Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
192.42.116.49 has a threat confidence score of 63%. This IP address from The Netherlands (AS215125, Church of Cyberology) has been observed in 16 honeypot sessions targeting POSTGRES, ELASTICSEARCH, SMB, SSH protocols. This IP is a known Tor exit node. Detected attack patterns include smb authenticated rpc service and account enumeration. First observed on April 1, 2026, most recently active April 13, 2026.
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.