Check an IP Address, Domain Name, Subnet, or ASN

79.49.93.116 was found in our database!

$ whois 79.49.93.116

country·🇮🇹 Italy

city·Acerra

isp·TIM

asn·AS3269

network·Standard

$ sikker risk 79.49.93.116scoring →

confidence

61%High

first_seen·Mar 22, 2026

last_seen·1h ago

sessions·2

events·2

$ sikker protocols 79.49.93.116

TELNET

2 / 2

$ sikker summary 79.49.93.116

79.49.93.116 has a threat confidence score of 61%. This IP address from Italy (AS3269, TIM) has been observed in 2 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on March 22, 2026, most recently active March 22, 2026.

$ sikker behaviors 79.49.93.116catalog →

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 79.49.93.116

telnet_command_sh2 telnet_command_ping1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 telnet_command_linuxshell1 telnet_busybox_unknown_applet_invocation1

$ sikker related 79.49.93.116

🇮🇹·More threats fromItaly→AS·More threats fromTIM→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
79.26.139.233	44%	6
79.62.207.21	76%	2,549
95.247.126.81	78%	10
79.11.172.241	51%	1
94.85.249.225	27%	88

IP Address	Confidence	Events
37.101.133.72	32%	15
95.229.215.152	51%	1
82.134.198.68	17%	27
151.61.244.4	83%	13
83.224.145.240	58%	1