Check an IP Address, Domain Name, Subnet, or ASN

94.113.169.129 was found in our database!

$ whois 94.113.169.129

country·🇨🇿 Czechia

city·Olomouc

isp·Vodafone Czech Republic a.s.

asn·AS16019

network·Standard

$ sikker risk 94.113.169.129scoring →

confidence

83%Very High

first_seen·Feb 16, 2026

last_seen·21d ago

sessions·21

events·21

$ sikker protocols 94.113.169.129

TELNET

21 / 21

$ sikker summary 94.113.169.129

94.113.169.129 has a threat confidence score of 83%. This IP address from Czechia (AS16019, Vodafone Czech Republic a.s.) has been observed in 21 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check, telnet busybox multi method payload retrieval and execution. First observed on February 16, 2026, most recently active March 4, 2026.

$ sikker behaviors 94.113.169.129catalog →

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

highTelnet Busybox Multi Method Payload Retrieval And Execution1x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 94.113.169.129

telnet_command_sh67 telnet_command_shell14 telnet_command_enable14 telnet_command_system14 telnet_command_linuxshell14 telnet_busybox_unknown_applet_invocation14 telnet_command_ping13 telnet_busybox_tftp_get_remote_file_stdout13 telnet_busybox_wget_execution12 telnet_sh_execute_downloaded_script12 telnet_busybox_ftpget_remote_file_download12 telnet_curl_remote_script_stdout_execution1

$ sikker related 94.113.169.129

🇨🇿·More threats fromCzechia→AS·More threats fromVodafone Czech Republic a.s.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
78.44.192.210	100%	609
77.48.187.143	99%	33
46.167.235.212	97%	23
89.176.233.219	30%	2
77.48.29.2	96%	103

IP Address	Confidence	Events
172.71.15.164	7%	15
172.68.213.244	8%	8
172.68.213.245	15%	12
172.71.15.116	13%	3
80.188.223.187	23%	1