Loading threats
Identifies PsExec/RemCom-style remote command execution over SMB, involving IPC$ share access, service control manager pipe interaction (svcctl), and communication via the RemCom named pipe. This behavior reflects authenticated lateral movement and remote process execution through Windows administrative shares.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 219.130.137.68 | 100% | 6,993 | 2,143 | 🇨🇳 CN | AS136199 | 2026-04-18 |
| 188.117.250.192 | 100% | 1,863 | 1,379 | 🇬🇷 GR | AS57794 | 2026-04-01 |
| 81.10.42.74 | 100% | 1,086 | 310 | 🇪🇬 EG | AS8452 | 2026-03-02 |
| 188.124.250.142 | 100% | 996 | 414 | 🇷🇺 RU | AS201776 | 2026-04-02 |
| 47.243.150.134 | 100% | 904 | 902 | 🇭🇰 HK | AS45102 | 2026-04-10 |
| 190.215.192.19 | 100% | 827 | 249 | 🇨🇱 CL | AS14259 | 2026-02-22 |
| 81.10.105.2 | 96% | 802 | 260 | 🇪🇬 EG | AS8452 | 2026-04-12 |
| 122.52.203.208 | 100% | 762 | 468 | 🇵🇭 PH | AS9299 | 2026-04-17 |
| 202.79.60.37 | 100% | 720 | 720 | 🇳🇵 NP | AS17501 | 2026-04-19 |
| 39.36.251.171 | 99% | 719 | 719 | 🇵🇰 PK | AS17557 | 2026-04-17 |
| 202.141.250.180 | 98% | 696 | 696 | 🇵🇰 PK | AS9260 | 2026-04-13 |
| 218.205.64.41 | 100% | 653 | 425 | 🇨🇳 CN | AS56041 | 2026-04-19 |
| 5.42.224.14 | 100% | 578 | 563 | 🇸🇦 SA | AS35753 | 2026-03-25 |
| 113.161.161.232 | 100% | 537 | 493 | 🇻🇳 VN | AS45899 | 2026-03-31 |
| 202.69.38.82 | 96% | 492 | 244 | 🇵🇰 PK | AS23750 | 2026-04-16 |
| 103.250.147.207 | 99% | 446 | 409 | 🇮🇳 IN | AS45916 | 2026-03-28 |
| 193.227.16.243 | 100% | 409 | 409 | 🇪🇬 EG | AS2561 | 2026-04-12 |
| 36.64.28.5 | 99% | 393 | 100 | 🇮🇩 ID | AS7713 | 2026-03-15 |
| 103.230.107.236 | 100% | 391 | 375 | 🇧🇩 BD | AS45925 | 2026-04-14 |
| 41.33.161.161 | 100% | 390 | 258 | 🇪🇬 EG | AS8452 | 2026-03-18 |