Loading threats
Identifies a Telnet session where an attacker leverages BusyBox utilities to retrieve a remote payload using one or more file transfer mechanisms (e.g., wget, curl, ftpget, or tftp) followed by execution of the downloaded script via sh. This pattern is consistent with IoT botnet propagation and automated malware deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 211.193.186.43 | 77% | 667 | 16 | 🇰🇷 KR | AS4766 | 2026-03-02 |
| 177.107.68.18 | 76% | 506 | 8 | 🇧🇷 BR | AS52862 | 2026-02-20 |
| 200.8.44.77 | 74% | 505 | 9 | 🇻🇪 VE | AS21826 | 2026-02-18 |
| 168.228.15.83 | 74% | 504 | 6 | 🇧🇷 BR | AS264901 | 2026-02-18 |
| 186.73.152.142 | 99% | 455 | 46 | 🇵🇦 PA | AS11556 | 2026-02-22 |
| 125.25.238.174 | 100% | 453 | 453 | 🇹🇭 TH | AS23969 | 2026-02-22 |
| 170.244.72.177 | 98% | 439 | 31 | 🇧🇷 BR | AS266498 | 2026-02-21 |
| 123.252.234.206 | 97% | 435 | 35 | 🇮🇳 IN | AS134540 | 2026-03-02 |
| 74.62.119.58 | 99% | 431 | 334 | 🇺🇸 US | AS11427 | 2026-02-23 |
| 152.230.186.135 | 81% | 427 | 19 | 🇨🇱 CL | AS18822 | 2026-03-02 |
| 45.164.16.235 | 82% | 423 | 15 | 🇦🇷 AR | AS267695 | 2026-02-21 |
| 190.142.159.214 | 79% | 414 | 6 | 🇻🇪 VE | AS21826 | 2026-02-19 |
| 190.112.143.181 | 79% | 412 | 4 | 🇧🇷 BR | AS269708 | 2026-02-18 |
| 45.184.68.82 | 79% | 411 | 3 | 🇧🇷 BR | AS269359 | 2026-02-16 |
| 45.177.28.73 | 75% | 406 | 6 | 🇧🇷 BR | AS268963 | 2026-02-20 |
| 194.39.243.9 | 80% | 397 | 7 | 🇦🇿 AZ | AS203680 | 2026-02-17 |
| 45.179.163.47 | 97% | 384 | 29 | 🇨🇴 CO | AS269743 | 2026-03-03 |
| 103.133.122.173 | 99% | 370 | 76 | 🇮🇳 IN | AS138277 | 2026-02-21 |
| 103.94.82.134 | 99% | 367 | 65 | 🇮🇳 IN | AS138277 | 2026-02-22 |
| 59.102.156.12 | 96% | 316 | 13 | 🇹🇼 TW | AS131596 | 2026-02-28 |