Check an IP Address, Domain Name, Subnet, or ASN

2.179.186.248 was found in our database!

$ whois 2.179.186.248

country·🇮🇷 Iran

isp·Iran Telecommunication Company PJS

asn·AS58224

network·Standard

$ sikker risk 2.179.186.248scoring →

confidence

90%Very High

first_seen·Jan 31, 2026

last_seen·19d ago

sessions·128

events·156

$ sikker protocols 2.179.186.248

SMB

128 / 156

$ sikker summary 2.179.186.248

2.179.186.248 has a threat confidence score of 90%. This IP address from Iran (AS58224, Iran Telecommunication Company PJS) has been observed in 128 honeypot sessions targeting SMB protocols. Detected attack patterns include remcom remote execution. First observed on January 31, 2026, most recently active February 27, 2026.

$ sikker behaviors 2.179.186.248catalog →

highRemcom Remote Execution6x

Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.

mediumSmb Ipc Administrative Share Access1x

Detects authenticated access to the IPC$ administrative share over SMB. This behavior indicates remote interaction with Windows inter-process communication mechanisms and is commonly observed during lateral movement, service enumeration, or preparation for remote command execution.

$ sikker primitives 2.179.186.248

smb_ipc_share_access7 smb_empty_rpc_call6 smb_remcom_pipe_open6 smb_svcctl_pipe_open6

$ sikker related 2.179.186.248

🇮🇷·More threats fromIran→AS·More threats fromIran Telecommunication Company PJS→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
2.187.7.12	18%	12
80.250.198.126	44%	6
217.219.186.16	37%	3
78.39.112.101	35%	3
217.218.249.122	94%	96

IP Address	Confidence	Events
77.90.185.17	92%	22,218
62.60.130.21	85%	20
178.252.178.210	22%	44
185.93.89.134	79%	78
77.90.185.18	81%	1,684