Check an IP Address, Domain Name, Subnet, or ASN

73.72.115.182 was found in our database!

$ whois 73.72.115.182

country·🇺🇸 United States

city·Norridge

isp·Comcast Cable Communications, LLC

asn·AS7922

network·Standard

$ sikker risk 73.72.115.182scoring →

confidence

99%Very High

first_seen·Feb 16, 2026

last_seen·3h ago

first_reported·Mar 5, 2026

last_reported·14d ago

sessions·84

events·84

reports·2

$ sikker protocols 73.72.115.182

TELNET

84 / 84 / 2r

$ sikker summary 73.72.115.182

73.72.115.182 has a threat confidence score of 99%. This IP address from United States (AS7922, Comcast Cable Communications, LLC) has been observed in 84 honeypot sessions and reported 2 times targeting TELNET protocols. Detected attack patterns include telnet busybox shell activation with capability check. First observed on February 16, 2026, most recently active April 5, 2026.

$ sikker behaviors 73.72.115.182catalog →

highTelnet Busybox Shell Activation With Capability Check74x

Identifies a Telnet session where BusyBox is leveraged to activate or access a shell environment (sh, shell, system, linuxshell, enable) followed by command capability validation (ping). This pattern reflects deliberate shell breakout and execution-context validation commonly observed in IoT botnets and embedded Linux compromise workflows. The presence of multiple shell invocation variants combined with BusyBox applet usage indicates adaptive execution logic rather than incidental command usage.

$ sikker primitives 73.72.115.182

telnet_command_sh148 telnet_command_ping74 telnet_command_shell74 telnet_command_enable74 telnet_command_system74 telnet_command_linuxshell74 telnet_busybox_unknown_applet_invocation74

$ sikker reports 73.72.115.182submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 06:11	Brute Force	TELNET	SikkerGuard: 2 blocked packets
User	Mar 5, 2026, 14:11	Brute Force	TELNET	SikkerGuard: 2 blocked packets

$ sikker related 73.72.115.182

🇺🇸·More threats fromUnited States→AS·More threats fromComcast Cable Communications, LLC→TELN·More threats targetingTELNET→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
71.225.238.42	69%	2
174.174.118.254	23%	1
73.64.73.161	53%	2
73.107.93.241	90%	3
74.94.234.151	100%	1,013

IP Address	Confidence	Events
209.222.101.54	99%	57,250
208.71.99.184	23%	1
135.222.174.121	96%	36
172.236.228.115	94%	2,066
172.104.11.4	90%	1,825