Loading threats
Composite behavior identifying authenticated SMB activity where a client accesses both IPC$ and data shares, performs root directory reads, and binds to SAMR and SRVSVC RPC interfaces. This sequence is consistent with structured remote enumeration of host configuration, shared resources, and account information, often conducted prior to lateral movement or privilege escalation attempts.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 35.216.172.131 | 100% | 2,497 | 566 | 🇨🇭 CH | AS15169 | 2026-02-19 |
| 35.233.5.189 | 100% | 2,342 | 853 | 🇧🇪 BE | AS396982 | 2026-03-05 |
| 34.38.45.85 | 100% | 1,935 | 503 | 🇧🇪 BE | AS396982 | 2026-03-03 |
| 35.195.168.139 | 99% | 1,781 | 510 | 🇧🇪 BE | AS396982 | 2026-02-25 |
| 35.233.96.173 | 98% | 1,745 | 404 | 🇧🇪 BE | AS396982 | 2026-02-25 |
| 34.76.139.101 | 100% | 1,646 | 389 | 🇧🇪 BE | AS396982 | 2026-02-22 |
| 35.216.183.140 | 100% | 1,524 | 250 | 🇨🇭 CH | AS15169 | 2026-02-27 |
| 34.34.132.221 | 99% | 1,474 | 396 | 🇧🇪 BE | AS396982 | 2026-03-02 |
| 34.79.124.224 | 100% | 1,472 | 478 | 🇧🇪 BE | AS396982 | 2026-03-05 |
| 34.140.92.201 | 100% | 1,404 | 544 | 🇧🇪 BE | AS396982 | 2026-03-05 |
| 35.233.94.99 | 100% | 1,347 | 518 | 🇧🇪 BE | AS396982 | 2026-03-05 |
| 34.52.238.9 | 99% | 1,301 | 277 | 🇧🇪 BE | AS396982 | 2026-02-24 |
| 34.78.183.19 | 98% | 1,250 | 251 | 🇧🇪 BE | AS396982 | 2026-02-25 |
| 146.148.12.176 | 98% | 1,156 | 382 | 🇧🇪 BE | AS396982 | 2026-02-24 |
| 34.22.177.31 | 100% | 1,116 | 564 | 🇧🇪 BE | AS396982 | 2026-03-03 |
| 34.78.140.118 | 99% | 1,069 | 485 | 🇧🇪 BE | AS396982 | 2026-03-04 |
| 34.38.38.180 | 100% | 1,067 | 352 | 🇧🇪 BE | AS396982 | 2026-02-24 |
| 35.195.241.97 | 99% | 1,064 | 359 | 🇧🇪 BE | AS396982 | 2026-03-03 |
| 34.76.134.123 | 96% | 988 | 154 | 🇧🇪 BE | AS396982 | 2026-02-06 |
| 130.211.53.197 | 100% | 905 | 369 | 🇧🇪 BE | AS396982 | 2026-03-03 |