Check an IP Address, Domain Name, Subnet, or ASN

190.113.173.61 was found in our database!

$ whois 190.113.173.61

country·🇦🇷 Argentina

city·Mendoza

isp·ARLINK S.A.

asn·AS28075

network·Standard

$ sikker risk 190.113.173.61scoring →

confidence

89%Very High

first_seen·Feb 16, 2026

last_seen·Feb 19, 2026

sessions·11

events·11

$ sikker protocols 190.113.173.61

TELNET

11 / 11

$ sikker summary 190.113.173.61

190.113.173.61 has a threat confidence score of 89%. This IP address from Argentina (AS28075, ARLINK S.A.) has been observed in 11 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox multi method payload retrieval and execution, telnet busybox shell activation with capability check. First observed on February 16, 2026, most recently active February 19, 2026.

$ sikker behaviors 190.113.173.61catalog →

highTelnet Busybox Multi Method Payload Retrieval And Execution3x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

highTelnet Busybox Shell Activation With Capability Check1x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 190.113.173.61

telnet_command_sh17 telnet_command_ping4 telnet_command_shell4 telnet_command_enable4 telnet_command_system4 telnet_command_linuxshell4 telnet_busybox_unknown_applet_invocation4 telnet_busybox_wget_execution3 telnet_sh_execute_downloaded_script3 telnet_busybox_ftpget_remote_file_download3 telnet_busybox_tftp_get_remote_file_stdout3 telnet_curl_remote_script_stdout_execution3

$ sikker related 190.113.173.61

🇦🇷·More threats fromArgentina→AS·More threats fromARLINK S.A.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
181.118.80.68	98%	33
201.190.184.136	98%	32
190.113.172.88	98%	41
198.12.41.103	46%	13
201.190.187.165	74%	19

IP Address	Confidence	Events
190.221.50.210	25%	56
170.155.12.12	44%	373
200.23.85.24	76%	20
186.158.228.107	76%	20
191.241.142.170	51%	328