Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
8.163.58.122 has a threat confidence score of 97%. This IP address from China (AS37963, Hangzhou Alibaba Advertising Co.,Ltd.) has been observed in 41 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell breakout with busybox payload execution, telnet shell escalation with busybox execution attempt. First observed on March 18, 2026, most recently active March 25, 2026.
Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.
Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.