Check an IP Address, Domain Name, Subnet, or ASN

186.209.55.240 was found in our database!

$ whois 186.209.55.240

country·🇧🇷 Brazil

city·Campinas

isp·Net Turbo Telecom

asn·AS53158

network·Standard

$ sikker risk 186.209.55.240scoring →

confidence

91%Very High

first_seen·Feb 16, 2026

last_seen·29d ago

sessions·17

events·17

$ sikker protocols 186.209.55.240

TELNET

17 / 17

$ sikker summary 186.209.55.240

186.209.55.240 has a threat confidence score of 91%. This IP address from Brazil (AS53158, Net Turbo Telecom) has been observed in 17 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check, telnet busybox multi method payload retrieval and execution. First observed on February 16, 2026, most recently active February 20, 2026.

$ sikker behaviors 186.209.55.240catalog →

highTelnet Busybox Shell Activation With Capability Check5x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

highTelnet Busybox Multi Method Payload Retrieval And Execution1x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 186.209.55.240

telnet_command_sh15 telnet_command_ping6 telnet_command_shell6 telnet_command_enable6 telnet_command_system6 telnet_command_linuxshell6 telnet_busybox_unknown_applet_invocation6 telnet_busybox_wget_execution1 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1 telnet_curl_remote_script_stdout_execution1

$ sikker related 186.209.55.240

🇧🇷·More threats fromBrazil→AS·More threats fromNet Turbo Telecom→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
186.209.52.196	100%	217
179.108.83.130	55%	919
186.209.45.18	49%	6
186.209.49.2	41%	27
186.209.54.190	35%	3

IP Address	Confidence	Events
177.101.43.193	49%	9
179.125.24.202	100%	743
167.250.224.25	81%	220
179.191.226.17	71%	4
177.12.183.231	51%	11