Check an IP Address, Domain Name, Subnet, or ASN

193.193.226.230 was found in our database!

$ whois 193.193.226.230

country·🇰🇿 Kazakhstan

city·Kokshetau

isp·astel Jsc

asn·AS8393

network·Standard

$ sikker risk 193.193.226.230scoring →

confidence

80%Very High

first_seen·Mar 4, 2026

last_seen·2d ago

sessions·50

events·50

$ sikker protocols 193.193.226.230

SMB

50 / 50

$ sikker summary 193.193.226.230

193.193.226.230 has a threat confidence score of 80%. This IP address from Kazakhstan (AS8393, astel Jsc) has been observed in 50 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on March 4, 2026, most recently active March 19, 2026.

$ sikker behaviors 193.193.226.230catalog →

highSmb Remote Service Stager Via Mshta4x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 193.193.226.230

smb_svcctl_rpc_bind20 smb_root_read4 smb_samr_rpc_bind4 smb_ipc_share_access4 smb_svcctl_pipe_open4 mshta_vbscript_msiexec_fetch4

$ sikker related 193.193.226.230

🇰🇿·More threats fromKazakhstan→AS·More threats fromastel Jsc→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
213.157.44.82	25%	57
213.157.58.85	23%	34
91.203.21.143	97%	184
213.157.44.83	40%	251
193.193.242.165	25%	70

IP Address	Confidence	Events
89.218.69.66	100%	521
89.218.13.86	78%	11
2.74.192.250	50%	357
213.157.44.82	25%	57
92.55.173.13	30%	2