Check an IP Address, Domain Name, Subnet, or ASN

201.190.178.124 was found in our database!

$ whois 201.190.178.124

country·🇦🇷 Argentina

isp·ARLINK S.A.

asn·AS28075

network·Standard

$ sikker risk 201.190.178.124scoring →

confidence

76%High

first_seen·Feb 21, 2026

last_seen·26d ago

sessions·5

events·5

$ sikker protocols 201.190.178.124

TELNET

5 / 5

$ sikker summary 201.190.178.124

201.190.178.124 has a threat confidence score of 76%. This IP address from Argentina (AS28075, ARLINK S.A.) has been observed in 5 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 21, 2026, most recently active February 26, 2026.

$ sikker behaviors 201.190.178.124catalog →

highTelnet Busybox Shell Activation With Capability Check4x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 201.190.178.124

telnet_command_sh8 telnet_command_ping4 telnet_command_shell4 telnet_command_enable4 telnet_command_system4 telnet_command_linuxshell4 telnet_busybox_unknown_applet_invocation4

$ sikker related 201.190.178.124

🇦🇷·More threats fromArgentina→AS·More threats fromARLINK S.A.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
181.118.80.68	98%	33
201.190.184.136	98%	32
190.113.172.88	98%	41
198.12.41.103	46%	13
201.190.187.165	74%	19

IP Address	Confidence	Events
170.155.12.12	44%	373
200.23.85.24	76%	20
186.158.228.107	76%	20
191.241.142.170	51%	328
190.2.6.199	11%	3