61.76.136.25 — Korea Telecom, KR — Very High (88%)

Check an IP Address, Domain Name, Subnet, or ASN

61.76.136.25 was found in our database!

Confidence Level

88%

Very High?

Geolocation

🇰🇷

South KoreaSaha-gu

ISPKorea Telecom

ASNAS4766

Activity Timeline

First seenJan 21, 2026, 11:49 AM

Last seen1h ago

99Sessions

123Events

Protocol Breakdown

SSH

99 / 123

61.76.136.25 has a very high threat confidence level of 88%, originating from Saha-gu, South Korea, on the Korea Telecom network (4766). It has been observed across 99 sessions targeting SSH, with detected attack patterns including ssh authorized keys persistence established, First observed on January 21, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Authorized Keys Persistence Established

very_high2x

Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Ssh Home Ssh Attribute Protection Removal Attempt

medium1x

Attempts to remove filesystem attribute protections (e.g., immutable flags via chattr -i/-a) from the user’s ~/.ssh directory. This pattern indicates preparatory activity to modify SSH trust configuration, commonly preceding insertion or replacement of authorized_keys for persistence.

Primitives

Individual actions observed

Unix Home Ssh Directory Attribute Modification Attempt6 Ssh Authorized Keys Replacement Home5 Ssh Cpuinfo Name Count Via Wc3 Ssh Uname Machine Architecture2 Ssh Cpuinfo Model Name Line Count2 Ssh Passwd Stdin Password Change Pipeline2 Ssh Top Interactive Process Monitor Invocation2 Ssh Passwd Noninteractive Stdin Password Change2 Ssh Whoami User Identity1 Ssh Lscpu Model Field Filter1 Ssh Crontab List Current User1 Ssh W Logged In Users Enumeration1 Ssh Free Mem Multi Field Extraction Mb1 Ssh Df Head Second Line Field Extraction1 Ssh Cpuinfo Model Field Subset Extraction1 Ssh Ls Binary Path Resolution And Metadata Listing1

Related Threats

Explore related threat intelligence

🇰🇷More threats fromSouth Korea ASMore threats fromKorea Telecom SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
175.205.37.98	80%	34
119.195.89.159	100%	172
121.168.139.251	98%	78
59.5.176.151	100%	316
218.150.226.104	26%	2

IP Address	Confidence	Events
115.86.227.79	39%	203
132.226.22.31	99%	66
211.178.165.251	55%	392
211.213.96.6	100%	473
175.123.252.126	100%	665