Check an IP Address, Domain Name, Subnet, or ASN

64.23.170.246 was found in our database!

$ whois 64.23.170.246

country·🇺🇸 United States

city·Santa Clara

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 64.23.170.246scoring →

confidence

90%Very High

first_seen·Mar 16, 2026

last_seen·1h ago

sessions·10

events·10

$ sikker protocols 64.23.170.246

TELNET

10 / 10

$ sikker summary 64.23.170.246

64.23.170.246 has a threat confidence score of 90%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 10 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 16, 2026, most recently active March 16, 2026.

$ sikker behaviors 64.23.170.246catalog →

highTelnet Shell Escalation With Busybox Execution Attempt8x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 64.23.170.246

telnet_command_sh10 telnet_command_shell10 telnet_command_system10 telnet_busybox_unknown_applet_invocation10 telnet_command_enable8

$ sikker related 64.23.170.246

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
143.198.195.114	93%	18
134.199.155.77	19%	14
165.227.168.43	88%	197
188.166.166.54	100%	2,336
161.35.200.198	42%	7

IP Address	Confidence	Events
104.156.226.221	93%	81
162.216.149.195	75%	161
216.73.160.193	74%	135
167.94.138.196	30%	1,766
162.216.149.54	66%	168