Telnet Busybox Echo Hex Payload Write

Invocation of /bin/busybox echo -e with hexadecimal escape sequences (e.g., \x46\x46\x56...) to reconstruct raw bytes directly in the shell. This pattern is commonly used to rebuild binary payload fragments inline without transferring files in plain form. It differs from base64-encoded blobs and standard BusyBox command usage, indicating deliberate byte-level payload staging.

Observed IPs

11,352

Avg Confidence

98%

Protocol

TELNET

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
103.93.93.211	100%	142,130	10,966	🇮🇩 ID	AS141140	2026-04-04
103.93.93.182	100%	92,312	6,841	🇮🇩 ID	AS141140	2026-04-04
102.212.40.100	100%	57,520	3,466	🇳🇬 NG	AS329244	2026-03-18
103.13.138.22	100%	31,726	3,100	🇮🇩 ID	AS150215	2026-04-13
223.123.38.36	100%	27,147	1,978	🇵🇰 PK	AS138423	2026-04-17
223.123.38.33	100%	25,311	1,732	🇵🇰 PK	AS138423	2026-04-13
223.123.43.1	100%	24,446	1,583	🇵🇰 PK	AS138423	2026-04-13
223.123.43.69	100%	24,235	1,730	🇵🇰 PK	AS138423	2026-04-18
223.123.43.5	100%	23,886	2,032	🇵🇰 PK	AS138423	2026-04-15
223.123.43.7	100%	23,745	1,648	🇵🇰 PK	AS138423	2026-04-10
223.123.38.34	100%	22,866	1,947	🇵🇰 PK	AS138423	2026-04-18
223.123.38.35	100%	22,352	1,778	🇵🇰 PK	AS138423	2026-04-17
223.123.38.32	100%	22,046	2,024	🇵🇰 PK	AS138423	2026-04-18
223.123.43.0	100%	21,732	1,714	🇵🇰 PK	AS138423	2026-04-14
223.123.43.71	100%	20,246	1,546	🇵🇰 PK	AS138423	2026-04-13
223.123.43.6	100%	19,263	1,650	🇵🇰 PK	AS138423	2026-04-16
223.123.43.3	100%	18,746	1,892	🇵🇰 PK	AS138423	2026-04-18
223.123.43.70	100%	17,282	1,561	🇵🇰 PK	AS138423	2026-04-18
223.123.38.37	100%	16,420	2,119	🇵🇰 PK	AS138423	2026-04-16
223.123.43.68	100%	16,141	1,701	🇵🇰 PK	AS138423	2026-04-17