Check an IP Address, Domain Name, Subnet, or ASN

45.239.202.222 was found in our database!

$ whois 45.239.202.222

country·🇧🇷 Brazil

city·Osasco

isp·MXCONECT SERVICOS DE COMUNICACAO LTDA

asn·AS268468

network·Standard

$ sikker risk 45.239.202.222scoring →

confidence

86%Very High

first_seen·Feb 15, 2026

last_seen·15d ago

sessions·6

events·6

$ sikker protocols 45.239.202.222

TELNET

6 / 6

$ sikker summary 45.239.202.222

45.239.202.222 has a threat confidence score of 86%. This IP address from Brazil (AS268468, MXCONECT SERVICOS DE COMUNICACAO LTDA) has been observed in 6 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt, telnet busybox multi method payload retrieval and execution. First observed on February 15, 2026, most recently active March 3, 2026.

$ sikker behaviors 45.239.202.222catalog →

highTelnet Shell Escalation With Busybox Execution Attempt4x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

highTelnet Busybox Multi Method Payload Retrieval And Execution1x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 45.239.202.222

telnet_command_sh9 telnet_command_shell5 telnet_command_enable5 telnet_command_system5 telnet_busybox_unknown_applet_invocation5 telnet_command_ping1 telnet_command_linuxshell1 telnet_busybox_wget_execution1 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1 telnet_curl_remote_script_stdout_execution1

$ sikker related 45.239.202.222

🇧🇷·More threats fromBrazil→AS·More threats fromMXCONECT SERVICOS DE COMUNICACAO LTDA→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.239.203.145	60%	2
45.239.203.211	35%	2
45.239.203.96	56%	2
45.239.203.83	56%	1
45.239.203.202	60%	2

IP Address	Confidence	Events
190.123.65.197	100%	781
177.11.196.79	100%	781
191.54.84.139	23%	1
187.8.120.90	64%	1,254
191.6.25.239	100%	365