Check an IP Address, Domain Name, Subnet, or ASN

121.175.52.154 was found in our database!

$ whois 121.175.52.154

country·🇰🇷 South Korea

city·Sasang-gu

isp·Korea Telecom

asn·AS4766

network·Standard

$ sikker risk 121.175.52.154scoring →

confidence

87%Very High

first_seen·Jan 23, 2026

last_seen·2h ago

first_reported·Mar 21, 2026

last_reported·11d ago

sessions·19

events·309

reports·1

$ sikker protocols 121.175.52.154

TELNET

19 / 309 / 1r

$ sikker summary 121.175.52.154

121.175.52.154 has a threat confidence score of 87%. This IP address from South Korea (AS4766, Korea Telecom) has been observed in 19 honeypot sessions and reported 1 times targeting TELNET protocols. Detected attack patterns include telnet busybox payload execution and cleanup. First observed on January 23, 2026, most recently active April 2, 2026.

$ sikker behaviors 121.175.52.154catalog →

highTelnet Busybox Payload Execution And Cleanup1x

Identifies post-authentication Telnet activity where an attacker leverages BusyBox to create a payload via echo redirection, enables shell execution, runs commands (sh/system/linuxshell), performs network actions (ping), modifies firewall rules (iptables flush), and removes artifacts via recursive hidden cleanup. Represents full payload staging, execution, and anti-forensics sequence typical of botnet propagation or remote access deployment.

$ sikker primitives 121.175.52.154

telnet_command_cd165 telnet_busybox_echo_redirect_file_create165 telnet_shell_execute_writable_hidden_file165 telnet_busybox_binary_invocation61 telnet_command_sh33 telnet_command_ping15 telnet_command_shell15 telnet_command_enable15 telnet_command_system15 telnet_command_linuxshell15 telnet_command_iptables_flush15 telnet_rm_recursive_hidden_relative_cleanup15 dismissed_primitive.11 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1 telnet_curl_remote_script_stdout_execution1

$ sikker reports 121.175.52.154submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 22:11	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 121.175.52.154

🇰🇷·More threats fromSouth Korea→AS·More threats fromKorea Telecom→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
222.107.156.227	100%	1,168
222.99.52.202	51%	478
221.162.135.221	76%	9
203.236.109.13	86%	900
220.93.167.144	57%	464

IP Address	Confidence	Events
27.102.76.8	85%	190
219.248.65.30	51%	456
112.217.188.122	100%	798
221.162.135.221	76%	9
203.236.109.13	86%	900