Check an IP Address, Domain Name, Subnet, or ASN

197.57.221.135 was found in our database!

$ whois 197.57.221.135

country·🇪🇬 Egypt

city·Cairo

isp·TE Data

asn·AS8452

network·Standard

$ sikker risk 197.57.221.135scoring →

confidence

91%Very High

first_seen·Mar 17, 2026

last_seen·18m ago

sessions·306

events·306

$ sikker protocols 197.57.221.135

SMB

306 / 306

$ sikker summary 197.57.221.135

197.57.221.135 has a threat confidence score of 91%. This IP address from Egypt (AS8452, TE Data) has been observed in 306 honeypot sessions targeting SMB protocols. Detected attack patterns include smb remote service stager via mshta. First observed on March 17, 2026, most recently active March 20, 2026.

$ sikker behaviors 197.57.221.135catalog →

highSmb Remote Service Stager Via Mshta4x

Composite behavior indicating remote lateral movement over SMB followed by service-based execution of a staged payload delivered through mshta invoking msiexec from remote infrastructure. The sequence combines IPC$ share access, SAMR and SVCCTL RPC binding, service control pipe interaction, and remote command execution consistent with administrative service creation or modification to execute a downloaded installer. This pattern is strongly associated with hands-on-keyboard intrusion activity and automated lateral propagation frameworks leveraging Windows service execution for payload deployment.

$ sikker primitives 197.57.221.135

smb_svcctl_rpc_bind20 smb_root_read4 smb_samr_rpc_bind4 smb_ipc_share_access4 smb_svcctl_pipe_open4 mshta_vbscript_msiexec_fetch4

$ sikker related 197.57.221.135

🇪🇬·More threats fromEgypt→AS·More threats fromTE Data→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
156.215.106.166	39%	4
41.35.39.34	97%	51
81.10.26.3	99%	4,344
196.219.125.58	92%	19
156.197.127.166	35%	3

IP Address	Confidence	Events
156.215.106.166	39%	4
196.154.212.221	41%	6
41.35.39.34	97%	51
193.227.11.119	27%	70
81.10.26.3	99%	4,344