Check an IP Address, Domain Name, Subnet, or ASN

68.72.5.50 was found in our database!

$ whois 68.72.5.50

country·🇺🇸 United States

city·Hollywood

isp·AT&T Enterprises, LLC

asn·AS7018

network·Standard

$ sikker risk 68.72.5.50scoring →

confidence

81%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·18

events·175

$ sikker protocols 68.72.5.50

TELNET

18 / 175

$ sikker summary 68.72.5.50

68.72.5.50 has a threat confidence score of 81%. This IP address from United States (AS7018, AT&T Enterprises, LLC) has been observed in 18 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet busybox payload execution and cleanup. First observed on January 21, 2026, most recently active April 3, 2026.

$ sikker behaviors 68.72.5.50catalog →

highTelnet Busybox Payload Execution And Cleanup2x

Identifies post-authentication Telnet activity where an attacker leverages BusyBox to create a payload via echo redirection, enables shell execution, runs commands (sh/system/linuxshell), performs network actions (ping), modifies firewall rules (iptables flush), and removes artifacts via recursive hidden cleanup. Represents full payload staging, execution, and anti-forensics sequence typical of botnet propagation or remote access deployment.

$ sikker primitives 68.72.5.50

telnet_busybox_echo_redirect_file_create143 telnet_command_cd142 telnet_shell_execute_writable_hidden_file142 telnet_busybox_binary_invocation55 telnet_command_sh29 telnet_command_ping13 telnet_command_shell13 telnet_command_enable13 telnet_command_system13 telnet_command_linuxshell13 telnet_command_iptables_flush13 telnet_rm_recursive_hidden_relative_cleanup13 dismissed_primitive.11 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1 telnet_curl_remote_script_stdout_execution1

$ sikker related 68.72.5.50

🇺🇸·More threats fromUnited States→AS·More threats fromAT&T Enterprises, LLC→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
107.135.117.245	58%	889
12.156.67.18	100%	1,780
99.109.243.42	10%	4
104.182.1.92	33%	20
99.92.204.98	100%	1,086

IP Address	Confidence	Events
130.94.115.133	78%	94
149.28.49.123	64%	42
92.118.39.62	100%	387,058
92.118.39.63	100%	68,238
216.218.206.90	33%	45