Confidence Level

56%

Medium?

Geolocation

🇺🇸

United StatesBoydton

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenMar 10, 2026, 06:40 PM

Last seen1h ago

1Sessions

1Events

Protocol Breakdown

TELNET

1 / 1

52.177.84.38 has a moderate threat confidence level of 56%, originating from Boydton, United States, on the Microsoft Corporation network (8075). It has been observed across 1 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on March 10, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Sh1 Telnet Command Shell1 Telnet Command Enable1 Telnet Command System1 Telnet Busybox Unknown Applet Invocation1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMicrosoft Corporation TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
20.49.0.100	97%	60
135.237.126.205	47%	30
20.169.104.255	64%	134
40.119.32.47	64%	129
20.163.10.187	79%	201

IP Address	Confidence	Events
18.218.118.203	100%	23,777
130.12.180.72	91%	18,535
130.12.180.86	91%	18,050
130.12.180.39	91%	18,828
130.12.180.82	91%	18,128