151.112	32%	1
5.104.203.221	27%	1
5.19.109.43	78%	29

IP Address	Confidence	Events
31.41.121.53	67%	55
212.67.31.143	51%	663
178.178.222.55	51%	402
89.109.13.197	28%	94
45.91.64.7	100%	7,447