Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
45.140.225.62 has a threat confidence score of 99%. This IP address from Iran (AS44285, Sefroyek Pardaz Engineering PJSC) has been observed in 157 honeypot sessions targeting SMB, MSSQL protocols. Detected attack patterns include smb remcom remote command execution, remcom remote execution, smb remcom stdout pipe access. First observed on January 28, 2026, most recently active February 27, 2026.
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.
SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.
Detects authenticated access to the IPC$ administrative share over SMB. This behavior indicates remote interaction with Windows inter-process communication mechanisms and is commonly observed during lateral movement, service enumeration, or preparation for remote command execution.