Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
82.167.144.137 has a threat confidence score of 92%. This IP address from Saudi Arabia (AS35753, Etihad Salam Telecom CJSC) has been observed in 7 honeypot sessions targeting SMB, MSSQL protocols. Detected attack patterns include smb remcom remote command execution, smb remcom stdout pipe access. First observed on April 14, 2026, most recently active April 14, 2026.
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
SMB session accessing a RemCom_stdout* named pipe following IPC$ share access, indicating interaction with a RemCom-style remote command execution channel.