106.225.218.43 — CHINANET Jiangx province IDC network, CN — High (69%)

Check an IP Address, Domain Name, Subnet, or ASN

106.225.218.43 was found in our database!

Confidence Level

69%

High?

Geolocation

🇨🇳

China

ISPCHINANET Jiangx province IDC network

ASNAS134238

Activity Timeline

First seenMar 3, 2026, 02:44 PM

Last seen2d ago

2Sessions

2Events

Protocol Breakdown

TELNET

2 / 2

106.225.218.43 has a high threat confidence level of 69%, originating from China, on the CHINANET Jiangx province IDC network network (134238). It has been observed across 2 sessions targeting TELNET, with detected attack patterns including telnet shell breakout with busybox payload execution, First observed on March 3, 2026, most recently active March 3, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Breakout With Busybox Payload Execution

high2x

Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.

Primitives

Individual actions observed

Telnet Command Sh2 Telnet Command Shell2 Telnet Command Enable2 Telnet Command System2 Telnet Command Linuxshell2 Telnet Busybox Unknown Applet Invocation2

Related Threats

Explore related threat intelligence

🇨🇳More threats fromChina ASMore threats fromCHINANET Jiangx province IDC network TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
106.225.192.15	100%	422
106.225.133.217	52%	267
106.227.11.236	99%	505
106.225.216.171	39%	4
59.63.163.2	67%	2,104

IP Address	Confidence	Events
123.52.202.92	88%	654
39.174.42.18	98%	68
139.199.80.137	86%	82,637
60.205.184.249	85%	45,579
115.190.106.110	100%	758