Loading threats
Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 43.99.2.194 | 92% | 11,799 | 11,792 | 🇭🇰 HK | AS45102 | 2026-04-16 |
| 134.185.117.241 | 100% | 8,021 | 2,824 | 🇰🇷 KR | AS31898 | 2026-04-16 |
| 117.50.245.253 | 100% | 7,952 | 3,120 | 🇨🇳 CN | AS4808 | 2026-04-16 |
| 49.88.156.34 | 99% | 7,105 | 5,098 | 🇨🇳 CN | AS4134 | 2026-04-16 |
| 43.99.82.108 | 91% | 6,057 | 6,057 | 🇭🇰 HK | AS45102 | 2026-04-16 |
| 45.137.201.177 | 99% | 5,646 | 1,686 | 🇮🇹 IT | AS211507 |
| 2026-04-13 |
| 112.46.214.46 | 94% | 5,552 | 286 | 🇨🇳 CN | AS9808 | 2026-04-14 |
| 150.246.249.149 | 99% | 4,265 | 2,285 | 🇯🇵 JP | AS2527 | 2026-04-16 |
| 112.46.213.205 | 90% | 4,156 | 91 | 🇨🇳 CN | AS9808 | 2026-04-02 |
| 136.117.113.217 | 99% | 4,118 | 1,875 | 🇺🇸 US | AS396982 | 2026-02-27 |
| 61.77.88.90 | 100% | 3,998 | 1,439 | 🇰🇷 KR | AS4766 | 2026-04-16 |
| 173.249.33.181 | 99% | 3,134 | 886 | 🇫🇷 FR | AS51167 | 2026-03-28 |
| 49.232.42.214 | 100% | 3,068 | 1,154 | 🇨🇳 CN | AS45090 | 2026-04-16 |
| 112.46.212.206 | 91% | 2,758 | 147 | 🇨🇳 CN | AS9808 | 2026-04-09 |
| 112.46.214.86 | 93% | 2,755 | 352 | 🇨🇳 CN | AS9808 | 2026-04-15 |
| 211.103.49.162 | 91% | 2,645 | 1,863 | 🇨🇳 CN | AS56046 | 2026-02-27 |
| 43.142.113.25 | 100% | 2,628 | 1,055 | 🇨🇳 CN | AS45090 | 2026-04-05 |
| 112.46.213.186 | 92% | 2,487 | 130 | 🇨🇳 CN | AS9808 | 2026-04-09 |
| 112.46.212.195 | 89% | 2,459 | 118 | 🇨🇳 CN | AS9808 | 2026-04-06 |
| 112.46.212.55 | 90% | 2,456 | 172 | 🇨🇳 CN | AS9808 | 2026-04-15 |