Check an IP Address, Domain Name, Subnet, or ASN

211.198.197.93 was found in our database!

$ whois 211.198.197.93

country·🇰🇷 South Korea

city·Gwangsan-gu

isp·Korea Telecom

asn·AS4766

network·Standard

$ sikker risk 211.198.197.93scoring →

confidence

100%Very High

first_seen·Apr 8, 2026

last_seen·4h ago

sessions·1,708

events·1,708

$ sikker protocols 211.198.197.93

MYSQL

1,708 / 1,708

$ sikker summary 211.198.197.93

211.198.197.93 has a threat confidence score of 100%. This IP address from South Korea (AS4766, Korea Telecom) has been observed in 1,708 honeypot sessions targeting MYSQL protocols. Detected attack patterns include mysql udf exiles exe staged execution. First observed on April 8, 2026, most recently active April 12, 2026.

$ sikker behaviors 211.198.197.93catalog →

very_highMysql Udf Exiles Exe Staged Execution211x

Sequence where a MySQL UDF is created from a shared library (multiple variants observed), followed by invocation of functions such as downloader/xpdl3 to retrieve the exiles.exe payload and write it to a Windows path. Includes prior environment probing via SELECT @@version_comment.

$ sikker primitives 211.198.197.93

$ sikker related 211.198.197.93

🇰🇷·More threats fromSouth Korea→AS·More threats fromKorea Telecom→MYSQ·More threats targetingMYSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
121.189.226.81	49%	441
222.103.93.113	96%	5,347
14.37.160.15	100%	447
221.159.150.85	100%	1,229
218.159.8.97	71%	6

IP Address	Confidence	Events
1.176.134.235	95%	35
121.189.226.81	49%	441
182.209.122.129	23%	1
27.102.76.8	96%	1,971
1.247.245.61	51%	522