Confidence Level

99%

Very High?

Geolocation

🇹🇼

TaiwanZhongli District

ISPData Communication Business Group

ASNAS3462

Activity Timeline

First seenMar 4, 2026, 06:20 PM

Last seen1h ago

109Sessions

109Events

Protocol Breakdown

TELNET

109 / 109

220.132.63.164 has a very high threat confidence level of 99%, originating from Zhongli District, Taiwan, on the Data Communication Business Group network (3462). It has been observed across 109 sessions targeting TELNET, with detected attack patterns including telnet busybox shell activation with capability check, First observed on March 4, 2026, most recently active March 7, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Busybox Shell Activation With Capability Check

high78x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

Primitives

Individual actions observed

Telnet Command Sh156 Telnet Command Ping78 Telnet Command Shell78 Telnet Command Enable78 Telnet Command System78 Telnet Command Linuxshell78 Telnet Busybox Unknown Applet Invocation78

Related Threats

Explore related threat intelligence

🇹🇼More threats fromTaiwan ASMore threats fromData Communication Business Group TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
111.242.62.250	44%	6
61.222.211.114	100%	760
36.229.240.185	59%	1
211.20.122.135	21%	36
1.172.183.119	35%	3

IP Address	Confidence	Events
213.209.159.159	87%	56,194
124.8.179.190	49%	9
111.242.62.250	44%	6
111.70.25.161	44%	183
60.244.155.109	100%	151