Check an IP Address, Domain Name, Subnet, or ASN

52.186.182.60 was found in our database!

$ whois 52.186.182.60

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 52.186.182.60scoring →

confidence

88%Very High

first_seen·Jan 20, 2026

last_seen·21m ago

first_reported·Mar 19, 2026

last_reported·3h ago

sessions·117

events·170

reports·2

$ sikker protocols 52.186.182.60

HTTPS

34 / 52

HTTP

22 / 37 / 1r

FTP

10 / 15

SSH

10 / 14 / 1r

MONGODB

7 / 11

TELNET

8 / 10

REDIS

5 / 8

ELASTICSEARCH

6 / 6

SMB

4 / 4

IMAP

4 / 4

SMTP

4 / 4

DOCKER

2 / 4

POSTGRES

1 / 1

$ sikker summary 52.186.182.60

52.186.182.60 has a threat confidence score of 88%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 117 honeypot sessions and reported 2 times targeting HTTPS, HTTP, FTP, SSH, MONGODB and 8 other protocols. First observed on January 20, 2026, most recently active March 22, 2026.

$ sikker behaviors 52.186.182.60catalog →

lowRedis Mglndd Campaign Activity1x

Redis session where the client presents the MGLNDD-prefixed identifier (for example MGLNDD_[ip]_6379) within the connection metadata, indicating activity from a specific automated Redis scanning framework. The behavior is triggered by the previously defined primitive detecting this exact tag pattern and groups sessions attributed to that tooling. The behavior reflects identifiable automated access rather than standard Redis client usage and does not assume additional commands beyond the observable identifier.

infoHttp Root Path Request11x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Upgrade3x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 52.186.182.60

http_method_get12 elastic_http_get_request8 elastic_http_bad_request_path_probe5 ftp_auth_tls4 https_path_root2 redis_mglndd_client_identifier_tag2 ftp_auth_ssl1 docker_get_method1 smtp_ehlo_greeting1 redis_info_lowercase1 http_path_bad_request1 elastic_root_path_probe1

$ sikker reports 52.186.182.60submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 11:49	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 19, 2026, 21:35	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 52.186.182.60

Report IP WHOIS Lookup →

IP Address	Confidence	Events
108.141.37.0	40%	7
20.102.112.104	82%	1,778
20.169.105.96	63%	111
135.237.126.211	67%	109
20.118.232.75	65%	78

IP Address	Confidence	Events
185.218.138.19	97%	5,946
18.97.5.7	50%	58
68.68.101.178	93%	7,896
34.224.87.72	63%	24
18.208.191.195	64%	22