Check an IP Address, Domain Name, Subnet, or ASN

59.61.87.221 was found in our database!

$ whois 59.61.87.221

country·🇨🇳 China

city·Quanzhou

isp·Chinanet

asn·AS4134

network·Standard

$ sikker risk 59.61.87.221scoring →

confidence

96%Very High

first_seen·Mar 23, 2026

last_seen·1h ago

sessions·27

events·27

$ sikker protocols 59.61.87.221

TELNET

27 / 27

$ sikker summary 59.61.87.221

59.61.87.221 has a threat confidence score of 96%. This IP address from China (AS4134, Chinanet) has been observed in 27 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell breakout with busybox payload execution. First observed on March 23, 2026, most recently active March 23, 2026.

$ sikker behaviors 59.61.87.221catalog →

highTelnet Shell Breakout With Busybox Payload Execution15x

Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.

$ sikker primitives 59.61.87.221

telnet_command_sh26 telnet_command_shell26 telnet_command_system26 telnet_command_linuxshell26 telnet_busybox_unknown_applet_invocation26 telnet_command_enable16

$ sikker related 59.61.87.221

🇨🇳·More threats fromChina→AS·More threats fromChinanet→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
222.212.87.104	92%	504
114.217.34.117	100%	1,196
36.26.30.150	30%	125
106.58.166.77	100%	699
112.66.128.10	23%	1

IP Address	Confidence	Events
112.46.214.111	87%	4,878
47.115.223.248	85%	53,440
222.212.87.104	92%	504
112.46.213.62	72%	54
116.255.215.168	54%	191