Smb Authenticated Host And Share Enumeration

Composite behavior identifying authenticated SMB activity where a client accesses both IPC$ and data shares, performs root directory reads, and binds to SAMR and SRVSVC RPC interfaces. This sequence is consistent with structured remote enumeration of host configuration, shared resources, and account information, often conducted prior to lateral movement or privilege escalation attempts.

Observed IPs

Avg Confidence

97%

Severity

medium

Top IPs by event countSMB

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
35.216.144.195	100%	5,673	2,786	🇨🇭 CH	AS15169	2026-04-28
35.216.195.77	100%	5,283	2,182	🇨🇭 CH	AS15169	2026-04-26
35.216.189.16	100%	4,024	1,754	🇨🇭 CH	AS15169	2026-04-28
35.216.172.131	100%	3,273	1,342	🇨🇭 CH	AS15169	2026-04-27
35.233.5.189	99%	2,361	872	🇧🇪 BE	AS396982	2026-03-06
35.233.95.0	100%	1,821	948	🇧🇪 BE	AS396982	2026-04-12
35.195.168.139	99%	1,781	510	🇧🇪 BE	AS396982	2026-02-25
35.216.183.140	100%	1,746	472	🇨🇭 CH	AS15169	2026-04-13
35.233.96.173	97%	1,745	404	🇧🇪 BE	AS396982	2026-02-25
34.77.191.38	100%	1,650	779	🇧🇪 BE	AS396982	2026-04-28
34.76.139.101	100%	1,646	389	🇧🇪 BE	AS396982	2026-02-22
35.233.94.99	100%	1,347	518	🇧🇪 BE	AS396982	2026-03-05
35.195.241.97	100%	1,318	612	🇧🇪 BE	AS396982	2026-03-21
34.52.238.9	99%	1,301	277	🇧🇪 BE	AS396982	2026-02-24
34.78.183.19	98%	1,250	251	🇧🇪 BE	AS396982	2026-02-25
35.189.199.133	99%	1,205	404	🇧🇪 BE	AS396982	2026-03-04
146.148.12.176	98%	1,156	382	🇧🇪 BE	AS396982	2026-02-24
35.216.156.249	100%	1,132	1,041	🇨🇭 CH	AS15169	2026-04-13
34.22.177.31	100%	1,116	564	🇧🇪 BE	AS396982	2026-03-03
34.38.38.180	100%	1,067	352	🇧🇪 BE	AS396982	2026-02-24