Check an IP Address, Domain Name, Subnet, or ASN

5.141.25.246 was found in our database!

$ whois 5.141.25.246

country·🇷🇺 Russia

isp·Rostelecom

asn·AS12389

network·Standard

$ sikker risk 5.141.25.246scoring →

confidence

60%High

first_seen·Jan 28, 2026

last_seen·1h ago

sessions·14

events·14

$ sikker protocols 5.141.25.246

SMB

14 / 14

$ sikker summary 5.141.25.246

5.141.25.246 has a threat confidence score of 60%. This IP address from Russia (AS12389, Rostelecom) has been observed in 14 honeypot sessions targeting SMB protocols. Detected attack patterns include remcom remote execution. First observed on January 28, 2026, most recently active March 26, 2026.

$ sikker behaviors 5.141.25.246catalog →

highRemcom Remote Execution2x

Sequential SMB session opening IPC$, accessing the svcctl pipe, issuing an RPC call, then opening the RemCom_communicaton pipe. Indicates remote service-based command execution.

$ sikker primitives 5.141.25.246

smb_empty_rpc_call2 smb_ipc_share_access2 smb_remcom_pipe_open2 smb_svcctl_pipe_open2

$ sikker related 5.141.25.246

🇷🇺·More threats fromRussia→AS·More threats fromRostelecom→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
2.63.211.145	79%	20,609
2.63.250.45	21%	12
95.37.245.51	41%	6
90.150.252.179	33%	10
178.45.202.213	44%	29

IP Address	Confidence	Events
176.99.138.210	38%	228
77.94.120.206	100%	8,317
89.189.154.112	36%	208
92.101.192.250	38%	249
94.230.136.33	99%	232