Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
192.42.116.144 has a threat confidence score of 65%. This IP address from The Netherlands (AS215125, Church of Cyberology) has been observed in 46 honeypot sessions targeting POSTGRES, SMB, SSH, HTTPS protocols. This IP is a known Tor exit node. Detected attack patterns include smb authenticated rpc service and account enumeration. First observed on March 7, 2026, most recently active April 17, 2026.
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.