Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
34.22.173.102 has a very high threat confidence level of 95%, originating from Brussels, Belgium, on the Google LLC network (396982). It has been observed across 54 sessions targeting FTP, MONGODB, ELASTICSEARCH, SMB, HTTP and 1 other protocols, with detected attack patterns including smb authenticated rpc service and account enumeration, First observed on February 28, 2026, most recently active March 5, 2026.
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.
Composite behavior identifying authenticated SMB interaction where a client accesses the IPC$ share, performs root directory reads, binds to the SAMR RPC interface, and interacts with the SRVSVC service pipe. This sequence is consistent with remote host and account enumeration activity over SMB, typically used to gather domain, user, and share information prior to lateral movement or privilege escalation attempts.
FTP session where the client enters passive mode (PASV) and issues a LIST command to retrieve a directory listing from the server.
FTP session where the client authenticates, queries the working directory, sets transfer mode, and enters passive mode without performing any file transfer or directory listing.
Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.