Loading threats
Telnet session exhibiting privilege escalation and shell breakout attempts (enable, system, linuxshell, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The combination indicates an automated attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. This pattern is characteristic of IoT/Linux bot deployment frameworks leveraging BusyBox as a universal execution wrapper.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 124.225.88.153 | 99% | 10,036 | 1,514 | 🇨🇳 CN | AS4134 | 2026-03-02 |
| 198.144.189.70 | 99% | 2,933 | 429 | 🇺🇸 US | AS36352 | 2026-02-27 |
| 8.219.103.247 | 88% | 1,005 | 123 | 🇸🇬 SG | AS45102 | 2026-02-12 |
| 180.76.120.11 | 98% | 994 | 171 | 🇨🇳 CN | AS38365 | 2026-02-26 |
| 117.33.163.17 | 98% | 918 | 264 | 🇨🇳 CN | AS134768 | 2026-03-01 |
| 58.56.135.140 | 79% | 726 | 77 | 🇨🇳 CN | AS4134 | 2026-02-02 |
| 92.39.237.202 | 75% | 641 | 178 | 🇷🇺 RU | AS20807 | 2026-03-01 |
| 186.251.92.162 | 97% | 635 | 33 | 🇧🇷 BR | AS52624 | 2026-02-22 |
| 91.204.250.64 | 100% | 611 | 611 | 🇮🇹 IT | AS203540 | 2026-02-26 |
| 123.117.152.245 | 92% | 586 | 457 | 🇨🇳 CN | AS4808 | 2026-03-01 |
| 68.198.155.86 | 100% | 465 | 465 | 🇺🇸 US | AS6128 | 2026-02-24 |
| 200.90.149.211 | 100% | 435 | 227 | 🇧🇴 BO | AS27882 | 2026-02-26 |
| 90.209.203.20 | 96% | 422 | 66 | 🇬🇧 GB | AS5607 | 2026-03-01 |
| 103.133.122.173 | 99% | 370 | 76 | 🇮🇳 IN | AS138277 | 2026-02-21 |
| 103.122.228.61 | 98% | 336 | 34 | 🇮🇳 IN | AS138292 | 2026-02-23 |
| 82.208.122.95 | 91% | 319 | 101 | 🇷🇺 RU | AS12389 | 2026-03-02 |
| 46.183.122.6 | 100% | 224 | 109 | 🇦🇱 AL | AS56468 | 2026-02-22 |
| 58.162.200.36 | 83% | 202 | 29 | 🇦🇺 AU | AS1221 | 2026-02-25 |
| 24.138.211.253 | 83% | 201 | 5 | 🇵🇷 PR | AS14638 | 2026-02-23 |
| 120.48.13.52 | 73% | 185 | 88 | 🇨🇳 CN | AS38365 | 2026-02-25 |