Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
192.42.116.45 has a threat confidence score of 70%. This IP address from The Netherlands (AS215125, Church of Cyberology) has been observed in 10 honeypot sessions targeting SMB, SSH protocols. This IP is a known Tor exit node. Detected attack patterns include smb authenticated rpc service and account enumeration. First observed on March 31, 2026, most recently active April 2, 2026.
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.