109.165.159.134 — Telekomunikacije Republike Srpske akcionarsko drustvo Banja Luka, BA — High (72%)

Check an IP Address, Domain Name, Subnet, or ASN

109.165.159.134 was found in our database!

Confidence Level

72%

High?

Geolocation

🇧🇦

Bosnia and HerzegovinaBanja Luka

ISPTelekomunikacije Republike Srpske akcionarsko drustvo Banja Luka

ASNAS25144

Activity Timeline

First seenFeb 26, 2026, 06:10 PM

Last seen4d ago

4Sessions

4Events

Protocol Breakdown

SMB

4 / 4

109.165.159.134 has a high threat confidence level of 72%, originating from Banja Luka, Bosnia and Herzegovina, on the Telekomunikacije Republike Srpske akcionarsko drustvo Banja Luka network (25144). It has been observed across 4 sessions targeting SMB, with detected attack patterns including remcom remote execution, First observed on February 26, 2026, most recently active February 26, 2026.

Behaviors

Classified behavioral patterns observed

Remcom Remote Execution

high2x

Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.

Primitives

Individual actions observed

Smb Empty Rpc Call2 Smb Ipc Share Access2 Smb Remcom Pipe Open2 Smb Svcctl Pipe Open2

Related Threats

Explore related threat intelligence

🇧🇦More threats fromBosnia and Herzegovina ASMore threats fromTelekomunikacije Republike Srpske akcionarsko drustvo Banja Luka SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
109.165.158.185	35%	3
89.111.237.150	24%	22
109.165.175.134	35%	3
89.111.237.57	46%	7
109.165.157.79	79%	7

IP Address	Confidence	Events
109.165.158.185	46%	7
95.156.191.176	53%	1
89.111.237.150	24%	22
98.159.36.148	35%	3
95.156.163.253	53%	1