Check an IP Address, Domain Name, Subnet, or ASN

197.156.127.57 was found in our database!

$ whois 197.156.127.57

country·🇪🇹 Ethiopia

city·Addis Ababa

isp·Ethiopian Telecommunication Corporation

asn·AS24757

network·Standard

$ sikker risk 197.156.127.57scoring →

confidence

85%Very High

first_seen·Mar 4, 2026

last_seen·18d ago

sessions·48

events·48

$ sikker protocols 197.156.127.57

SMB

48 / 48

$ sikker summary 197.156.127.57

197.156.127.57 has a threat confidence score of 85%. This IP address from Ethiopia (AS24757, Ethiopian Telecommunication Corporation) has been observed in 48 honeypot sessions targeting SMB protocols. First observed on March 4, 2026, most recently active April 6, 2026.

$ sikker behaviors 197.156.127.57catalog →

mediumSmb Svcctl Pipe Access27x

Composite behavior identifying SMB access to the IPC$ share followed by opening of the SVCCTL named pipe. This pattern indicates interaction with the Windows Service Control Manager over SMB and is commonly observed during remote service enumeration, service manipulation, or preparation for remote service-based execution.

$ sikker primitives 197.156.127.57

smb_ipc_share_access27 smb_svcctl_pipe_open27

$ sikker related 197.156.127.57

🇪🇹·More threats fromEthiopia→AS·More threats fromEthiopian Telecommunication Corporation→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
196.189.124.218	48%	465
196.189.59.226	49%	511
196.188.243.240	52%	1,102
197.156.97.198	44%	358
196.188.93.169	100%	1,291

IP Address	Confidence	Events
196.189.124.218	48%	465
196.189.59.226	49%	511
104.23.208.142	3%	10
196.188.243.240	52%	1,102
197.156.97.198	44%	358