Confidence Level

61%

High?

Geolocation

🇯🇵

Japan

ISPNTT PC Communications, Inc.

ASNAS2514

Activity Timeline

First seenJan 23, 2026, 12:16 PM

Last seen6h ago

11Sessions

14Events

Protocol Breakdown

TELNET

11 / 14

133.232.75.86 has a high threat confidence level of 61%, originating from Japan, on the NTT PC Communications, Inc. network (2514). It has been observed across 11 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on January 23, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high2x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Enable4 Telnet Command System3 Telnet Command Sh2 Telnet Command Shell2 Telnet Busybox Unknown Applet Invocation2

Related Threats

Explore related threat intelligence

🇯🇵More threats fromJapan ASMore threats fromNTT PC Communications, Inc.TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
157.120.0.12	54%	652
111.89.22.81	51%	1
111.89.113.29	68%	2
128.53.174.171	72%	4
1.33.30.125	83%	440

IP Address	Confidence	Events
150.249.252.237	54%	413
139.162.117.40	52%	530
103.213.244.180	59%	516
114.166.103.200	59%	3
150.246.249.149	99%	3,097