Loading threats
Identifies Telnet session activity where the attacker uses BusyBox ftpget to download a remote file from an external FTP server to the local filesystem. This pattern is commonly observed in IoT botnet propagation chains where BusyBox is leveraged to retrieve staged payloads (e.g., shell scripts or binary droppers) from attacker-controlled infrastructure.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 223.123.38.36 | 100% | 26,234 | 1,065 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 103.184.56.249 | 97% | 25,666 | 196 | 🇮🇩 ID | AS149667 | 2026-02-25 |
| 103.156.221.253 | 97% | 25,219 | 195 | 🇮🇩 ID | AS149667 | 2026-02-26 |
| 103.184.56.241 | 97% | 22,537 | 177 | 🇮🇩 ID | AS149667 | 2026-02-23 |
| 158.94.208.69 | 100% | 19,800 | 19,673 | 🇩🇪 DE | AS202412 | 2026-02-22 |
| 195.178.110.241 | 100% | 6,183 | 5,592 | 🇧🇬 BG | AS48090 | 2026-02-20 |
| 103.224.125.60 | 93% | 5,022 | 37 | 🇮🇩 ID | AS150197 | 2026-02-09 |
| 188.126.240.54 | 76% | 4,464 | 99 | 🇸🇪 SE | AS3301 | 2026-02-28 |
| 81.183.52.47 | 100% | 2,313 | 2,282 | 🇭🇺 HU | AS5483 | 2026-02-27 |
| 182.191.71.74 | 94% | 1,943 | 42 | 🇵🇰 PK | AS17557 | 2026-02-02 |
| 103.156.221.242 | 91% | 1,695 | 30 | 🇮🇩 ID | AS149667 | 2026-03-01 |
| 103.184.56.220 | 84% | 1,592 | 42 | 🇮🇩 ID | AS149667 | 2026-02-19 |
| 27.35.50.9 | 87% | 1,365 | 18 | 🇰🇷 KR | AS9762 | 2026-03-01 |
| 119.179.250.117 | 85% | 1,362 | 25 | 🇨🇳 CN | AS4837 | 2026-02-03 |
| 103.156.221.241 | 92% | 1,340 | 15 | 🇮🇩 ID | AS149667 | 2026-02-01 |
| 121.180.94.240 | 89% | 1,325 | 24 | 🇰🇷 KR | AS4766 | 2026-03-02 |
| 14.38.208.166 | 84% | 1,269 | 24 | 🇰🇷 KR | AS4766 | 2026-03-02 |
| 169.213.136.111 | 83% | 1,219 | 10 | 🇰🇷 KR | AS4766 | 2026-02-13 |
| 24.62.16.230 | 82% | 1,188 | 12 | 🇺🇸 US | AS7922 | 2026-02-10 |
| 59.103.119.99 | 100% | 1,184 | 59 | 🇵🇰 PK | AS9541 | 2026-02-22 |