Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
94.75.78.171 has a threat confidence score of 81%. This IP address from Poland (AS9141, Play) has been observed in 23 honeypot sessions and reported 1 times targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 19, 2026, most recently active March 9, 2026.
Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.
| Reporter | Date | Category | Protocol | Comment |
|---|---|---|---|---|
| User | Mar 8, 2026, 09:12 | Brute Force | TELNET | SikkerGuard: 2 blocked packets |