Confidence Level

99%

Very High?

Geolocation

🇺🇸

United StatesLos Angeles

ISPMULTACOM CORPORATION

ASNAS35916

Activity Timeline

First seenFeb 21, 2026, 07:57 PM

Last seen16d ago

82Sessions

82Events

Protocol Breakdown

TELNET

82 / 82

142.171.32.112 has a very high threat confidence level of 99%, originating from Los Angeles, United States, on the MULTACOM CORPORATION network (35916). It has been observed across 82 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on February 21, 2026, most recently active February 22, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high80x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh84 Telnet Command Shell84 Telnet Command System84 Telnet Busybox Unknown Applet Invocation83 Telnet Command Enable80

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMULTACOM CORPORATION TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
142.171.95.117	88%	274
142.171.227.226	83%	9
66.154.124.165	100%	857
148.135.91.153	23%	1
66.154.125.60	100%	772

IP Address	Confidence	Events
192.241.137.129	97%	30
130.12.180.80	97%	20,136
130.12.180.53	91%	19,280
23.94.28.163	97%	1,517
143.198.117.108	99%	52