Confidence Level

61%

High?

Geolocation

🇺🇸

United StatesBoydton

ISPMicrosoft Corporation

ASNAS8075

Activity Timeline

First seenMar 10, 2026, 12:36 PM

Last seen1h ago

2Sessions

2Events

Protocol Breakdown

TELNET

2 / 2

52.252.27.34 has a high threat confidence level of 61%, originating from Boydton, United States, on the Microsoft Corporation network (8075). It has been observed across 2 sessions targeting TELNET, with detected attack patterns including telnet shell escalation with busybox execution attempt, First observed on March 10, 2026, most recently active March 10, 2026.

Behaviors

Classified behavioral patterns observed

Telnet Shell Escalation With Busybox Execution Attempt

high1x

Telnet session exhibiting privilege escalation and shell breakout commands (enable, system, shell, sh) followed by execution of /bin/busybox with a non-standard or arbitrary applet name. The sequence indicates an attempt to escape restricted CLI environments and execute a staged or randomly named payload via BusyBox. The presence of an unknown BusyBox applet strongly suggests automated bot deployment logic rather than legitimate administrative activity.

Primitives

Individual actions observed

Telnet Command Enable2 Telnet Command System2 Telnet Command Sh1 Telnet Command Shell1 Telnet Busybox Unknown Applet Invocation1

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromMicrosoft Corporation TELNETMore threats targetingTELNET { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
52.177.119.222	79%	7
20.55.88.105	57%	127
4.145.113.4	91%	101
52.165.80.115	86%	165
20.123.146.95	99%	326

IP Address	Confidence	Events
130.12.180.115	91%	16,612
15.204.144.239	99%	20,728
130.12.180.86	91%	16,677
130.12.180.109	91%	16,725
130.12.180.75	91%	16,670