Check an IP Address, Domain Name, Subnet, or ASN

204.44.123.229 was found in our database!

$ whois 204.44.123.229

country·🇺🇸 United States

city·Los Angeles

isp·HostPapa

asn·AS36352

network·Standard

$ sikker risk 204.44.123.229scoring →

confidence

73%High

first_seen·Feb 28, 2026

last_seen·1h ago

sessions·20

events·22

$ sikker protocols 204.44.123.229

SMB

20 / 22

$ sikker summary 204.44.123.229

204.44.123.229 has a threat confidence score of 73%. This IP address from United States (AS36352, HostPapa) has been observed in 20 honeypot sessions targeting SMB protocols. Detected attack patterns include smb authenticated rpc service and account enumeration. First observed on February 28, 2026, most recently active May 1, 2026.

$ sikker behaviors 204.44.123.229catalog →

highSmb Authenticated Rpc Service And Account Enumeration4x

Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.

$ sikker primitives 204.44.123.229

smb_srvsvc_rpc_bind10 smb_rpc_srvsvc_interface_access10 smb_samr_rpc_bind5 smb_ipc_share_access5 smb_srvsvc_pipe_open5

$ sikker related 204.44.123.229

🇺🇸·More threats fromUnited States→AS·More threats fromHostPapa→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.245.244.79	68%	5
192.3.3.145	94%	60
198.23.156.119	98%	905
23.94.213.157	96%	35
107.175.59.202	79%	4

IP Address	Confidence	Events
74.208.160.61	99%	51
47.251.66.163	84%	2,930
73.1.253.194	95%	3,003
45.148.9.8	97%	1,986
162.216.149.152	81%	110