Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
211.140.151.8 has a threat confidence score of 100%. This IP address from China (AS56041, China Mobile communications corporation) has been observed in 310 honeypot sessions targeting SMB, MSSQL protocols. Detected attack patterns include smb remcom remote command execution, smb remcom stdout pipe access. First observed on February 3, 2026, most recently active March 20, 2026.
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.
Composite behavior identifying SMB access to the IPC$ share followed by opening of the SVCCTL named pipe. This pattern indicates interaction with the Windows Service Control Manager over SMB and is commonly observed during remote service enumeration, service manipulation, or preparation for remote service-based execution.