Loading threats
Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 124.225.88.153 | 100% | 12,376 | 3,821 | 🇨🇳 CN | AS4134 | 2026-04-18 |
| 36.25.240.114 | 99% | 5,210 | 5,210 | 🇨🇳 CN | AS58461 | 2026-04-19 |
| 198.144.189.70 | 99% | 2,936 | 432 | 🇺🇸 US | AS36352 | 2026-03-05 |
| 117.33.163.17 | 98% | 1,091 | 437 | 🇨🇳 CN | AS134768 | 2026-04-10 |
| 180.76.120.11 | 98% | 1,062 | 239 | 🇨🇳 CN | AS38365 | 2026-03-30 |
| 123.117.152.245 | 100% | 1,028 | 898 | 🇨🇳 CN | AS4808 | 2026-04-13 |
| 83.229.127.217 | 99% | 736 | 736 | 🇭🇰 HK | AS139659 | 2026-03-31 |
| 92.39.237.202 | 75% | 650 | 187 | 🇷🇺 RU | AS20807 | 2026-03-03 |
| 186.251.92.162 | 96% | 637 | 35 | 🇧🇷 BR | AS52624 | 2026-03-27 |
| 91.204.250.64 | 100% | 612 | 612 | 🇮🇹 IT | AS203540 | 2026-03-03 |
| 82.28.229.183 | 98% | 517 | 27 | 🇬🇧 GB | AS5089 | 2026-04-18 |
| 90.209.203.20 | 99% | 466 | 110 | 🇬🇧 GB | AS5607 | 2026-03-30 |
| 68.198.155.86 | 100% | 465 | 465 | 🇺🇸 US | AS6128 | 2026-02-24 |
| 106.225.218.43 | 98% | 459 | 459 | 🇨🇳 CN | AS134238 | 2026-04-18 |
| 68.11.116.105 | 79% | 451 | 11 | 🇺🇸 US | AS22773 | 2026-04-16 |
| 200.90.149.211 | 100% | 435 | 227 | 🇧🇴 BO | AS27882 | 2026-02-26 |
| 39.107.136.130 | 99% | 423 | 423 | 🇨🇳 CN | AS37963 | 2026-04-12 |
| 68.197.161.187 | 97% | 422 | 22 | 🇺🇸 US | AS6128 | 2026-04-18 |
| 103.133.122.173 | 99% | 370 | 76 | 🇮🇳 IN | AS138277 | 2026-02-21 |
| 82.208.122.95 | 95% | 344 | 126 | 🇷🇺 RU | AS12389 | 2026-03-17 |