Check an IP Address, Domain Name, Subnet, or ASN

180.196.118.74 was found in our database!

$ whois 180.196.118.74

country·🇯🇵 Japan

city·Numazu

isp·Chubu Telecommunications Company, Inc.

asn·AS18126

network·Standard

$ sikker risk 180.196.118.74scoring →

confidence

87%Very High

first_seen·Jan 21, 2026

last_seen·2d ago

sessions·4

events·21

$ sikker protocols 180.196.118.74

TELNET

4 / 21

$ sikker summary 180.196.118.74

180.196.118.74 has a threat confidence score of 87%. This IP address from Japan (AS18126, Chubu Telecommunications Company, Inc.) has been observed in 4 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt, interactive execution and privilege probe. First observed on January 21, 2026, most recently active March 19, 2026.

$ sikker behaviors 180.196.118.74catalog →

highTelnet Shell Escalation With Busybox Execution Attempt2x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

highInteractive Execution And Privilege Probe1x

Post_auth reconnaissance and escalation behavior that sequentially establishes shell access, probes available interpreters and BusyBox tooling, and attempts to enter privileged execution mode to determine full command and control capabilities of the target environment

mediumExecution Environment Capability Discovery1x

Post_auth reconnaissance behavior that probes for available shell interpreters and BusyBox functionality to determine execution pathways, tooling availability, and compatibility for follow-on scripted actions

$ sikker primitives 180.196.118.74

telnet_command_sh2 system_shell_entry2 shell_fallback_probe2 telnet_command_shell2 telnet_command_enable2 telnet_command_system2 shell_interpreter_probe2 busybox_applet_enumeration2 telnet_busybox_unknown_applet_invocation2 privileged_mode_enable_attempt1

$ sikker related 180.196.118.74

🇯🇵·More threats fromJapan→AS·More threats fromChubu Telecommunications Company, Inc.→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
14.132.137.55	82%	57
115.37.205.170	40%	3
123.48.142.249	100%	853
180.198.88.16	14%	6
113.155.22.210	82%	203

IP Address	Confidence	Events
58.98.197.137	100%	1,600
109.123.229.247	59%	13
155.248.164.42	100%	1,347
111.67.132.204	95%	1,541
43.163.214.177	97%	2,176