Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
46.105.132.55 has a very high threat confidence level of 100%, originating from France, on the OVH SAS network (16276). It has been observed across 2,250 sessions targeting SMB, with detected attack patterns including smb authenticated rpc service and account enumeration, First observed on January 20, 2026, most recently active March 3, 2026.
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.
Authenticated SMB session using WORKGROUP\GUEST that accesses the DATA share and sequentially opens multiple business-named directories (Financials, HR, IT, Projects, Marketing, Legal, Public, and related subfolders) with repeated root directory queries, consistent with structured directory discovery activity.