115.64.67.16 — TPG Telecom Limited, AU — Very High (95%)

Check an IP Address, Domain Name, Subnet, or ASN

115.64.67.16 was found in our database!

Confidence Level

95%

Very High?

Geolocation

🇦🇺

AustraliaSydney

ISPTPG Telecom Limited

ASNAS7545

Activity Timeline

First seenMar 2, 2026, 12:19 PM

Last seen3d ago

8Sessions

8Events

Protocol Breakdown

SMB

8 / 8

115.64.67.16 has a very high threat confidence level of 95%, originating from Sydney, Australia, on the TPG Telecom Limited network (7545). It has been observed across 8 sessions targeting SMB, with detected attack patterns including smb remcom remote command execution, smb remcom stdout pipe access, First observed on March 2, 2026, most recently active March 2, 2026.

Behaviors

Classified behavioral patterns observed

Smb Remcom Remote Command Execution

very_high2x

Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.

Smb Remcom Stdout Pipe Access

high4x

SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.

Primitives

Individual actions observed

Smb Empty Rpc Call6 Smb Ipc Share Access6 Smb File Create Remcom Std4 Smb Remcom Pipe Open2 Smb Svcctl Pipe Open2 Smb Remcom Named Pipe Communication2

Related Threats

Explore related threat intelligence

🇦🇺More threats fromAustralia ASMore threats fromTPG Telecom Limited SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
115.129.77.206	100%	1,194
59.102.109.3	85%	353
118.211.168.61	30%	2
193.119.68.118	69%	18
59.102.20.74	53%	1

IP Address	Confidence	Events
170.64.170.165	99%	64
170.64.148.73	98%	53
170.64.213.34	99%	109
210.0.90.81	54%	384
170.64.167.72	56%	844