Check an IP Address, Domain Name, Subnet, or ASN

5.42.113.253 was found in our database!

$ whois 5.42.113.253

country·🇷🇺 Russia

network·Standard

$ sikker risk 5.42.113.253scoring →

confidence

98%Very High

first_seen·Mar 16, 2026

last_seen·1h ago

sessions·83

events·83

$ sikker protocols 5.42.113.253

TELNET

70 / 70

HTTP

13 / 13

$ sikker summary 5.42.113.253

5.42.113.253 has a threat confidence score of 98%. This IP address from Russia has been observed in 83 honeypot sessions targeting TELNET, HTTP protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 16, 2026, most recently active March 21, 2026.

$ sikker behaviors 5.42.113.253catalog →

highTelnet Shell Escalation With Busybox Execution Attempt64x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 5.42.113.253

telnet_command_sh69 telnet_command_shell69 telnet_command_system69 telnet_busybox_unknown_applet_invocation69 telnet_command_enable64

$ sikker related 5.42.113.253

🇷🇺·More threats fromRussia→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
37.77.150.119	95%	13,989
5.101.64.6	100%	2,792
78.36.212.235	41%	2
2.63.211.145	79%	19,960
95.26.98.78	45%	12