Telnet Busybox Wget Execution

Execution of /bin/busybox wget, leveraging the BusyBox multi-call binary to download remote content. This pattern is commonly observed on embedded Linux systems and IoT devices where BusyBox provides lightweight networking utilities. Its use typically indicates payload retrieval or secondary stage download activity following initial shell access.

Observed IPs

17,601

Avg Confidence

86%

Protocol

TELNET

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
103.93.93.211	100%	142,130	10,966	🇮🇩 ID	AS141140	2026-04-04
161.97.148.194	100%	136,089	60,868	🇫🇷 FR	AS51167	2026-03-12
103.93.93.182	100%	92,312	6,841	🇮🇩 ID	AS141140	2026-04-04
102.212.40.100	100%	57,520	3,466	🇳🇬 NG	AS329244	2026-03-18
130.12.180.106	100%	37,892	2,509	🇺🇸 US	AS202412	2026-03-01
103.13.138.22	100%	31,726	3,100	🇮🇩 ID	AS150215	2026-04-13
223.123.38.36	100%	27,147	1,978	🇵🇰 PK	AS138423	2026-04-17
223.123.38.33	100%	25,311	1,732	🇵🇰 PK	AS138423	2026-04-13
223.123.43.1	100%	24,446	1,583	🇵🇰 PK	AS138423	2026-04-13
223.123.43.69	100%	24,235	1,730	🇵🇰 PK	AS138423	2026-04-18
223.123.43.5	100%	23,915	2,061	🇵🇰 PK	AS138423	2026-04-18
223.123.43.7	100%	23,745	1,648	🇵🇰 PK	AS138423	2026-04-10
223.123.38.34	100%	22,866	1,947	🇵🇰 PK	AS138423	2026-04-18
223.123.38.35	100%	22,352	1,778	🇵🇰 PK	AS138423	2026-04-17
223.123.38.32	100%	22,046	2,024	🇵🇰 PK	AS138423	2026-04-18
223.123.43.0	100%	21,732	1,714	🇵🇰 PK	AS138423	2026-04-14
223.123.43.71	100%	20,246	1,546	🇵🇰 PK	AS138423	2026-04-13
158.94.208.69	100%	19,800	19,673	🇩🇪 DE	AS202412	2026-02-22
223.123.43.6	100%	19,263	1,650	🇵🇰 PK	AS138423	2026-04-16
223.123.43.3	100%	18,746	1,892	🇵🇰 PK	AS138423	2026-04-18