Loading threats
Matches Telnet sessions where BusyBox tftp is used in get mode (-g) to retrieve a remote file (-r) from a specified host and write it to stdout (-l-). Writing to - (stdout) is commonly used for inline execution or piping into a shell, making this pattern characteristic of staged payload retrieval during IoT botnet deployment.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 223.123.38.36 | 100% | 26,234 | 1,065 | 🇵🇰 PK | AS138423 | 2026-03-02 |
| 103.184.56.249 | 97% | 25,666 | 196 | 🇮🇩 ID | AS149667 | 2026-02-25 |
| 103.156.221.253 | 97% | 25,219 | 195 | 🇮🇩 ID | AS149667 | 2026-02-26 |
| 103.184.56.241 | 97% | 22,537 | 177 | 🇮🇩 ID | AS149667 | 2026-02-23 |
| 103.224.125.60 | 93% | 5,022 | 37 | 🇮🇩 ID | AS150197 | 2026-02-09 |
| 188.126.240.54 | 76% | 4,464 | 99 | 🇸🇪 SE | AS3301 | 2026-02-28 |
| 81.183.52.47 | 100% | 2,313 | 2,282 | 🇭🇺 HU | AS5483 | 2026-02-27 |
| 182.191.71.74 | 94% | 1,943 | 42 | 🇵🇰 PK | AS17557 | 2026-02-02 |
| 103.156.221.242 | 91% | 1,695 | 30 | 🇮🇩 ID | AS149667 | 2026-03-01 |
| 103.184.56.220 | 84% | 1,592 | 42 | 🇮🇩 ID | AS149667 | 2026-02-19 |
| 27.35.50.9 | 87% | 1,365 | 18 | 🇰🇷 KR | AS9762 | 2026-03-01 |
| 119.179.250.117 | 85% | 1,362 | 25 | 🇨🇳 CN | AS4837 | 2026-02-03 |
| 103.156.221.241 | 92% | 1,340 | 15 | 🇮🇩 ID | AS149667 | 2026-02-01 |
| 121.180.94.240 | 89% | 1,325 | 24 | 🇰🇷 KR | AS4766 | 2026-03-02 |
| 14.38.208.166 | 84% | 1,269 | 24 | 🇰🇷 KR | AS4766 | 2026-03-02 |
| 169.213.136.111 | 83% | 1,219 | 10 | 🇰🇷 KR | AS4766 | 2026-02-13 |
| 59.103.119.99 | 100% | 1,184 | 59 | 🇵🇰 PK | AS9541 | 2026-02-22 |
| 39.61.48.59 | 89% | 1,150 | 25 | 🇵🇰 PK | AS17557 | 2026-02-03 |
| 121.155.148.205 | 85% | 1,139 | 17 | 🇰🇷 KR | AS4766 | 2026-03-01 |
| 82.42.209.185 | 85% | 1,074 | 14 | 🇬🇧 GB | AS5089 | 2026-02-26 |