Confidence Level

91%

Very High?

Geolocation

🇮🇳

IndiaKannur

ISPKerala Vision Broad Band Private Limited

ASNAS138754

Activity Timeline

First seenMar 12, 2026, 04:51 AM

Last seen3h ago

22Sessions

22Events

Protocol Breakdown

MSSQL

19 / 19

SMB

3 / 3

103.175.2.144 has a threat confidence score of 91%. This IP address from India (AS138754, Kerala Vision Broad Band Private Limited) has been observed in 22 honeypot sessions targeting MSSQL, SMB protocols. Detected attack patterns include smb remcom remote command execution, smb remcom stdout pipe access. First observed on March 12, 2026, most recently active March 12, 2026.

Behaviors

Classified behavioral patterns observed

Smb Remcom Remote Command Execution

very_high1x

Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.

Smb Remcom Stdout Pipe Access

high1x

SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.

Primitives

Individual actions observed

Smb Empty Rpc Call2 Smb Ipc Share Access2 Smb Remcom Pipe Open1 Smb Svcctl Pipe Open1 Smb File Create Remcom Std1 Smb Remcom Named Pipe Communication1

Related Threats

Explore related threat intelligence

🇮🇳More threats fromIndia ASMore threats fromKerala Vision Broad Band Private Limited MSSQLMore threats targetingMSSQL SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
103.178.205.54	35%	3
103.99.144.44	35%	3
103.147.208.183	44%	6
103.155.222.60	38%	19
137.59.84.52	53%	191

IP Address	Confidence	Events
122.187.159.30	44%	6
106.222.212.208	82%	24
1.22.218.129	22%	9
203.194.104.190	49%	9
117.255.208.61	92%	17