Check an IP Address, Domain Name, Subnet, or ASN

197.63.226.11 was found in our database!

$ whois 197.63.226.11

country·🇪🇬 Egypt

city·Damanhur

isp·TE Data

asn·AS8452

network·Standard

$ sikker risk 197.63.226.11scoring →

confidence

80%Very High

first_seen·Mar 19, 2026

last_seen·1h ago

sessions·12

events·12

$ sikker protocols 197.63.226.11

SMB

12 / 12

$ sikker summary 197.63.226.11

197.63.226.11 has a threat confidence score of 80%. This IP address from Egypt (AS8452, TE Data) has been observed in 12 honeypot sessions targeting SMB protocols. Detected attack patterns include remcom remote execution. First observed on March 19, 2026, most recently active March 23, 2026.

$ sikker behaviors 197.63.226.11catalog →

highRemcom Remote Execution2x

Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.

mediumSmb Svcctl Pipe Access1x

Composite behavior identifying SMB access to the IPC$ share followed by opening of the SVCCTL named pipe. This pattern indicates interaction with the Windows Service Control Manager over SMB and is commonly observed during remote service enumeration, service manipulation, or preparation for remote service-based execution.

$ sikker primitives 197.63.226.11

smb_ipc_share_access3 smb_svcctl_pipe_open3 smb_empty_rpc_call2 smb_remcom_pipe_open2

$ sikker related 197.63.226.11

🇪🇬·More threats fromEgypt→AS·More threats fromTE Data→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
41.38.96.28	98%	260
41.38.203.146	46%	425
156.212.146.182	35%	3
41.37.184.232	35%	3
196.219.125.58	98%	63

IP Address	Confidence	Events
41.38.96.28	98%	260
41.38.203.146	46%	425
41.68.145.134	54%	242
41.65.226.84	54%	845
156.212.146.182	35%	3