Check an IP Address, Domain Name, Subnet, or ASN

196.96.4.66 was found in our database!

$ whois 196.96.4.66

country·🇰🇪 Kenya

city·Nairobi

isp·SAFARICOM-LIMITED

asn·AS33771

network·Standard

$ sikker risk 196.96.4.66scoring →

confidence

89%Very High

first_seen·Feb 23, 2026

last_seen·24d ago

sessions·186

events·186

$ sikker protocols 196.96.4.66

SMB

186 / 186

$ sikker summary 196.96.4.66

196.96.4.66 has a threat confidence score of 89%. This IP address from Kenya (AS33771, SAFARICOM-LIMITED) has been observed in 186 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on February 23, 2026, most recently active February 24, 2026.

$ sikker behaviors 196.96.4.66catalog →

highSmb Remote Service Stager Via Mshta2x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 196.96.4.66

smb_svcctl_rpc_bind10 smb_root_read2 smb_samr_rpc_bind2 smb_ipc_share_access2 smb_svcctl_pipe_open2 mshta_vbscript_msiexec_fetch2

$ sikker related 196.96.4.66

🇰🇪·More threats fromKenya→AS·More threats fromSAFARICOM-LIMITED→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
105.161.118.10	88%	260
105.165.249.29	44%	6
105.161.12.39	35%	3
196.96.34.11	35%	3
105.161.31.178	46%	7

IP Address	Confidence	Events
105.161.118.10	88%	260
41.76.168.214	49%	9
197.248.83.74	100%	2,879
197.248.207.139	98%	73
41.139.177.151	95%	462