175.205.37.98 — Korea Telecom, KR — Very High (80%)

Check an IP Address, Domain Name, Subnet, or ASN

175.205.37.98 was found in our database!

Confidence Level

80%

Very High?

Geolocation

🇰🇷

South KoreaCheongju-si

ISPKorea Telecom

ASNAS4766

Activity Timeline

First seenFeb 1, 2026, 10:19 AM

Last seen3h ago

9Sessions

34Events

Protocol Breakdown

TELNET

9 / 34

175.205.37.98 has a very high threat confidence level of 80%, originating from Cheongju-si, South Korea, on the Korea Telecom network (4766). It has been observed across 9 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on February 1, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high6x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh6 Telnet Command Shell6 Telnet Command Enable6 Telnet Command System6 Telnet Busybox Unknown Applet Invocation6 Telnet System Command Invocation1

Related Threats

Explore related threat intelligence

🇰🇷More threats fromSouth Korea ASMore threats fromKorea Telecom TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
14.63.217.28	99%	361
119.201.59.224	53%	401
175.198.18.3	52%	357
218.148.96.14	35%	3
220.80.223.144	100%	1,069

IP Address	Confidence	Events
14.63.217.28	99%	361
119.201.59.224	53%	401
175.198.18.3	52%	357
113.131.175.3	90%	56
58.233.189.186	100%	187