Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
180.76.120.11 has a very high threat confidence level of 98%, originating from China, on the Beijing Baidu Netcom Science and Technology Co., Ltd. network (38365). It has been observed across 171 sessions targeting TELNET, with detected attack patterns including telnet shell breakout with busybox payload execution, First observed on January 22, 2026, most recently active February 26, 2026.
Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.