Check an IP Address, Domain Name, Subnet, or ASN

52.172.244.12 was found in our database!

$ whois 52.172.244.12

country·🇮🇳 India

city·Pune

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 52.172.244.12scoring →

confidence

98%Very High

first_seen·Mar 5, 2026

last_seen·1h ago

sessions·77

events·77

$ sikker protocols 52.172.244.12

TELNET

55 / 55

HTTP

18 / 18

HTTPS

4 / 4

$ sikker summary 52.172.244.12

52.172.244.12 has a threat confidence score of 98%. This IP address from India (AS8075, Microsoft Corporation) has been observed in 77 honeypot sessions targeting TELNET, HTTP, HTTPS protocols. Detected attack patterns include telnet shell escalation with busybox execution attempt. First observed on March 5, 2026, most recently active March 21, 2026.

$ sikker behaviors 52.172.244.12catalog →

highTelnet Shell Escalation With Busybox Execution Attempt49x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 52.172.244.12

telnet_command_sh55 telnet_command_shell55 telnet_command_system55 telnet_busybox_unknown_applet_invocation55 telnet_command_enable49 http_method_get2 https_path_root2

$ sikker related 52.172.244.12

🇮🇳·More threats fromIndia→AS·More threats fromMicrosoft Corporation→TELN·More threats targetingTELNET→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.65.195.96	89%	216
20.118.209.103	69%	125
20.102.112.104	82%	1,442
20.64.105.196	84%	148
20.163.14.130	89%	160

IP Address	Confidence	Events
202.129.210.54	30%	80
130.250.191.199	100%	782
117.216.33.31	51%	419
49.205.198.2	95%	909
103.157.178.67	26%	30