Check an IP Address, Domain Name, Subnet, or ASN

103.205.179.202 was found in our database!

$ whois 103.205.179.202

country·🇵🇰 Pakistan

isp·Broadband ISP, FTTH and Cable Service Provider

asn·AS38713

network·Standard

$ sikker risk 103.205.179.202scoring →

confidence

80%Very High

first_seen·Jan 23, 2026

last_seen·3d ago

sessions·95

events·139

$ sikker protocols 103.205.179.202

SMB

80 / 124

MSSQL

15 / 15

$ sikker summary 103.205.179.202

103.205.179.202 has a threat confidence score of 80%. This IP address from Pakistan (AS38713, Broadband ISP, FTTH and Cable Service Provider) has been observed in 95 honeypot sessions targeting SMB, MSSQL protocols. Detected attack patterns include smb remcom remote command execution. First observed on January 23, 2026, most recently active March 18, 2026.

$ sikker behaviors 103.205.179.202catalog →

very_highSmb Remcom Remote Command Execution2x

Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.

$ sikker primitives 103.205.179.202

smb_empty_rpc_call2 smb_ipc_share_access2 smb_remcom_pipe_open2 smb_svcctl_pipe_open2 smb_remcom_named_pipe_communication2

$ sikker related 103.205.179.202

🇵🇰·More threats fromPakistan→AS·More threats fromBroadband ISP, FTTH and Cable Service Provider→SMB·More threats targetingSMB→MSSQ·More threats targetingMSSQL→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
103.25.136.249	30%	95
103.205.178.220	35%	164
103.25.138.165	39%	198
103.205.177.53	39%	4
202.143.127.193	13%	6

IP Address	Confidence	Events
206.135.161.88	100%	21
157.20.146.63	23%	1
175.107.211.157	92%	2
103.86.135.2	74%	4
157.20.146.61	100%	22