Check an IP Address, Domain Name, Subnet, or ASN

45.239.203.207 was found in our database!

$ whois 45.239.203.207

country·🇧🇷 Brazil

city·Osasco

isp·MXCONECT SERVICOS DE COMUNICACAO LTDA

asn·AS268468

network·Standard

$ sikker risk 45.239.203.207scoring →

confidence

90%Very High

first_seen·Jan 21, 2026

last_seen·21d ago

sessions·5

events·307

$ sikker protocols 45.239.203.207

TELNET

5 / 307

$ sikker summary 45.239.203.207

45.239.203.207 has a threat confidence score of 90%. This IP address from Brazil (AS268468, MXCONECT SERVICOS DE COMUNICACAO LTDA) has been observed in 5 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt, telnet busybox multi method payload retrieval and execution. First observed on January 21, 2026, most recently active February 25, 2026.

$ sikker behaviors 45.239.203.207catalog →

highTelnet Shell Escalation With Busybox Execution Attempt2x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

highTelnet Busybox Multi Method Payload Retrieval And Execution1x

Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.

$ sikker primitives 45.239.203.207

busybox_applet_enumeration109 busybox_binary_presence_check27 dismissed_primitive.22 shell_fallback_probe10 telnet_command_sh7 telnet_command_shell3 telnet_command_enable3 telnet_command_system3 telnet_busybox_unknown_applet_invocation3 system_shell_entry2 shell_interpreter_probe2 linux_shell_entry_attempt2 network_connectivity_probe2 privileged_mode_enable_attempt2 telnet_command_ping1 telnet_command_linuxshell1 telnet_busybox_wget_execution1 telnet_sh_execute_downloaded_script1 telnet_busybox_ftpget_remote_file_download1 telnet_busybox_tftp_get_remote_file_stdout1

$ sikker related 45.239.203.207

🇧🇷·More threats fromBrazil→AS·More threats fromMXCONECT SERVICOS DE COMUNICACAO LTDA→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.239.203.145	60%	2
45.239.203.211	35%	2
45.239.203.96	56%	2
45.239.203.83	56%	1
45.239.203.202	60%	2

IP Address	Confidence	Events
201.150.150.54	66%	523
190.123.65.197	100%	772
177.52.27.43	95%	814
143.255.92.194	95%	508
186.251.71.202	100%	976