Loading threats
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 91.144.21.210 | 100% | 9,301 | 8,510 | 🇸🇾 SY | AS29256 | 2026-03-05 |
| 103.26.82.162 | 94% | 2,098 | 299 | 🇵🇰 PK | AS9541 | 2026-02-13 |
| 188.117.250.192 | 100% | 1,204 | 720 | 🇬🇷 GR | AS57794 | 2026-02-17 |
| 154.50.28.14 | 100% | 1,119 | 300 | 🇰🇭 KH | AS38235 | 2026-02-19 |
| 81.10.42.74 | 100% | 1,086 | 310 | 🇪🇬 EG | AS8452 | 2026-03-02 |
| 39.36.227.74 | 98% | 895 | 895 | 🇵🇰 PK | AS17557 | 2026-03-05 |
| 188.124.250.142 | 100% | 872 | 290 | 🇷🇺 RU | AS201776 | 2026-03-05 |
| 190.215.192.19 | 100% | 827 | 249 | 🇨🇱 CL | AS14259 | 2026-02-22 |
| 81.10.105.2 | 100% | 720 | 178 | 🇪🇬 EG | AS8452 | 2026-02-28 |
| 188.53.62.137 | 100% | 711 | 140 | 🇸🇦 SA | AS39891 | 2026-02-09 |
| 171.254.10.118 | 99% | 576 | 210 | 🇻🇳 VN | AS7552 | 2026-02-10 |
| 218.205.64.41 | 100% | 538 | 310 | 🇨🇳 CN | AS56041 | 2026-03-05 |
| 85.72.48.156 | 99% | 486 | 90 | 🇬🇷 GR | AS6799 | 2026-02-11 |
| 156.204.246.124 | 99% | 432 | 80 | 🇪🇬 EG | AS8452 | 2026-02-04 |
| 202.69.38.82 | 100% | 417 | 169 | 🇵🇰 PK | AS23750 | 2026-03-05 |
| 103.250.147.207 | 98% | 393 | 356 | 🇮🇳 IN | AS45916 | 2026-02-17 |
| 36.64.28.5 | 98% | 386 | 93 | 🇮🇩 ID | AS7713 | 2026-02-22 |
| 202.79.60.37 | 100% | 351 | 351 | 🇳🇵 NP | AS17501 | 2026-03-02 |
| 5.42.224.14 | 100% | 344 | 329 | 🇸🇦 SA | AS35753 | 2026-03-05 |
| 69.63.77.146 | 100% | 324 | 119 | 🇸🇿 SZ | AS19711 | 2026-02-22 |