78.94.226.221 — Vodafone GmbH, DE — Very High (87%)

Check an IP Address, Domain Name, Subnet, or ASN

78.94.226.221 was found in our database!

Confidence Level

87%

Very High?

Geolocation

🇩🇪

GermanyWaiblingen

ISPVodafone GmbH

ASNAS3209

Activity Timeline

First seenJan 24, 2026, 03:07 AM

Last seen17h ago

23Sessions

126Events

Protocol Breakdown

TELNET

23 / 126

78.94.226.221 has a very high threat confidence level of 87%, originating from Waiblingen, Germany, on the Vodafone GmbH network (3209). It has been observed across 23 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on January 24, 2026, most recently active March 4, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high9x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh9 Telnet Command Shell9 Telnet Command Enable9 Telnet Command System9 Telnet Busybox Unknown Applet Invocation9 Telnet System Command Invocation1

Related Threats

Explore related threat intelligence

🇩🇪More threats fromGermany ASMore threats fromVodafone GmbH TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
178.27.90.142	100%	765
78.42.241.233	99%	278
109.91.4.177	100%	327
178.27.104.120	35%	3
188.195.253.194	39%	1

IP Address	Confidence	Events
87.106.147.36	100%	49,445
138.68.101.180	99%	211
89.163.204.62	89%	71,090
209.38.250.97	99%	187
46.101.211.145	99%	103