159.195.75.46 — netcup GmbH, DE — Very High (99%)

Check an IP Address, Domain Name, Subnet, or ASN

159.195.75.46 was found in our database!

Confidence Level

99%

Very High?

Geolocation

🇩🇪

GermanyNuremberg

ISPnetcup GmbH

ASNAS197540

Activity Timeline

First seenFeb 19, 2026, 12:51 AM

Last seen12d ago

53Sessions

53Events

Protocol Breakdown

TELNET

53 / 53

159.195.75.46 has a very high threat confidence level of 99%, originating from Nuremberg, Germany, on the netcup GmbH network (197540). It has been observed across 53 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on February 19, 2026, most recently active February 19, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high50x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh53 Telnet Command Shell53 Telnet Command System53 Telnet Busybox Unknown Applet Invocation53 Telnet Command Enable50

Related Threats

Explore related threat intelligence

🇩🇪More threats fromGermany ASMore threats fromnetcup GmbH TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
152.53.22.30	82%	17,291
152.53.191.128	84%	43,157
37.120.161.127	40%	3
159.195.51.59	23%	1
152.53.184.147	100%	156,833

IP Address	Confidence	Events
45.84.196.162	100%	2,465
85.215.109.54	97%	46
87.106.147.36	100%	29,289
104.248.242.243	99%	245
146.0.42.48	88%	55,943