Loading threats
Identifies post-authentication Telnet activity where BusyBox is used to stage a payload via echo redirection into a file, followed by multi-path shell execution (sh/system/linuxshell). Includes supporting commands such as directory navigation, network probing (ping), and firewall manipulation (iptables flush). Represents a scripted dropper-style execution workflow commonly used in automated botnet propagation and remote compromise.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 220.119.14.146 | 87% | 501 | 15 | 🇰🇷 KR | AS4766 | 2026-04-10 |
| 180.189.81.2 | 89% | 219 | 14 | 🇰🇷 KR | AS9770 | 2026-04-14 |
| 68.173.18.170 | 96% | 166 | 20 | 🇺🇸 US | AS12271 | 2026-04-14 |
| 93.40.0.123 | 83% | 4 | 4 | 🇮🇹 IT | AS12874 | 2026-04-10 |
| 80.83.232.77 | 61% | 1 | 1 | 🇷🇺 RU | AS8359 | 2026-04-13 |
| 175.137.55.30 | 61% | 1 | 1 | 🇲🇾 MY | AS4788 | 2026-04-19 |
| 102.223.23.114 | 60% | 1 | 1 | 🇬🇭 GH | AS328659 | 2026-04-17 |