Check an IP Address, Domain Name, Subnet, or ASN

136.55.52.159 was found in our database!

$ whois 136.55.52.159

country·🇺🇸 United States

city·Atlanta

isp·Google Fiber Inc.

asn·AS16591

network·Standard

$ sikker risk 136.55.52.159scoring →

confidence

87%Very High

first_seen·Apr 25, 2026

last_seen·1h ago

sessions·25

events·25

$ sikker protocols 136.55.52.159

TELNET

25 / 25

$ sikker summary 136.55.52.159

136.55.52.159 has a threat confidence score of 87%. This IP address from United States (AS16591, Google Fiber Inc.) has been observed in 25 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on April 25, 2026, most recently active April 25, 2026.

$ sikker behaviors 136.55.52.159catalog →

highTelnet Shell Escalation With Busybox Execution Attempt4x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 136.55.52.159

telnet_command_enable24 telnet_command_system24 telnet_command_shell5 telnet_command_sh4 telnet_busybox_unknown_applet_invocation4

$ sikker related 136.55.52.159

🇺🇸·More threats fromUnited States→AS·More threats fromGoogle Fiber Inc.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
136.56.34.147	50%	557
136.63.27.227	82%	4
136.57.193.229	59%	3
136.33.78.251	84%	356
136.53.99.80	98%	31

IP Address	Confidence	Events
18.191.69.170	31%	72
185.218.138.29	95%	599
207.189.16.214	93%	1,088
64.64.116.19	67%	1,684
130.94.22.238	95%	1,845