Check an IP Address, Domain Name, Subnet, or ASN

168.228.102.29 was found in our database!

$ whois 168.228.102.29

country·🇧🇷 Brazil

city·São José do Egito

isp·Provedor de Internet

asn·AS61684

network·Standard

$ sikker risk 168.228.102.29scoring →

confidence

57%Medium

first_seen·Feb 19, 2026

last_seen·Feb 19, 2026

sessions·1

events·1

$ sikker protocols 168.228.102.29

TELNET

1 / 1

$ sikker summary 168.228.102.29

168.228.102.29 has a threat confidence score of 57%. This IP address from Brazil (AS61684, Provedor de Internet) has been observed in 1 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 19, 2026, most recently active February 19, 2026.

$ sikker behaviors 168.228.102.29catalog →

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 168.228.102.29

telnet_command_sh2 telnet_command_ping1 telnet_command_shell1 telnet_command_enable1 telnet_command_system1 telnet_command_linuxshell1 telnet_busybox_unknown_applet_invocation1

$ sikker related 168.228.102.29

🇧🇷·More threats fromBrazil→AS·More threats fromProvedor de Internet→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
168.228.100.54	51%	1
168.228.102.84	51%	1

IP Address	Confidence	Events
177.190.67.44	77%	159
186.233.118.22	100%	853
177.69.93.110	23%	1
177.36.220.22	100%	239
201.150.150.54	63%	576