Check an IP Address, Domain Name, Subnet, or ASN

160.3.11.128 was found in our database!

$ whois 160.3.11.128

country·🇺🇸 United States

city·Meridian

isp·CABLE ONE, INC.

asn·AS11492

network·Standard

$ sikker risk 160.3.11.128scoring →

confidence

53%Medium

first_seen·Mar 8, 2026

last_seen·1h ago

sessions·10

events·10

$ sikker protocols 160.3.11.128

SSH

9 / 9

TELNET

1 / 1

$ sikker summary 160.3.11.128

160.3.11.128 has a threat confidence score of 53%. This IP address from United States (AS11492, CABLE ONE, INC.) has been observed in 10 honeypot sessions targeting SSH, TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 8, 2026, most recently active March 30, 2026.

$ sikker behaviors 160.3.11.128catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 160.3.11.128

telnet_command_sh1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 telnet_busybox_unknown_applet_invocation1

$ sikker related 160.3.11.128

🇺🇸·More threats fromUnited States→AS·More threats fromCABLE ONE, INC.→SSH·More threats targetingSSH→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
72.24.210.58	38%	155
160.2.55.183	78%	4
152.37.215.175	76%	6
69.92.153.146	32%	1
174.126.222.110	19%	16

IP Address	Confidence	Events
20.29.21.208	67%	156
162.254.3.130	86%	26,346
45.61.184.223	99%	31,218
192.210.186.10	100%	3,284
172.206.225.82	59%	105