Loading threats
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 34.14.103.46 | 100% | 1,352 | 467 | 🇧🇪 BE | AS396982 | 2026-02-27 |
| 45.84.107.128 | 98% | 1,004 | 210 | 🇸🇪 SE | AS214503 | 2026-04-17 |
| 45.84.107.174 | 99% | 998 | 245 | 🇸🇪 SE | AS214503 | 2026-04-17 |
| 118.193.40.131 | 99% | 939 | 736 | 🇭🇰 HK | AS135377 | 2026-04-16 |
| 101.36.109.144 | 99% | 890 | 569 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 152.32.133.191 | 99% | 874 | 639 | 🇭🇰 HK | AS135377 |
| 2026-04-17 |
| 101.36.108.184 | 99% | 867 | 629 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 45.142.154.93 | 99% | 834 | 622 | 🇭🇰 HK | AS9465 | 2026-04-16 |
| 118.193.39.149 | 99% | 829 | 546 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 101.36.108.178 | 99% | 816 | 589 | 🇭🇰 HK | AS135377 | 2026-04-16 |
| 101.36.111.38 | 99% | 770 | 583 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 152.32.135.151 | 98% | 761 | 574 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 45.142.154.92 | 97% | 758 | 461 | 🇭🇰 HK | AS9465 | 2026-04-17 |
| 45.142.154.113 | 98% | 751 | 526 | 🇭🇰 HK | AS9465 | 2026-04-14 |
| 45.142.154.46 | 98% | 750 | 469 | 🇭🇰 HK | AS9465 | 2026-04-17 |
| 45.142.154.39 | 99% | 750 | 544 | 🇭🇰 HK | AS9465 | 2026-04-17 |
| 45.142.154.32 | 98% | 746 | 472 | 🇭🇰 HK | AS9465 | 2026-04-17 |
| 45.142.154.43 | 98% | 741 | 554 | 🇭🇰 HK | AS9465 | 2026-04-17 |
| 118.193.39.146 | 98% | 734 | 520 | 🇭🇰 HK | AS135377 | 2026-04-17 |
| 45.142.154.107 | 99% | 733 | 605 | 🇭🇰 HK | AS9465 | 2026-04-17 |