Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
47.245.91.249 has a very high threat confidence level of 92%, originating from Singapore, on the Alibaba US Technology Co., Ltd. network (45102). It has been observed across 30 sessions targeting TELNET, SSH, with detected attack patterns including ssh authorized keys persistence established, telnet shell breakout with busybox payload execution, First observed on January 22, 2026, most recently active March 5, 2026.
Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.
Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.