Check an IP Address, Domain Name, Subnet, or ASN

52.151.209.14 was found in our database!

$ whois 52.151.209.14

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 52.151.209.14scoring →

confidence

61%High

first_seen·Mar 28, 2026

last_seen·1h ago

sessions·2

events·2

$ sikker protocols 52.151.209.14

TELNET

2 / 2

$ sikker summary 52.151.209.14

52.151.209.14 has a threat confidence score of 61%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 2 honeypot sessions targeting TELNET protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 28, 2026, most recently active March 28, 2026.

$ sikker behaviors 52.151.209.14catalog →

highTelnet Shell Escalation With Busybox Execution Attempt1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

$ sikker primitives 52.151.209.14

telnet_command_sh2 telnet_command_shell2 telnet_command_system2 telnet_busybox_unknown_applet_invocation2 telnet_command_enable1

$ sikker related 52.151.209.14

🇺🇸·More threats fromUnited States→AS·More threats fromMicrosoft Corporation→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.169.104.253	85%	188
74.241.251.207	95%	1,145
130.131.161.17	66%	103
20.65.195.46	86%	210
172.203.134.70	100%	83

IP Address	Confidence	Events
107.20.126.125	55%	21
45.61.184.223	99%	23,564
92.118.39.87	100%	258,239
64.62.156.66	100%	1,572
18.116.101.220	100%	36,305