Check an IP Address, Domain Name, Subnet, or ASN

220.119.14.146 was found in our database!

$ whois 220.119.14.146

country·🇰🇷 South Korea

city·Busan

isp·Korea Telecom

asn·AS4766

network·Standard

$ sikker risk 220.119.14.146scoring →

confidence

87%Very High

first_seen·Jan 24, 2026

last_seen·10d ago

sessions·15

events·501

$ sikker protocols 220.119.14.146

TELNET

15 / 501

$ sikker summary 220.119.14.146

220.119.14.146 has a threat confidence score of 87%. This IP address from South Korea (AS4766, Korea Telecom) has been observed in 15 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox echo dropper execution chain, telnet busybox payload execution and cleanup. First observed on January 24, 2026, most recently active April 10, 2026.

$ sikker behaviors 220.119.14.146catalog →

highTelnet Busybox Echo Dropper Execution Chain1x

Identifies post-authentication Telnet activity where BusyBox is used to stage a payload via echo redirection into a file, followed by multi-path shell execution (sh/system/linuxshell). Includes supporting commands such as directory navigation, network probing (ping), and firewall manipulation (iptables flush). Represents a scripted dropper-style execution workflow commonly used in automated botnet propagation and remote compromise.

highTelnet Busybox Payload Execution And Cleanup1x

Identifies post-authentication Telnet activity where an attacker leverages BusyBox to create a payload via echo redirection, enables shell execution, runs commands (sh/system/linuxshell), performs network actions (ping), modifies firewall rules (iptables flush), and removes artifacts via recursive hidden cleanup. Represents full payload staging, execution, and anti-forensics sequence typical of botnet propagation or remote access deployment.

$ sikker primitives 220.119.14.146

telnet_busybox_echo_redirect_file_create77 telnet_shell_execute_writable_hidden_file77 telnet_command_cd76 telnet_busybox_binary_invocation37 telnet_command_sh17 telnet_command_ping7 telnet_command_shell7 telnet_command_enable7 telnet_command_system7 telnet_command_linuxshell7 telnet_command_iptables_flush7 telnet_rm_recursive_hidden_relative_cleanup6 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1 telnet_curl_remote_script_stdout_execution1

$ sikker related 220.119.14.146

🇰🇷·More threats fromSouth Korea→AS·More threats fromKorea Telecom→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
222.103.93.113	96%	7,247
121.136.93.86	67%	5
121.168.139.251	100%	751
211.107.237.13	65%	4
14.48.112.8	43%	300

IP Address	Confidence	Events
222.103.93.113	96%	7,247
121.136.93.86	67%	5
118.219.99.170	79%	590
1.214.179.202	78%	349
121.168.139.251	100%	751