Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
103.250.147.207 has a very high threat confidence level of 98%, originating from Ahmedabad, India, on the Gujarat Telelink Pvt Ltd network (45916). It has been observed across 356 sessions targeting MSSQL, SMB, with detected attack patterns including smb remcom remote command execution, remcom remote execution, First observed on February 4, 2026, most recently active February 17, 2026.
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.