Loading threats
Identifies post-authentication Telnet activity where an attacker leverages BusyBox to create a payload via echo redirection, enables shell execution, runs commands (sh/system/linuxshell), performs network actions (ping), modifies firewall rules (iptables flush), and removes artifacts via recursive hidden cleanup. Represents full payload staging, execution, and anti-forensics sequence typical of botnet propagation or remote access deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 68.197.161.187 | 87% | 411 | 11 | 🇺🇸 US | AS6128 | 2026-03-31 |
| 123.241.104.185 | 75% | 155 | 11 | 🇹🇼 TW | AS131596 | 2026-03-31 |
| 87.250.4.180 | 68% | 11 | 11 | 🇷🇺 RU | AS3226 | 2026-03-31 |
| 2.34.116.184 | 63% | 2 | 2 | 🇮🇹 IT | AS30722 | 2026-03-31 |
| 1.171.142.206 | 62% | 1 | 1 | 🇹🇼 TW | AS3462 | 2026-03-31 |